Irregular Expressions

Sep 26 2010   12:50AM GMT

Casper RFI crack bot – Part 15

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

What this appears to be looking for is more machines to exploit, big surprise!

I followed it back for a bit and this is what I ended up with.

sub se_yahoo {
  my ($chan,$key,$nf) = @_;

sub s_engine {
    my ($f,$se,$type,$chan,$bug,$dork,$ef) = @_;

sub s_cari {
  #Type: 1 = Cari saja, 2 = Cari dan eksploit, 3 = Cari dan eksploit Joomla
  my ($chan,$dork,$nf,$bug,$type) = @_;

sub s_scanz {
  my ($to,$bug,$dork,$sb,$type,$autodom) = @_;

if    (($com =~ /^scan\s+(.+?[=])\s+(.*)/) && (fork() == 0))  { s_scanz($dtarget,$1,$2,$hb,1,1); exit;  }

So it will search for what ever is the second mach group in what is supplied.
There is also some other subs in here that are worth mentioning.

One uses a site to try and find md5 sums.

Another does a geolocation lookup of the machine compromised from what I could tell.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: