Bash Website Backup Script

d
Nombre: backup-sitename.sh
Descripción: Script que permite realizar un backup de un sitio web
Más información del Script en loneshooter
#!/bin/sh
 
# Cron job runs with:
# bash /home/account/backup/backup-sitename.sh
 
SITEDIRNAME="sitename"
DBNAME="account_dbname"
DBUSER="account_name"
DBPASS="password"
BASEBCKPPATH="/home/account/backup"
DATE=$(date -I)
DESTINATIONDIR="$BASEBCKPPATH/$DATE/$SITEDIRNAME" #e.g. /home/account/backup/2012-07-29/sitename
ERRORLOG=$DESTINATIONDIR/error.log
 
# Delete all previous backups
if [ -d "$DESTINATIONDIR" ]; then
  rm -rf $DESTINATIONDIR
fi
 
# Create backup directory if it doesn't exist, e.g. /home/account/backup/2012-07-29/sitename
if [ ! -d "$DESTINATIONDIR" ]; then
  mkdir -p $DESTINATIONDIR
fi
 
# Backup site folder
tar -czf $DESTINATIONDIR/${SITEDIRNAME}_${DATE}.tgz -C /home/account/addon ./$SITEDIRNAME 2> $ERRORLOG
 
# Backup site database
mysqldump -u $DBUSER -p$DBPASS -h localhost $DBNAME| gzip -9 > $DESTINATIONDIR/${DBNAME}_${DATE}.sql.gz 2> $ERRORLOG
Leer más...

Webinstall.sh

d
Descripción: Shell Script to install dependencies for running PHP applications with mod_fcgi
Autor: Finn Hensner
Nombre: webinstall.sh




#!/bin/bash
# Shell script to install LAMP with dependencies for running PHP applications
# with mod_fcgi
# -------------------------------------------------------------------------
# Version 1.1 (August 18 2011)
# -------------------------------------------------------------------------
# Copyright (c) 2011 Finn Hensner 
# This script is licensed under GNU GPL version 2.0 or above
# -------------------------------------------------------------------------
apt-get update
aptitude install apache2 apache2-suexec libapache2-mod-fcgid php5-cgi
a2dismod php5
a2enmod rewrite
a2enmod suexec
a2enmod include
a2enmod fcgid

apt-get install mysql-server
apt-get install php5-gd
apt-get install php5-common php5-mysql

sleep 1
echo "Adding extensions and fixes to custom ini"
cat > /etc/php5/conf.d/custom.ini << EOF
cgi.fix_pathinfo = 1
extension=gd2.so
extension=pdo.so
extension=pdo_mysql.so 
extension=php_pgsql.so
extension=php_pdo_pgsql.so
EOF

sleep 1
echo "Add server name to Apache config"
echo "ServerName 127.0.0.1" >> /etc/apache2/apache2.conf

sleep 1
echo "Installing ProFTPd server"
apt-get purge proftpd
apt-get install proftpd
#jail users in their home directory
echo -e "\nDefaultRoot ~\n" >> /etc/proftpd/proftpd.conf

sleep 1
echo "Removing default virtual host."
rm /etc/apache2/sites-available/default
rm /etc/apache2/sites-enabled/default-000

sleep 1
echo "Restarting apache2 and proftpd"
service apache2 restart
service proftpd restart
Leer más...

WhoPingMe.py

d
Script: WhoPingMe.py
Description: Detect if you receive a Ping and make a list with Date.
Autor: @LordRNA


#! /usr/bin/env python
########################################################################
#Script     : WhoPingMe.py                                             #
#Description: Detect if you receive a Ping and make a list with Date.  #
#By         : LordRNA                                                  #
#Comments   : Tested on Python 2.6.5                                   #
########################################################################
import socket, datetime
def whopingme(date):

    source = '' #To put the IP Source.
    header = ["%i"%ord(x) for x in data]
#I made a list of int values for each byte in data variable. 
    if int(header[20])==8:#If Type(ICMP) is 8, i received a Echo Request.
        for x in range(4):#To make a string with the IP Source.
            source += str(header[12+x])
            if x<3:source data-blogger-escaped----="---" data-blogger-escaped-date="date" data-blogger-escaped-len="len" data-blogger-escaped-print="print"> "+ str(source)
#I deleted the Miliseconds with [:len(date)-7]

sock = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_ICMP)

#ICMP Protocol on RAW Socket

while 1:

    data = sock.recv(21)#I Just want these bytes, IPHeader Lenght + Type(ICMPHeader)
    whopingme(data)#Sending data to whopingme() function.
Leer más...

Convertstr.pl -Reverses and converts a string

d
Autor: Dual
Descripción: Reverses and converts a string to base64, binary, hex, and rot13 and provides  the md5, sha1 and sha256 hashes 
Nombre: convertstr.pl


#!/usr/bin/env perl -w

# convertstr.pl - Reverses and converts a string
# to base64, binary, hex, and rot13 and provides
# the md5, sha1 and sha256 hashes 
#
# by dual

use strict;
use MIME::Base64;
use Digest::MD5;
use Digest::SHA qw(sha1_hex sha256_hex);

my $usage = "convertstr.pl - Reverses and converts a string
to base64, binary, hex and rot13, and provides
the md5, sha1 and sha256 hashes
Usasge: perl convertstr.pl 
";

# Get and check args
print $usage and exit unless my $string = shift;
chomp($string);

# Print header
print "Converting \'$string\'...\n\n";

# Reverse
print "REVERSED:\n";
my $reversed = reverse($string);
print $reversed . "\n\n";

# Base64
print "BASE64:\n";
my $base64 = encode_base64($string);
chomp($base64);
print $base64 . "\n\n";

# Binary
print "BINARY:\n";
my $binary = unpack('B*', $string);
print $binary . "\n\n";

# Hex
print "HEX:\n";
my $hex = unpack('H*', $string);
print $hex . "\n\n";

# Rot13
print "ROT13:\n";
if ($string =~ /[^A-Za-z\s]/) {
  print ">>> String must be alphabetic\n\n";
}
else {
  my $rot13 = $string;
  $rot13 =~ tr/A-Za-z/N-ZA-Mn-za-m/;
  print $rot13 . "\n\n";
}

# MD5
print "MD5:\n";
my $md5 = Digest::MD5->new;
$md5->add($string);
my $md5hex = $md5->hexdigest;
print $md5hex . "\n\n";

# SHA1
print "SHA1:\n";
my $sha1hex = sha1_hex($string);
print $sha1hex . "\n\n";

# SHA256
print "SHA256:\n";
my $sha256hex = sha256_hex($string);
print $sha256hex . "\n\n";

# Close out
print "Done.\n"
Leer más...

Base64pl.pl Encode/Decode

d
Autor: Dual
Descripción: Encode / Decode strings usando base64
Nombre: base64pl.pl

#!/usr/bin/env perl -w

# base64pl.pl - Encodes/decodes string(s) using base64
# by dual

use strict;
use MIME::Base64;

my $opt;
my $usage = "base64pl.pl -
Encodes or decodes a string using base64
Usage: perl base64pl.pl <-e data-blogger-escaped-d="d"> 
-e => encode
-d => decode
";

print $usage and exit unless (defined($opt = shift) && $opt =~ /^(-e|-d)$/);
print $usage and exit unless ($#ARGV > -1);

if ($opt =~ /e/) {
  my $enc_ref = \&encode;
  for my $enc_str (@ARGV) {
    $enc_ref->($enc_str);
  }
}
else {
  my $dec_ref = \&decode;
  for my $dec_str (@ARGV) {
    $dec_ref->($dec_str);
  }
} 

sub encode {
  my $string = $_[0];
  my $encoded = encode_base64($string);
  chomp($encoded);
  print "$string: $encoded\n";
}

sub decode {
  my $string = $_[0];
  my $decoded = decode_base64($string);
  chomp($decoded);
  print "$string: $decoded\n";
}

Fuente
Leer más...

Zone-H Reporter Perl

d
Autor: PrinceofHacking Descripción: Script realizado en Perl que nos permite interactuar con ZOne-H para reportar.


#!/usr/bin/perl
 
#####################################
#                Zone-H Notify                                          #                                 
#####################################
 
############
use LWP::UserAgent;
############
system('cls');
system ('title Powered By PrinceofHacking');
############
 
print "                         #####################\n   ";
print "                      #    Zone-Notify    #\n  ";
print "                       #        USO        #\n  ";
print "                       # [1] Single Deface #\n";
print "                         # [2] Mass   Deface #\n";
print "                         # [3] Help & About  #\n";
print "                         #####################\n\n   ";
 
$pick=;
if ($pick>3) {
print "Unknown Command\n";
}
if ($pick ==1)
{
 
print "Mode : Single Deface\n\n";
print "Defacer [Nickname] :\n";
$Def=;
print "Dominio:\n";
$Dom=;
if ($Dom =~ /http:\/\//)
{
$U="http://zone-h.org/notify/single";
$lwp=LWP::UserAgent->new;
$res=$lwp  -> post($U,[
'defacer'     => $Def,
'domain1'   => $Dom,
'hackmode' => '15',
'reason'       => '1',
'submit'       => 'Send',
]);
if ($res->content =~ /color="red">(.*)<\/font><\/li>/) {
print "Result => $1";
}
else
{
print "Error\n";
}
}
else
{
$new="http://" . "$Dom";
$U="http://zone-h.org/notify/single";
$lwp=LWP::UserAgent->new;
$res=$lwp  -> post($U,[
'defacer'     => $Def,
'domain1'   => $new,
'hackmode' => '15',
'reason'       => '1',
'submit'       => 'Send',
]);
if ($res->content =~ /color="red">(.*)<\/font><\/li>/) {
print "Result => $1";
}
else
{
print "Error\n";
}
}
}
#############################################Mass###########################################
if ($pick == 2){
print "Mode : Mass Deface\n\n";
open(site,"owned.txt");
 
@ARRAY=;
 
close site;
print "Defacer [Nickname] :\n";
$Def=;
foreach $mass(@ARRAY){
if ($mass !~ /http:/) {
$mass='http://' . $mass;
}
print "$mass\n";
 
$U="http://zone-h.org/notify/single";
$lwp=LWP::UserAgent->new;
$res=$lwp  -> post($U,[
'defacer'     => $Def,
'domain1'   => $mass,
'hackmode' => '15',
'reason'       => '1',
'submit'       => 'Send',
]);
if ($res->content =~ /color="red">(.*)<\/font><\/li>/) {
print "Result => $1\n\n";
}
else
{
print "Error\n";
}
}
}
#####################About##############
if ($pick ==3)
{
print "Para la opcion [2] crear un texto con las paginas y guardarlo como : owned.txt\n";
print "Example\n";
print "http://link.com\n";
print "http://link2.com\n";
print "http://link3.com\n\n";
}
Leer más...

Zone-H Reporter

d
Autor: @SankoSK
Descripcion: Script que interactua con Zone H permitiendo reportar desde la querida terminal. 
Nombre: ZoneHReporter.py

###################
#!/usr/bin/python #
# Zone-H Reporter #
# Coded by Sanko  #
###################
 
import urllib,urllib2
 
def main():
        options = """
#######################
#                     #
#  Zone - H Reporter  #
#  [0] Login          #
#  [1] Single Deface  #
#  [2] Mass Deface    #
#  [i] info methods   #
#                     #
#######################"""
 
        print options
        entrada = raw_input("Choose an option -> ")
        if entrada == 0:
                login('user','password')
        elif entrada == 1:
                uploadsingle('defacer','http://web.com/','15','1')
        elif entrada == 2:
                uploadmass('defacer','15','1') #Deben indicar en la funcion los domains defaceados
        elif entrada == 'i':
                info()
        else:
                print "Error , try again\n"
                main()
 
def login(user,password):
        url = 'http://www.zone-h.org/login'
        values = {'user':user,
                 'password':password}
 
        data = urllib.urlencode(values)
        req = urllib2.Request(url, data)
        resp = urllib2.urlopen(req)
        page = resp.read()
        print page
 
def uploadsingle(defacer,domain,hackmode,reason):
        url = 'http://www.zone-h.org/notify/single'
        values = {'defacer':defacer,
                  'domain1':domain,
                  'hackmode':hackmode,
                  'reason':reason,
                  'submit':'Send'}
 
        data = urllib.urlencode(values)
        req = urllib2.Request(url, data)
        resp = urllib2.urlopen(req)
        page = resp.read()
        print page
 
 
def uploadmass(defacer,hackmode,reason):
        url = 'http://www.zone-h.org/notify/mass'
        values = {'defacer':defacer,
                  'domain1':'',
                  'domain2':'',
                  'domain3':'',
                  'domain4':'',
                  'domain5':'',
                  'domain6':'',
                  'domain7':'',
                  'domain8':'',
                  'domain9':'',
                  'domain10':'',
                  'domain1':domain,
                  'hackmode':hackmode,
                  'reason':reason,
                  'submit':'Send'}
 
        data = urllib.urlencode(values)
        req = urllib2.Request(url, data)
        resp = urllib2.urlopen(req)
        page = resp.read()
        print page
 
def info():
        hackmodes = """
        [1] known vulnerability (i.e. unpatched system)
        [2] undisclosed (new) vulnerability
        [3] configuration / admin. mistake
        [4] brute force attack
        [5] social engineering
        [6] Web Server intrusion
        [7] Web Server external module intrusion
        [8] Mail Server intrusion
        [9] FTP Server intrusion
        [10] SSH Server intrusion
        [11] Telnet Server intrusion
        [12] RPC Server intrusion
        [13] Shares misconfiguration
        [14] Other Server intrusion
        [15] SQL Injection
        [16] URL Poisoning
        [17] File Inclusion
        [18] Other Web Application bug
        [19] Remote administrative panel access through bruteforcing
        [20] Remote administrative panel access through password guessing
        [21] Remote administrative panel access through social engineering
        [22] Attack against the administrator/user (password stealing/sniffing)
        [23] Access credentials through Man In the Middle attack
        [24] Remote service password guessing
        [25] Remote service password bruteforce
        [26] Rerouting after attacking the Firewall
        [27] Rerouting after attacking the Router
        [28] DNS attack through social engineering
        [29] DNS attack through cache poisoning
        [30] Not available
        [31] Cross-Site Scripting"""
 
        reasons = """
        [1] Heh...just for fun!
        [2] Revenge against that website
        [3] Political reasons
        [4] As a challenge
        [5] I just want to be the best defacer
        [6] Patriotism
        [7] Not available"""
        
        entrada = raw_input("info hackmodes | info reasons   --- > ")
        if entrada == "hackmodes":
                print hackmodes
        elif entrada == "reasons":
                print reasons
        else:
                print "Error"
                
 
main()

Leer más...