Casper RFI crack bot – Part 2

There is more then one file in each rar that appears to be a copy of the bot. The differences are pretty minor.

scan.txt
-my @servers = ("irc.xxxx.org");
+my @servers = ("irc.xxxxxx.org","irc.xxxxxx.org");

@@ -3,7 +3,7 @@
 ################################
 #  CASPER RFI CRACK Bot v1.1   #
 #  By Kiss_Me Alert jan 2010.  #
-#     Casper_kae@yahoo.com     #
+#     carisma2009@gmail.com    #
 ################################

We also have a hand full of IRC servers listed in the files, with connection information.  That could be fun but also a lot of trouble

 var $config = array("server"=>"irc.xxxxxx.org",
                     "port"=>"6667",
                     "pass"=>"xxxx",
                     "prefix"=>"vai",
                     "maxrand"=>"15",
                     "chan"=>"#xxxx",
                     "chan2"=>"",
                     "key"=>"",
                     "modes"=>"+p",
                     "password"=>"xxxxx",
                     "trigger"=>".",
                     "hostauth"=>"*" // * for any hostname (remember: /setvhost pucorp.org)
                     );

That’s worth looking at pucorp.org… Browsing there does not seem to do much but, there is hidden text ! spiffy.

wget --mirror pucorp.org

What is the text?

No idea, it does appear to be from multiple servers but I am not sure at this point why its being dumped into here. We will have to come back to this.

There is yet more scripts included in here, iso.txt is worth a look.