#!/usr/bin/perl -w #whereis perl # jasakomtool version 1.0 by jasakom crew # programmer: mywisdom the coder of solhack 2004 # special thanks to my brotha: all jasakomers(om S'to,pirus,hadoitz,aurel666,dimasdz, abhe, k3nz0, mohammad, kiddies, aurel, p1t4qh, etc..) greetz brotha # and solhack (sons of liberty) crew 2004 (evidence@sdf.lonestar.org from croatia), getch@hol.gr the socket programmer from greece and foxx@feckov.org from holland # and special thank to smj@sdf.lonestar.org (stephen jones), phm@sdf (peter h meadow), blakkat@sdf, paladin@sdf, etc... # and h4cky0u & darkc0de crews # this simple program for web server penetration # available modules: basic server information gathering, port scanning, sql injection (mysql 4&5),web admin login finder,basic Dos testing # send and comments to mr_wisdom@yahoo.com # use this at your own risk, this program is for educational purpose # licensed under gnu general public license # hide this for long time, it's time to launch in January 2009 #begin #tempat data, variabel,array,dan public declare functions use IO::Socket; use Socket; use Net::hostent; use LWP::UserAgent; use HTTP::Response; #eof tempat data dan public declare functions sub halo() { print "* JasakomTool Web Server Penetration Tool version 1.0 by mr_mywisdom[at]yahoo[dot]com\n"; print "* Available modules: server information gathering, port scanning,web admin login finder \n"; print "* For help and list all available modules, you can type: ./jasakomtool.pl -help\n"; print "* For spesific module, usage: ./jasakomtool.pl -help [module_name]\n"; print "* Module lists: portscan, getinfo,admin\n"; print "* Example: ./jasakomtool.pl -help portscan\n"; print "* Example: ./jasakomtool.pl -help getinfo\n"; print "* Example: ./jasakomtool.pl -help admin\n"; } sub help() { print "Help Module\n"; if($ARGV[1]=~"portscan") { print "TCP portscan module (checking for connection oriented port),\n this tool can not check for open udp (connectionless) ports\n"; print "usage: ./jasakomtool.pl -portscan [ip address/hostname] [startport] [endport] \n"; print "example: ./jasakomtool.pl -portscan www.jasakom.com 70 90 \n"; } elsif ($ARGV[1]=~"getinfo") { print "getting daemon information module\n"; print "this will get commonly informations from a linux server (dunno whether this works on blindows or mac or vms box)\n"; print "this tool will getting information from common used ports: port 21,22,23,25,80,110 and port 3306\n"; print "usage: ./jasakomtool.pl -getinfo [ip address/hostname] \n"; print "example: ./jasakomtool.pl -getinfo www.jasakom.com\n"; } elsif ($ARGV[1]=~"admin") { print "admin login finder module\n"; print "this method works based on brute force guessing \n the location of admin login page at your target website\n"; print "usage: ./jasakomtool.pl -admin [url]\n"; print "example:./jasakomtool.pl -admin http://www.jasakom.com\n"; } else { print "Available modules:\n"; print "portscan module\n"; print "usage: ./jasakomtool.pl -portscan [ip address/hostname] [startport] [endport] \n"; print "example: ./jasakomtool.pl -portscan www.jasakom.com 70 90 \n"; print "for specific help, type: ./jasakomtool.pl -help portscan\n"; print "________________________________________________________\n"; print "getting daemon information module\n"; print "usage: ./jasakomtool.pl -getinfo [hostname]\n"; print "example: ./jasakomtool.pl -getinfo www.jasakom.com\n"; print "for specific help, type: ./jasakomtool.pl -help getinfo\n"; print "______________________________________________________\n"; print "admin login finder module\n"; print "this method works based on brute force guessing \n the location of admin login page at your target website"; print "usage: ./jasakomtool.pl -admin [url]\n"; print "example:./jasakomtool.pl -admin http://www.jasakom.com\n"; print "for specific help, type: ./jasakomtool.pl -help admin\n"; } } sub utama() { if($#ARGV<0) { halo(); } else { # di sini letak pemrosesan modul utama if($ARGV[0]=~"-help") { help(); } elsif($ARGV[0]=~"-portscan") { cekport(); } elsif($ARGV[0]=~"-getinfo") { ambilinfo(); } elsif($ARGV[0]=~"-admin") { cariadmin(); } } } sub cekport() { # pemrosesan modul portscan #dengan mencoba melakukan koneksi ke port yang telah ditentukan #do save the var $portawal=$ARGV[2]; $portakhir=$ARGV[3]; $namatarget=$ARGV[1]; $tertutup=0; #eof do save var print "\nScanning open ports on $namatarget from port $portawal s/d $portakhir\n"; print "____________________________________________________________________\n\n"; while($portawal<$portakhir+1) { $socket = IO::Socket::INET->new ( PeerAddr => $namatarget, PeerPort => $portawal, Proto => 'tcp', ); if($socket) { print "Port $portawal on $namatarget is open !!! w00t !\n"; } else { $tertutup++; } $portawal++; } $tertutup=$tertutup-1; print "____________________________________________________________________\n\n"; print "\nNot Shown: $tertutup closed ports on $namatarget from port $ARGV[2] until $portakhir\n"; } sub cariadmin() { #processing modul untuk cari halaman admin $daftarbrutus = "admin.txt"; open("daftarbrutus") or die("Could not open admin.txt!!!"); $alamat=$ARGV[1]; $slas="/"; print "\n Guessing Admin login page of $alamat:\n"; print "-----------------------------------------\n"; foreach $line () { chomp($line); $res=$alamat.$slas.$line.""; $useragen=LWP::UserAgent->new; $useragen->agent("checking"); my $response=$useragen->get($res); $hasil=$response->status_line; print "Testing for url:".$res." Result:".$hasil."\n"; } print "\n-----------Done Admin Location Brutus Testing---------------\n"; } sub ambilinfo() { #pemrosesan modul pengambilan info print "Daemon informations from common ports: 21,22,23,25,80,110 and 3306: \n"; #info dari port 21 $namatarget=$ARGV[1]; $socket = IO::Socket::INET->new ( PeerAddr => $namatarget, PeerPort => '21', Proto => 'tcp', ); if($socket) { $pesan="help"; $socket->send($pesan); $socket->recv($recvpesan,800); print "\n \n Daemon response (info) from port 21 (ftp daemon):\n $recvpesan\n"; print "_______________________________________________\n"; } #info dari port 22 $socket = IO::Socket::INET->new ( PeerAddr => $namatarget, PeerPort => '22', Proto => 'tcp', ); if($socket) { $pesan="help"; $socket->send($pesan); $socket->recv($recvpesan,800); print "Daemon response (info) from port 22 (ssh daemon):\n $recvpesan\n"; print "_______________________________________________\n"; } #info dari port 23 $socket = IO::Socket::INET->new ( PeerAddr => $namatarget, PeerPort => '23', Proto => 'tcp', ); if($socket) { $pesan="help"; $socket->send($pesan); $socket->recv($recvpesan,800); print "Daemon response (info) from port 23 (telnet daemon):\n $recvpesan\n"; print "_______________________________________________\n"; } #info dari port 25 $socket = IO::Socket::INET->new ( PeerAddr => $namatarget, PeerPort => '25', Proto => 'tcp', ); if($socket) { $pesan="help"; $socket->send($pesan); $socket->recv($recvpesan,800); print "Daemon response (info) from port 25 (smtp daemon):\n $recvpesan\n"; print "_______________________________________________\n"; } #info dari port 80 $socket = IO::Socket::INET->new ( PeerAddr => $namatarget, PeerPort => '80', Proto => 'tcp', ); if($socket) { $pesan="put \n"; $socket->send($pesan); $socket->recv($recvpesan,800); print "Daemon response (info) from port 80 (httpd):\n $recvpesan\n"; print "\nImportant! You can see informations such as: web server version,ssl version,php version,perl version \n"; print "_______________________________________________\n"; } #info dari port 110 $socket = IO::Socket::INET->new ( PeerAddr => $namatarget, PeerPort => '110', Proto => 'tcp', ); if($socket) { $pesan="help \n"; $socket->send($pesan); $socket->recv($recvpesan,800); print "Daemon response (info) from port 110 (pop3 server):\n $recvpesan\n"; print "_______________________________________________\n"; } #info dari port 3306 $socket = IO::Socket::INET->new ( PeerAddr => $namatarget, PeerPort => '3306', Proto => 'tcp', ); if($socket) { $pesan="help"; $socket->send($pesan); $socket->recv($recvpesan,800); print "Daemon response (info) from port 3306 (mysql daemon):\n $recvpesan\n"; print "_______________________________________________\n"; } exit; } #jalankan program !!! utama(); # end of jalankan program !!!