Код:
#Author : Nihal Mistry #Email : nihalmistry@gmail.com #Blog : nihalmistry.blogspot.in #.:Indian Cyber Hunters:. #Tested on Windows_Xp use HTTP::Request; use LWP::UserAgent; START: system('cls'); system('color a'); system('title WP/Joomla Sh3ll Finder V2.0 (By X-c0d3r)'); print "\n"; print "\t++++++++++++++++++++Private++++++++++++++++++++\n"; print "\t+ WP/Joomla Shell Finder v2.0 (X-c0d3r) +\n"; print "\t+ Greetz: Indian Cyber Space +\n"; print "\t+ P1v0t_4ntr4xt | P4r1nd4 +\n"; print "\t+ S3n_H4x0r | N3t_m0nst3r +\n"; print "\t+ C0D3D32 | C0d3_Sm4sh3r +\n"; print "\t+ All Ind14n H4ck3rs +\n"; print "\t+++++++++++++++++++++++++++++++++++++++++++++++\n"; print "\n"; print "\tSelect the type of cms the site uses:\n"; print "\t ___________________________________________\n"; print "\t|| 1 = Wordpress ||\n"; print "\t|| 2 = Joomla! ||\n"; print "\t|| 3 = View Usage (Must Read) ||\n"; print "\t||__________________________________________||\n"; print "\tEnter your choice 1/2 -> "; $cms=<STDIN>; chomp $cms; if ($cms eq '1') { ret1: print "\n\tPlease Enter Site\n \tExample: www.defaced-wp-site.com\n\t-> "; $site=<STDIN>; chomp $site; if ( $site !~ /^http:/ ) { $site = 'http://'. $site; } if ( $site !~ //$/ ) { $site = $site . '/'; } if ($site =~ m/([a-z0-9-].*)[.{2}](([a-z]{4}|[a-z]{3}|[a-z]{2}))/) { goto temp1; } else { print "\n\tPlease cooperate & use this script by entering a proper site! -_-"; goto ret1; } temp1: print "\n"; print "\n\tPlease Enter the Theme dir used by site: example: twentyeleven,twentyten....\n\t->"; $theme=<STDIN>; $dir="wp-content/themes/"; chomp $theme; $name="$site$dir$theme/$dirs";print "\t-> Defaced Site: $site\n";print "\t-> Starting Bruteforcing process....\n"; open IN, "< wpfinal.txt" or die "\tFile wpfinal.txt not found please create and put ur brute forcing list!"; push(@brute_terms,<IN>); my $num = @brute_terms;print ("\t-> Having $num paths for guessing.\n"); foreach $dirs(@brute_terms) { $name="$site$dir$theme/$dirs"; my $req=HTTP::Request->new(GET=>$name); my $ua=LWP::UserAgent->new(); $ua->timeout(60); my $response=$ua->request($req); if($response->content =~ /Uname:/ || $response->content =~ /Symlink/ || $response->content =~/server ip :/ || $response->content =~ /<form method=post>/ || /<input type=password/) { print " \n\t >.Found Sh3ll -> $name\n"; system('pause'); } else { print "\n\tNot found -> ".$name; } } } if ($cms eq '2') { ret:print "\n\tPlease Enter Site\n\t Example: www.defaced-joomla-site.com\n\t-> "; $site=<STDIN>; chomp $site; if ( $site !~ /^http:/ ) { $site = 'http://'.$site; } if ( $site !~ //$/ ) { $site = $site.'/'; } if ($site =~ m/([a-z0-9-].*)[.{2}](([a-z]{4}|[a-z]{3}|[a-z]{2}))/) { goto temp; } else { print "\n\tPlease cooperate & use this script by entering a proper site! -_-"; goto ret; } temp:print "\n";print "\tPlease Enter the Template dir used by site: example: beez,system...\n\t->"; $theme=<STDIN>; $dir="templates/"; chomp $theme; $name="$site$dir$theme/$dirs";print "\t-> Defaced Site: $site\n";print "\t-> Starting Bruteforcing process...."; open IN, "< jofinal.txt" or die "\tFile jofinal.txt not found please create and put ur brute forcing list!"; push(@brute_terms,<IN>); my $num = @brute_terms;print ("\t-> Having $num paths for guessing .\n"); foreach $dirs(@brute_terms) { $name="$site$dir$theme/$dirs"; my $req=HTTP::Request->new(GET=>$name); my $ua=LWP::UserAgent->new(); $ua->timeout(60); my $response=$ua->request($req); if($response->content =~ /Uname:/ || $response->content =~ /Symlink/ || $response->content =~/server ip :/ || $response->content =~ /<form method=post>/ || /<input type=password/) { print "\n\t >.Found Sh3ll -> $name\n"; system ('pause'); } else { print "\n\tNot found -> $name "; } } } if ($cms eq 3){ &usage } sub usage() {print ("\n\t-->To find theme/template dir used by the site use google dork cache:site.com then -> view source\n\n"); system("pause"); system("cls");print ("\n"); goto START; } if ($cms != 1 && 2 && 3){ goto START; } #EOF