Waraxe IT Security Portal  
  Login or Register
::  Home  ::  Search  ::  Your Account  ::  Forums  ::   Waraxe Advisories  ::  Tools  ::
August 25, 2019
Menu
 Home
 Logout
 Discussions
 Forums
 Members List
 IRC chat
 Tools
 Base64 coder
 MD5 hash
 CRC32 checksum
 ROT13 coder
 SHA-1 hash
 URL-decoder
 Sql Char Encoder
 Affiliates
 y3dips ITsec
 Md5 Cracker
 User Manuals
 AlbumNow
 Content
 Content
 Sections
 FAQ
 Top
 Info
 Feedback
 Recommend Us
 Search
 Journal
 Your Account



User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9145

People Online:
Visitors: 219
Members: 0
Total: 219
PacketStorm News
Currently there is a problem with headlines from this site
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Perl -> Tutorial how to use exploits!!! Goto page 1, 2  Next
Post new topic  Reply to topic View previous topic :: View next topic 
Tutorial how to use exploits!!!
PostPosted: Tue Jul 11, 2006 12:58 pm Reply with quote
superninja
Active user
Active user
 
Joined: Jul 03, 2006
Posts: 38




:::FOR Newbies like me:::

FIRST OF ALL YOU NEED ACTIVE PERL
*****************************************
You guys can download Active Perl for free from here - http://downloads.activestate.com/ActivePerl/Windows/5.8/ActivePerl-5.8.8.817-MSWin32-x86-257965.zip

For linux users - http://downloads.activestate.com/ActivePerl/Linux/5.8/ActivePerl-5.8.8.817-i686-linux-2.2.17-gcc-257965.tar.gz

******************************************


1.ok first go to exploit page,i'll chose this exploit for phpbb 2.0.6 -> http://www.milw0rm.com/id.php?id=137

---------------------------------

2.Now press CTRL+A to select all text then CTRL+C to copy it.

---------------------------------

3.Open notepad and press CTRL+V to paste the text,now in notepad go to File -> Save As... and save it with exploitname.pl in C:\Perl\
.Dont forget the .pl after the name!.

---------------------------------

(Your Perl must be installed in C:\)
4.Now open 'cmd' and type 'cd\' without the quotes,then 'cd perl' without the quotes then 'perl exploitname.pl' without the quotes again.

---------------------------------

5.Now some text will appear.If you use the phpbb 2.0.6 exploit this text will appear:

Code:
****************************************************************
r57phpbb.pl\n";
phpBB v<=2.06 search_id sql injection exploit (POC version)
by RusH security team // www.rsteam.ru , http://rst.void.ru
coded by f3sy1 & 1dt.w0lf // 16/12/2003\n";
Usage: r57phpbb-poc.pl <server> <folder> <user_id> <search_id>
e.g.: r57phpbb-poc.pl 127.0.0.1 phpBB2 2 2
[~] <server> - server ip
[~] <folder> - forum folder
[~] <user_id> - user id (2 default for phpBB admin)
[~] <search_id> - play with this value for results
****************************************************************


6.Now enter this

-> perl exploitname.pl hostIP forumfolder userid somenumber


Then press enter


Created by superninja from http://uphacks.com/

Visit www.UpHacks.com


Last edited by superninja on Tue Jul 11, 2006 9:55 pm; edited 2 times in total
View user's profile Send private message
PostPosted: Tue Jul 11, 2006 8:13 pm Reply with quote
waraxe
Site admin
Site admin
 
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Good tutorial, only one little mistake - pasting hotkey is "CTRL+V", if I remember right.
And you can share your Activeperl installing experiences - from where to download and did install go smoothly Smile
View user's profile Send private message Send e-mail Visit poster's website
a little nudge in the right direction :)
PostPosted: Sat Jul 15, 2006 3:15 pm Reply with quote
Zipper_
Active user
Active user
 
Joined: Aug 03, 2005
Posts: 29




i followed your installation advice to a (T) i type cd\ then cd perl everything ok then i type perl exploitname.pl it pops up ina notepad instead of executing if i did something wrong please let me know ive been trying to execute perl scripts for just over a year now with not much luck so thanks in advance Zipper.
View user's profile Send private message
Re: a little nudge in the right direction :)
PostPosted: Sat Jul 15, 2006 3:24 pm Reply with quote
waraxe
Site admin
Site admin
 
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Zipper_ wrote:
i followed your installation advice to a (T) i type cd\ then cd perl everything ok then i type perl exploitname.pl it pops up ina notepad instead of executing if i did something wrong please let me know ive been trying to execute perl scripts for just over a year now with not much luck so thanks in advance Zipper.


