Persiangig File Finder

This script helps you to brute force files and directories on persiangig storage accounts.
if you would like for more performance you can edit or change dictionaries list by yourself.
Note : Read Usage.
Enjoy!

Click Here To Download

Source :

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123

import urllib2 import curses import sys import os def get_param(prompt_string): """Brings up new screen asking user to enter a single parameter. Args: prompt_string: Prompt which asks/tells user what to enter (string). """ screen.clear() screen.border(0) screen.addstr(2, 2, prompt_string) screen.refresh() input = screen.getstr(10, 10, 60) return input def file(types,session,username): print "\n" f=open('list.txt','r') print "Starting...\n" for dic in f: #print dic try: req = urllib2.Request('http://%s.persiangig.com/%s%s/download?%s'%(str(username),(dic).rsplit()[0],str(types),str(session))) response = urllib2.urlopen(req) the_page = response.read() if "pg100.png" not in the_page: if "۰ b" not in the_page: print "File ["+dic.rsplit()[0]+types+"] Found !" ff=open('success.txt','a') ff.write(dic.rsplit()[0]+types+'\n') ff.close() else: print '[',dic.rsplit()[0],'] Session expired' session=raw_input("session: ").rsplit()[0] except: print "err url" def dir(username): print "\n" f=open('list.txt','r') print "Starting...\n" for dic in f: #print dic try: req = urllib2.Request('http://%s.persiangig.com/%s'%(str(username),(dic).rsplit()[0])) response = urllib2.urlopen(req) the_page = response.read() if "pg100.png" not in the_page: print "Directory ["+dic.rsplit()[0]+"] Found !" ff=open('success-dir.txt','a') ff.write(dic.rsplit()[0]+'\n') ff.close() except: print "err url" def info(): os.system('cls') print "Persiangig file and directory finder trough the list!" print "\n\t" print "you have URL like : \nhttp://hacker.persiangig.com/file.rar/download?010d\n\n" print "value will be :\nhttp://[username].persiangig.com/[file type]/download?[session]" print "\n\t\t\t\t\t\n" x = 0 while x != ord('4'): screen = curses.initscr() curses.start_color() # Must call this before creating pairs. # Create hardcoded color pairs (foreground/background) to use: #curses.init_pair(1, curses.COLOR_WHITE, curses.COLOR_BLACK) #curses.init_pair(2, curses.COLOR_BLUE, curses.COLOR_WHITE) #curses.init_pair(3, curses.COLOR_RED, curses.COLOR_BLACK) screen.clear() screen.border(0) screen.addstr(screen.getmaxyx()[0]-1,1,"Copyright ITSecZone co. (http://www.nezami.info)") screen.addstr(2, 2, "Please enter a number...") screen.addstr(4, 4, "1 - Directory Finder") screen.addstr(5, 4, "2 - File Finder") screen.addstr(6, 4, "3 - Usage") screen.addstr(7, 4, "4 - Exit") screen.refresh() x = screen.getch() if x == ord('1'): try: username = get_param('Enter your username of persiangig: ').rsplit()[0] except: sys.exit("err user input!") curses.endwin() dir(username) raw_input('Press enter (to return to main)') if x == ord('2'): try: types = get_param('Enter your types of file name:\n Example : .rar or .zip ... ').rsplit()[0] session = get_param('Enter your session name:\n Session must be in 4 digit end of url ').rsplit()[0] username = get_param('Enter your username:\nUsername of persiangig. ').rsplit()[0] except: sys.exit("err user input!") curses.endwin() file(types,session,username) raw_input('Press enter (to return to main)') if x == ord('3'): curses.endwin() info() raw_input('Press enter (to return to main)') curses.endwin()

International CTF We ranked 11

Hack Dat Kiwi (Kiwi CTF)

Hack Dat Kiwi is a new CTF franchise designed by security researchers and hackers with the aim of creating quality challenges that the participants enjoy solving. We do not put puzzles in our CTFs, and the challenges are designed for those who really know what they are doing, and not tool junkies.

Cash prize for overall winners and category winners.

Crypto/Forensics, RE/Exploit, Web, Forensics, Experimental.

Country-based hacker rankings will be available after the CTF on brag.dat.kiwi! It will stay online and preserve your right to brag.

our team ranked 11

PHP Law Decoding!

Decode PHP code with signature : [protected by law]
I wrote an script for reverse it.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136

<style type="text/css"> *{ background-color: #F7F3E8; border: 2px solid #e3e3e3; border-radius: 8px 8px 8px 8px; margin-bottom: 5px; padding: 5px; } TD{font-family: Tahoma; font-size: 10pt;} input,select,textarea{ border:0; border:1px solid #900; color:#fff; background:#000; margin:0; padding:2px 4px; } input:hover,textarea:hover,select:hover{ background:#200; border:1px solid #f00; } .red{ color:#f00; } .white{ color:#fff; } a{ text-decoration:none; } a:hover{ border-bottom:1px solid #900; border-top:1px solid #900; } #result a{ color:#777; } .sign{ color:#222; } #box{ margin:10px 0 0 0; } </style> <html> <body> <center><br> <title>PHP Law DECODER BY #BHG[3H34N]</title> <font size='3' color='#bbbbbb'>PHP Law DECODER BY #BHG[3H34N]</font><br><br> <font size='3' color='#bbbbbb'>WebSite:<b><a href="http://nezami.info">nezami.info</a></b><br/></font><br/> <font size='2' color='#bbbbbb'>Email:<font size='2' color='red'>me@nezami.info</font></font></br><br/> <font size='3' color='#bbbbbb'> Example:<font size='2' color='green'>/* WARNING: This file is protected by copyright law. To reverse engineer or decode this file is strictly prohibited. */ </font></font><br><br> <font size='3' color='#bbbbbb'>$o=<font size='2' color='green'><U>Copy This Part Of Your Code To Text Box & Press DeCode</U>;eval(base64_decode("Li4ud3d3LmJsYWNrLWhnLm9yZyBDb3B5IFJpZ2h0IEZvcjNIMz ROIC4uLi=="));return;?></font></font><br><br> <form name="form" method="post"> <textarea name="text" cols=100 rows=20></textarea> <input type="hidden" name="status" id="status" value="1"> <br/> <div class="submit"><br> <input alt="DeCode" title="Send" alt="Decode" type="image"><br> </div> </form> <?php header('Content-Type: text/html; charset=utf-8'); if (isset($_POST['text']) && isset($_POST['status'])) { $text = get_magic_quotes_gpc() ? stripslashes($_POST['text']) : $_POST['text']; $o="$text"; $lll=0; $lllllllllll='base64_decode'; $ll=0; $llllllllll='ord'; $llll=0; $lllll=3; $l=$lllllllllll($o); $lllllll=0; $llllll=($llllllllll($l[1])<<8)+$llllllllll($l[2]); $lllllllllllll='strlen'; $lllllllll=16; $llllllll=""; for(;$lllll<$lllllllllllll($l);){ if($lllllllll==0){ $llllll=($llllllllll($l[$lllll++])<<8); $llllll+=$llllllllll($l[$lllll++]); $lllllllll=16; } if($llllll&0x8000){ $lll=($llllllllll($l[$lllll++])<<4); $lll+=($llllllllll($l[$lllll])>>4); if($lll){ $ll=($llllllllll($l[$lllll++])&0x0f)+3; for($llll=0;$llll<$ll;$llll++) $llllllll[$lllllll+$llll]=$llllllll[$lllllll-$lll+$llll]; $lllllll+=$ll; } else{ $ll=($llllllllll($l[$lllll++])<<8); $ll+=$llllllllll($l[$lllll++])+16; for($llll=0;$llll<$ll;$llllllll[$lllllll+$llll++]=$llllllllll($l[$lllll])) ; $lllll++; $lllllll+=$ll; } } else $llllllll[$lllllll++]=$llllllllll($l[$lllll++]); $llllll<<=1; $lllllllll--; } $llllllllllll='chr'; $lllll=0; $lllllllll="?".$llllllllllll(62); $llllllllll=""; for(;$lllll<$lllllll;){$llllllllll.=$llllllllllll($llllllll[$lllll++]^0x07);} $lllllllll.=$llllllllll.$llllllllllll(60)."?"; echo 'DECODED: <br/><textarea cols=100 rows=20>'."'$lllllllll';".PHP_EOL.'</textarea><br/>'; } ?> <center> </body> <font size='3' color='#bbbbbb'><b><a href="http://nezami.info">#3H34N</a></b></font> </html>

