Home > IT Blogs > Irregular Expressions > Casper RFI crack bot – Part 14
>>VIEW ALL POSTS  

Irregular Expressions

«
»
Sep 26 2010   12:23AM GMT

Casper RFI crack bot – Part 14



Posted by: Dan O'Connor
casper bot, casper rfi perl bot, perl bot, www perl bot

One more script listed at the top of the main one.

$filebotscan = "scan.txt";

It’s full of all sorts of stuff nothing really caught my attention until I reached this.

##[ GOOGLE ]##
sub se_google {
  my ($chan,$key,$nf) = @_;
  my @daftar;
  my $num = 50; my $max = 5000; my $p = 0;
  #my $url = "http://localhost/search/google.co.id.htm";
  my $url = "http://www.google.com/search?num=".$num."&q=".$key."&start=".$p."&sa=N";
  my $murl = "http://www.google.com";
  my $nxurl;
  my $q = bukasitus($url);
  if ( $q !~ /2010 Google/ ) { msge($chan,"Google","Baned!!"); msge($chan,"Google bypas:",$bypass."key=".$key); @daftar = se_gbypass($chan,$key,$nf); }
  if ( $q =~ /dari sekitar <b>(.+?)<\/b>/ ) {
    my $h = $1; $h =~ s/,//g; msgt($chan,"Google","$h");
  }
  if ( $q =~ /class=b><a href=\"(.*?)\">/ ) {
      my $nxurl = $1; if ($conf{showdbse} == 1){msgn($dbgchan,"Google","$nxurl");}
  }
  while ( $q =~ m/<h3 class=r><a href=\"http:\/\/(.*?)\"/g ) { push (@daftar, $1); }
  for ($p=50;$p<=$max;$p+=$num) {
    $nxurl = "http://www.google.co.id/search?num=".$num."&hl=id&q=".$key."&start=".$p."&sa=N";
    $q = bukasitus($nxurl);
    while ( $q =~ m/<h3 class=r><a href=\"http:\/\/(.*?)\"/g ) {  push (@daftar, $1);  }
    if ( $q !~ /<h3 class=r><a href=\"http:\/\/(.*?)\"/ ) { return @daftar;  }
  }
  return @daftar;
}

I wonder what this is doing? A little further down it has a section to get around getting banned from google for launching too many searches.

There is also many other search engines being used, but why?

What ever is being returned to @daftar is going into this guy.

sub lnk_sortir {
  my @unik = ();
  my %ada  = ();
  foreach my $e ( @_ ) {
    next if $ada{ $e }++;
    push (@unik, $e);
  }
  return @unik;
}

So this is returning the unique results of what ever is being given to it.

Time to take a closer look at that first sub, and what it’s putting into @daftar.

while ( $q =~ m/<h3 class=r><a href=\"http:\/\/(.*?)\"/g ) {  push (@daftar, $1);  }

That makes it easy, its pulling out URL’s of sites. But what are we looking for to get that list?

  Bookmark and Share     Comment     RSS Feed     Email a friend

Comment on this Post

Leave a comment: