Irregular Expressions

Sep 26 2010   12:50AM GMT

Casper RFI crack bot – Part 15



Posted by: Dan O'Connor
Tags:
casper bot
casper rfi perl bot
perl bot
www perl bot

What this appears to be looking for is more machines to exploit, big surprise!

I followed it back for a bit and this is what I ended up with.

sub se_yahoo {
  my ($chan,$key,$nf) = @_;

sub s_engine {
    my ($f,$se,$type,$chan,$bug,$dork,$ef) = @_;

sub s_cari {
  #Type: 1 = Cari saja, 2 = Cari dan eksploit, 3 = Cari dan eksploit Joomla
  my ($chan,$dork,$nf,$bug,$type) = @_;

sub s_scanz {
  my ($to,$bug,$dork,$sb,$type,$autodom) = @_;

if    (($com =~ /^scan\s+(.+?[=])\s+(.*)/) && (fork() == 0))  { s_scanz($dtarget,$1,$2,$hb,1,1); exit;  }

So it will search for what ever is the second mach group in what is supplied.
There is also some other subs in here that are worth mentioning.

One uses a site http://md5.rednoize.com/ to try and find md5 sums.

Another does a geolocation lookup of the machine compromised from what I could tell.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: