****
*****
*****
****
*****
****
Код:
#Author : Nihal Mistry
#Email : nihalmistry@gmail.com
#Blog : nihalmistry.blogspot.in
#.:Indian Cyber Hunters:.
#Tested on Windows_Xp
use HTTP::Request;
use LWP::UserAgent;
START:
system('cls');
system('color a');
system('title WP/Joomla Sh3ll Finder V2.0 (By X-c0d3r)');
print "\n";
print "\t++++++++++++++++++++Private++++++++++++++++++++\n";
print "\t+ WP/Joomla Shell Finder v2.0 (X-c0d3r) +\n";
print "\t+ Greetz: Indian Cyber Space +\n";
print "\t+ P1v0t_4ntr4xt | P4r1nd4 +\n";
print "\t+ S3n_H4x0r | N3t_m0nst3r +\n";
print "\t+ C0D3D32 | C0d3_Sm4sh3r +\n";
print "\t+ All Ind14n H4ck3rs +\n";
print "\t+++++++++++++++++++++++++++++++++++++++++++++++\n";
print "\n";
print "\tSelect the type of cms the site uses:\n";
print "\t ___________________________________________\n";
print "\t|| 1 = Wordpress ||\n";
print "\t|| 2 = Joomla! ||\n";
print "\t|| 3 = View Usage (Must Read) ||\n";
print "\t||__________________________________________||\n";
print "\tEnter your choice 1/2 -> ";
$cms=<STDIN>;
chomp $cms;
if ($cms eq '1')
{
ret1:
print "\n\tPlease Enter Site\n \tExample: www.defaced-wp-site.com\n\t-> ";
$site=<STDIN>;
chomp $site;
if ( $site !~ /^http:/ )
{
$site = 'http://'. $site;
}
if ( $site !~ //$/ ) {
$site = $site . '/';
}
if ($site =~ m/([a-z0-9-].*)[.{2}](([a-z]{4}|[a-z]{3}|[a-z]{2}))/) {
goto temp1;
} else
{
print "\n\tPlease cooperate & use this script by entering a proper site! -_-";
goto ret1;
}
temp1:
print "\n";
print "\n\tPlease Enter the Theme dir used by site: example: twentyeleven,twentyten....\n\t->";
$theme=<STDIN>;
$dir="wp-content/themes/";
chomp $theme;
$name="$site$dir$theme/$dirs";print "\t-> Defaced Site: $site\n";print "\t-> Starting Bruteforcing process....\n";
open IN, "< wpfinal.txt" or die "\tFile wpfinal.txt not found please create and put ur brute forcing list!";
push(@brute_terms,<IN>);
my $num = @brute_terms;print ("\t-> Having $num paths for guessing.\n");
foreach $dirs(@brute_terms)
{
$name="$site$dir$theme/$dirs";
my $req=HTTP::Request->new(GET=>$name);
my $ua=LWP::UserAgent->new();
$ua->timeout(60);
my $response=$ua->request($req);
if($response->content =~ /Uname:/ || $response->content =~ /Symlink/ || $response->content =~/server ip :/ || $response->content =~ /<form method=post>/ || /<input type=password/)
{
print " \n\t >.Found Sh3ll -> $name\n";
system('pause');
}
else {
print "\n\tNot found -> ".$name;
}
}
}
if ($cms eq '2')
{
ret:print "\n\tPlease Enter Site\n\t Example: www.defaced-joomla-site.com\n\t-> ";
$site=<STDIN>;
chomp $site;
if ( $site !~ /^http:/ )
{
$site = 'http://'.$site;
}
if ( $site !~ //$/ )
{
$site = $site.'/';
}
if ($site =~ m/([a-z0-9-].*)[.{2}](([a-z]{4}|[a-z]{3}|[a-z]{2}))/)
{
goto temp;
}
else {
print "\n\tPlease cooperate & use this script by entering a proper site! -_-";
goto ret;
}
temp:print "\n";print "\tPlease Enter the Template dir used by site: example: beez,system...\n\t->";
$theme=<STDIN>;
$dir="templates/";
chomp $theme;
$name="$site$dir$theme/$dirs";print "\t-> Defaced Site: $site\n";print "\t-> Starting Bruteforcing process....";
open IN, "< jofinal.txt" or die "\tFile jofinal.txt not found please create and put ur brute forcing list!";
push(@brute_terms,<IN>);
my $num = @brute_terms;print ("\t-> Having $num paths for guessing .\n");
foreach $dirs(@brute_terms)
{
$name="$site$dir$theme/$dirs";
my $req=HTTP::Request->new(GET=>$name);
my $ua=LWP::UserAgent->new();
$ua->timeout(60);
my $response=$ua->request($req);
if($response->content =~ /Uname:/ || $response->content =~ /Symlink/ || $response->content =~/server ip :/ || $response->content =~ /<form method=post>/ || /<input type=password/)
{
print "\n\t >.Found Sh3ll -> $name\n";
system ('pause');
}
else { print "\n\tNot found -> $name ";
}
}
}
if ($cms eq 3){ &usage }
sub usage()
{print ("\n\t-->To find theme/template dir used by the site use google dork cache:site.com then -> view source\n\n");
system("pause");
system("cls");print ("\n");
goto START;
}
if ($cms != 1 && 2 && 3){ goto START; }
#EOF