FCKeditor finder for upload shell

Most of FCKeditor vulnerable to shell upload from example path in the blow:

1 2	http://target.com/FCKeditor/editor/filemanager/upload/test.html http://target.com/FCKeditor/editor/filemanager/browser/default/connectors/test.html

via this script, you can find common uploader that is using in [FCKeditors]
I tried to collect all of the paths that are important and most use! and I write this script to find them, even restricted access to them.

Download script

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66

import urllib2 import socket import cookielib import sys import re import os socket.setdefaulttimeout(10) if sys.platform == 'linux' or sys.platform == 'linux2': clearing = 'clear' else: clearing = 'cls' os.system(clearing) if len(sys.argv) <= 1: print "\n|----------------------------------------------|" print "| - FCKeditor Finder - |" print "| Usage: FCKditorFinder.py sites_list.txt |" print "| https://nezami.me |" print "|----------------------------------------------|\n" sys.exit(1) dirs=['fckeditor','FCKeditor','include/fckeditor','includes/fckeditor','admin/fckeditor','fck/fckeditor','fck3ditor/fckeditor','editor/fckeditor','filemanager/fckeditor','plugins/fckeditor','FCKeditor/fckeditor''TVS/FCKeditor','forum/fckeditor','forums/fckeditor','home/fckeditor','shcsAdmin/fckeditor','wspro/html/js/editor/fckeditor/','html/js/editor/fckeditor/','scripts/ajax/FCKeditor/','CFIDE/scripts/ajax/FCKeditor/','CMSAdminControls/FCKeditor/','mambots/editors/fckeditor/','webspace/html/js/editor/fckeditor/','resources/fckeditor/','jphoto/fckeditor/','sysadmin/utils/FCKeditor/','templates/fckeditor/','fcnews/fckeditor/','js/fckeditor/','/sites/all/modules/fckeditor/','admin/classes/components/formattedTextArea/fckeditor/','admin/panel/fckeditor/','cfscripts/ajax/FCKeditor/','ECP/fsboard/fckeditor/','sadmin/FCKeditor/','index/class/xoopseditor/fckeditor/','arti/outils/fckeditor/','Common/Scripts/fckeditor','jmcmurra/generators/inc/fckeditor','admin/view/javascript/fckeditor','editors/FCKeditor/','ModernDeckDepot/fckeditor','otkup_test/fckeditor/','shop/assets/js/fckeditor/','webshop//portal/templates/fckeditor/','new/aset/js/fckeditor/','siebenkorn/script/FCKeditor','assetmanager/HTMLEditor/''portal/handlers/tiny_mce/','fa/handlers/tiny_mce/','handlers/tiny_mce/','plugins/tiny_mce/','zp-core/plugins/tiny_mce/','wp-content/plugins/asset-manager/','plugins/asset-manager/'] try: f=open(sys.argv[1],'r') for line in f.readlines(): line = line.rstrip() for subdir in dirs: site="%s/%s" %(line,subdir) print site hdr = {'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; rv:18.0) Gecko/20100101 Firefox/18.0','Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8','Accept-Language': 'en-US,en;q=0.5','Accept-Encoding': 'gzip, deflate','Connection': 'keep-alive'} req = urllib2.Request(site, headers=hdr) guery=['403 - Forbidden: Access is denied.','Directory Listing Denied', 'Parent Directory','Forbidden','Index of /','Directory Listing For'] try: page=urllib2.urlopen(req) content= page.fp.read() for eMSG in guery: if re.search(eMSG,content): print "OK >>>"+site f=open("fckeditor.txt","a") f.write(site+"\n") except urllib2.HTTPError, e: page=e.fp.read() for eMSG in guery: if re.search(eMSG, page): print "OK >>>"+site f=open("fckeditor.txt","a") f.write(site+"\n") except urllib2.URLError: print "Time Out\nTry To Another..." except ValueError: print "Please Input valid URL" except socket.timeout: print "Time Out" except IOError: print "Please Input Correct File Name" sys.exit(1) except KeyboardInterrupt: print "You pressed Ctrl+C" pass

PHP function_exists("T7FC56270E7A70FA81A5935B72EACBE29")) decoding!

Via this script you can decode PHP file that begin with this signature:

PHP function_exists("T7FC56270E7A70FA81A5935B72EACBE29") ...
Enjoy!

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123

<style type="text/css"> *{ background-color: lightblue; border-radius: 8px 8px 8px 8px; margin-bottom: 5px; padding: 5px; } TD{font-family: Tahoma; font-size: 10pt;} input,select,textarea{ border:0; border:1px solid #900; color:#fff; background:#000; margin:0; padding:2px 4px; } input:hover,textarea:hover,select:hover{ background:#200; border:1px solid #f00; } .red{ color:#f00; } .white{ color:#fff; } a{ text-decoration:none; } a:hover{ border-bottom:1px solid #900; border-top:1px solid #900; } #result a{ color:#777; } .sign{ color:#222; } #box{ margin:10px 0 0 0; } </style> <html> <body> <center><br> <title>PHP function_exists("T7FC56270E7A70FA81A5935B72EACBE29")) decoder by 3H34N</title> <font size='3'>PHP function_exists("T7FC56270E7A70FA81A5935B72EACBE29")) decoder by 3H34N</font><br><br> <font size='3'>WebSite:<b><a href="http://nezami.info">nezami.info</a></b><br/></font><br/> <form name="form" method="post"> <textarea name="code" cols=100 rows=20></textarea> <br/> <div class="submit"><br> <input alt="Submit" title="Send" type="image"><br> </div> </form> <center> </body> </html> <?php if( isset($_POST['code']) ) { $subject = $_POST['code']; $subject=stripslashes($subject); $pattern = '/eval\\(T7FC56270E7A70FA81A5935B72EACBE29\\("/'; $limit = -1; $flags = PREG_SPLIT_NO_EMPTY; $result = preg_split ($pattern, $subject, $limit, $flags); $resultall= substr($result[1], 0, -8); if (!function_exists("fn")) { function fn($arg) { $arg = base64_decode($arg); $fn = 0; $i = 0; $j = 0; $k = (ord($arg[1]) << 8) + ord($arg[2]); $l = 3; $m = 0; $n = 16; $o = ""; $p = strlen($arg); $file = __FILE__; $file = file_get_contents($file); for (;$l<$p;){ if ($n == 0){ $k = (ord($arg[$l++]) << 8); $k += ord($arg[$l++]); $n = 16; } if ($k & 0x8000){ $fn = (ord($arg[$l++]) << 4); $fn += (ord($arg[$l]) >> 4); if ($fn){ $i = (ord($arg[$l++]) & 0x0F) + 3; for ($j = 0; $j < $i; $j++) $o[$m+$j] = $o[$m-$fn+$j]; $m += $i; }else{ $i = (ord($arg[$l++]) << 8); $i += ord($arg[$l++]) + 16; for ($j = 0; $j < $i; $o[$m+$j++] = $arg[$l]); $l++; $m += $i; } } else $o[$m++] = $arg[$l++]; $k <<= 1; $n--; if ($l == $p){ $file = implode("", $o); $file = "?".">".$file."<"."?"; return $file; } } } } print 'clear text code: <br/><textarea cols=100 rows=20>'.substr(fn($resultall),2,-2);'</textarea><br/>'; } ?>