Irregular Expressions

Sep 26 2010   12:23AM GMT

Casper RFI crack bot – Part 14

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

One more script listed at the top of the main one.

$filebotscan = "scan.txt";

It’s full of all sorts of stuff nothing really caught my attention until I reached this.

##[ GOOGLE ]##
sub se_google {
  my ($chan,$key,$nf) = @_;
  my @daftar;
  my $num = 50; my $max = 5000; my $p = 0;
  #my $url = "http://localhost/search/google.co.id.htm";
  my $url = "http://www.google.com/search?num=".$num."&q=".$key."&start=".$p."&sa=N";
  my $murl = "http://www.google.com";
  my $nxurl;
  my $q = bukasitus($url);
  if ( $q !~ /2010 Google/ ) { msge($chan,"Google","Baned!!"); msge($chan,"Google bypas:",$bypass."key=".$key); @daftar = se_gbypass($chan,$key,$nf); }
  if ( $q =~ /dari sekitar <b>(.+?)<\/b>/ ) {
    my $h = $1; $h =~ s/,//g; msgt($chan,"Google","$h");
  }
  if ( $q =~ /class=b><a href=\"(.*?)\">/ ) {
      my $nxurl = $1; if ($conf{showdbse} == 1){msgn($dbgchan,"Google","$nxurl");}
  }
  while ( $q =~ m/<h3 class=r><a href=\"http:\/\/(.*?)\"/g ) { push (@daftar, $1); }
  for ($p=50;$p<=$max;$p+=$num) {
    $nxurl = "http://www.google.co.id/search?num=".$num."&hl=id&q=".$key."&start=".$p."&sa=N";
    $q = bukasitus($nxurl);
    while ( $q =~ m/<h3 class=r><a href=\"http:\/\/(.*?)\"/g ) {  push (@daftar, $1);  }
    if ( $q !~ /<h3 class=r><a href=\"http:\/\/(.*?)\"/ ) { return @daftar;  }
  }
  return @daftar;
}

I wonder what this is doing? A little further down it has a section to get around getting banned from google for launching too many searches.

There is also many other search engines being used, but why?

What ever is being returned to @daftar is going into this guy.

sub lnk_sortir {
  my @unik = ();
  my %ada  = ();
  foreach my $e ( @_ ) {
    next if $ada{ $e }++;
    push (@unik, $e);
  }
  return @unik;
}

So this is returning the unique results of what ever is being given to it.

Time to take a closer look at that first sub, and what it’s putting into @daftar.

while ( $q =~ m/<h3 class=r><a href=\"http:\/\/(.*?)\"/g ) {  push (@daftar, $1);  }

That makes it easy, its pulling out URL’s of sites. But what are we looking for to get that list?

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: