Quantcast
Channel: Irregular Expressions » perl bot
Browsing latest articles
Browse All 10 View Live

Casper RFI crack bot – Part 7

At first I was thinking that these might be encrypted, but that did not turn out to be the case. The first one we found was back_connect_pl....

View Article


Casper RFI crack bot – Part 8

We have one more to decode, $shell_data $shell_data = "$visitcount = $HTTP_COOKIE_VARS["visits"]; if( $visitcount == "") { $visitcount = 0; $visitor = $_SERVER["REMOTE_ADDR"]; $web =...

View Article


Casper RFI crack bot – Part 9

So it looks like sh.txt is all about shell access, wow what a surprise! The next item is def.txt, there is not a whole lot in there beside the defacement message, so we are going to move on. The next...

View Article

Casper RFI crack bot – Part 10

The next on the list is $filebotphp = "bot.txt"; This looks pretty specific to the irc bot, but there is something encoded again just like in the other scripts. $dc_source =...

View Article

Image may be NSFW.
Clik here to view.

Casper RFI crack bot – Part 11

Ok we have a couple more to go through. Next is; $filebotperl = "iso.txt"; I love comments, at least we don’t have to guess what this is for. #!/usr/bin/perl # # ShellBOT by: devil__ # Greetz: Puna,...

View Article


Casper RFI crack bot – Part 12

So what is going on next, my $line_temp; while( 1 ) { while (!(keys(%irc_servers))) { conectar("$nick", "$servidor", "$porta"); } delete($irc_servers{''}) if (defined($irc_servers{''}));...

View Article

Image may be NSFW.
Clik here to view.

Casper RFI crack bot – Part 13

There is a few more things that are worth looking at. if ($funcarg =~ /^portscan (.*)/) { my $hostip="$1"; my...

View Article

Casper RFI crack bot – Part 14

One more script listed at the top of the main one. $filebotscan = "scan.txt"; It’s full of all sorts of stuff nothing really caught my attention until I reached this. ##[ GOOGLE ]## sub se_google { my...

View Article


Casper RFI crack bot – Part 15

What this appears to be looking for is more machines to exploit, big surprise! I followed it back for a bit and this is what I ended up with. sub se_yahoo { my ($chan,$key,$nf) = @_; sub s_engine { my...

View Article


Casper RFI crack bot – Part 16 – Last Part

So looking over all of the scripts what do we have? What is in use here is a collection of scripts by varying authors from multiple nationalities in different languages.  This in a best case scenario...

View Article
Browsing latest articles
Browse All 10 View Live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>