After you have installed ActivePerl on windows computer

1. open command prompt
2. navigate to Perl folder, bin subfolder ("cd" commands)
Now, if you make "dir" command, you must able to see "perl.exe"
3. If you see perl.exe in dir listing, then issue command "perl -help".
You must see now help text.
4. issue command "perl exploit.pl" - exploit must be executed.
And by the way, exploit file must be in same folder as perl.exe
If you still get notepad opened, then something is very wrong Smile

Of course, things are ALOT easier, if your computer has configured valid PATH parameter to perl.exe ...
In this case you can run perl scripts from any place.
View user's profile Send private message Send e-mail Visit poster's website
Re: a big nudge in the right direction :)
PostPosted: Sun Jul 16, 2006 3:43 am Reply with quote
Zipper_
Active user
Active user
 
Joined: Aug 03, 2005
Posts: 29




Quote:
After you have installed ActivePerl on windows computer

1. open command prompt
2. navigate to Perl folder, bin subfolder ("cd" commands)
Now, if you make "dir" command, you must able to see "perl.exe"
3. If you see perl.exe in dir listing, then issue command "perl -help".
You must see now help text.
4. issue command "perl exploit.pl" - exploit must be executed.
And by the way, exploit file must be in same folder as perl.exe
If you still get notepad opened, then something is very wrong Smile

Of course, things are ALOT easier, if your computer has configured valid PATH parameter to perl.exe ...
In this case you can run perl scripts from any place.


Sorry for the long post but i thought id show you so you could let me know whats what:

Code:
 Directory of C:\

05/22/2006  08:59 AM                 0 AUTOEXEC.BAT
07/16/2006  11:13 AM    <DIR>          bin
05/22/2006  08:59 AM                 0 CONFIG.SYS
05/22/2006  09:05 AM    <DIR>          Documents and Settings
07/16/2006  11:13 AM    <DIR>          eg
07/16/2006  10:53 AM             2,910 exploit.pl
07/16/2006  11:25 AM    <DIR>          html
05/29/2006  01:37 PM    <DIR>          Inetpub
07/16/2006  11:15 AM    <DIR>          lib
07/11/2006  11:12 AM    <DIR>          Program Files
07/16/2006  11:14 AM    <DIR>          site
07/11/2006  11:23 AM    <DIR>          WINDOWS
               4 File(s)         12,426 bytes
               9 Dir(s)   1,220,337,664 bytes free

C:\>dir bin
 Volume in drive C is Eye
 Volume Serial Number is xxxx-xxxx

 Directory of C:\bin

07/16/2006  11:13 AM    <DIR>          .
07/16/2006  11:13 AM    <DIR>          ..
03/20/2006  05:55 PM            86,098 a2p.exe
07/16/2006  11:14 AM            38,375 c2ph.bat
02/03/2005  06:33 PM             5,449 config.pl
02/27/2005  09:19 PM               481 configPPM3.pl
07/16/2006  11:14 AM             4,458 cpan.bat
07/13/2001  11:43 AM               647 crc32
03/20/2006  06:29 PM             1,065 crc32.bat
01/01/2003  11:43 AM               107 decode-base64
03/20/2006  06:41 PM               525 decode-base64.bat
01/01/2003  11:33 AM               104 decode-qp
03/20/2006  06:41 PM               522 decode-qp.bat
03/20/2006  06:19 PM            25,409 dprofpp.bat
07/16/2006  11:14 AM            39,873 enc2xs.bat
01/01/2003  07:21 PM               248 encode-base64
03/20/2006  06:41 PM               666 encode-base64.bat
01/01/2003  11:32 AM               104 encode-qp
03/20/2006  06:41 PM               522 encode-qp.bat
03/20/2006  06:19 PM             3,265 exetype.bat
07/16/2006  11:14 AM            25,414 find2perl.bat
06/21/2005  09:07 AM             9,331 gedi
03/20/2006  06:40 PM             9,749 gedi.bat
12/06/2005  04:16 AM            15,130 GET
03/20/2006  06:22 PM            15,548 GET.bat
07/16/2006  11:14 AM            28,662 h2ph.bat
07/16/2006  11:14 AM            62,621 h2xs.bat
12/06/2005  04:16 AM            15,130 HEAD
03/20/2006  06:22 PM            15,548 HEAD.bat
02/14/2006  03:01 PM             2,686 IISScriptMap.pl
06/26/2005  12:42 PM             1,440 IISVirtualDir.pl
07/16/2006  11:14 AM             4,860 instmodsh.bat
07/16/2006  11:14 AM            16,857 libnetcfg.bat
12/11/2004  06:03 AM             8,772 lwp-download
03/20/2006  06:22 PM             9,190 lwp-download.bat
04/10/2004  12:54 PM             2,513 lwp-mirror
03/20/2006  06:22 PM             2,931 lwp-mirror.bat
12/06/2005  04:16 AM            15,130 lwp-request
03/20/2006  06:22 PM            15,548 lwp-request.bat
04/10/2004  12:54 PM            15,643 lwp-rget
03/20/2006  06:22 PM            16,061 lwp-rget.bat
03/20/2006  05:55 PM            45,135 perl.exe
03/20/2006  05:55 PM            45,135 perl5.8.8.exe
03/20/2006  05:55 PM           802,897 perl58.dll
07/16/2006  11:14 AM            40,528 perlbug.bat
07/16/2006  11:14 AM            19,015 perlcc.bat
07/16/2006  11:14 AM               647 perldoc.bat
03/20/2006  06:30 PM           126,813 PerlEx30.dll
11/07/2001  09:40 AM               182 PerlExOverLimit.txt
03/20/2006  06:30 PM            36,955 PerlEz.dll
03/20/2006  06:19 PM             1,642 perlglob.bat
03/20/2006  05:53 PM            16,467 perlglob.exe
03/20/2006  06:30 PM            32,863 perlis.dll
07/16/2006  11:14 AM            12,782 perlivp.bat
03/20/2006  06:30 PM            24,576 PerlMsg.dll
03/20/2006  06:30 PM            61,531 PerlSE.dll
07/16/2006  11:14 AM             6,501 piconv.bat
03/20/2006  06:19 PM            13,634 pl2bat.bat
07/16/2006  11:14 AM             5,310 pl2pm.bat
06/14/2005  03:23 PM             9,543 plexalizer.pl
07/16/2006  11:14 AM             2,894 pod2html.bat
07/16/2006  11:14 AM            11,049 pod2latex.bat
07/16/2006  11:14 AM            20,470 pod2man.bat
07/16/2006  11:14 AM             8,445 pod2text.bat
03/20/2006  06:19 PM             3,893 pod2usage.bat
03/20/2006  06:19 PM             4,280 podchecker.bat
03/20/2006  06:19 PM             3,039 podselect.bat
12/06/2005  04:16 AM            15,130 POST
03/20/2006  06:22 PM            15,548 POST.bat
03/20/2006  06:40 PM            45,461 ppm
03/20/2006  06:41 PM            45,879 ppm.bat
03/20/2006  06:40 PM            45,461 ppm3
03/20/2006  06:40 PM           146,670 ppm3-bin
03/20/2006  06:40 PM           147,088 ppm3-bin.bat
07/16/2006  11:14 AM               104 ppm3-bin.cfg
03/20/2006  06:41 PM            45,879 ppm3.bat
07/16/2006  11:14 AM             9,955 prove.bat
07/16/2006  11:14 AM            55,398 psed.bat
07/16/2006  11:14 AM            38,375 pstruct.bat
10/10/2005  02:22 AM             2,732 ptar
03/20/2006  06:29 PM             3,150 ptar.bat
08/22/2005  02:25 AM             1,651 ptardiff
03/20/2006  06:29 PM             2,069 ptardiff.bat
03/17/2004  01:30 PM             7,623 ptked
03/20/2006  06:40 PM             8,041 ptked.bat
07/27/2003  08:23 AM            18,127 ptksh
03/20/2006  06:40 PM            18,545 ptksh.bat
03/20/2006  06:23 PM             4,915 reloc_perl
03/20/2006  06:23 PM             5,333 reloc_perl.bat
03/20/2006  06:19 PM             2,434 runperl.bat
07/16/2006  11:14 AM            55,398 s2p.bat
03/20/2006  06:19 PM            57,030 search.bat
03/20/2006  06:28 PM             3,286 SOAPsh.bat
06/14/2002  10:15 AM             2,868 SOAPsh.pl
07/16/2006  11:14 AM            18,426 splain.bat
03/20/2006  06:28 PM             1,144 stubmaker.bat
07/18/2001  02:09 PM               726 stubmaker.pl
02/28/2004  09:10 AM             1,475 tkjpeg
03/20/2006  06:40 PM             1,893 tkjpeg.bat
02/28/2004  08:35 AM            19,499 widget
03/20/2006  06:39 PM            19,917 widget.bat
03/20/2006  05:55 PM            45,135 wperl.exe
03/20/2006  06:28 PM             3,289 XMLRPCsh.bat
06/14/2002  10:15 AM             2,871 XMLRPCsh.pl
07/16/2006  11:14 AM            54,161 xsubpp.bat
             103 File(s)      2,845,594 bytes
               2 Dir(s)   1,220,337,664 bytes free

C:\>

im trying to use the script in the example to make things easier for the test so the path @ the top is #!/usr/bin/perl -w is this wrong? sorry if thes questions sound a bit stupid but everyone learns somewhere i guess thanks in advance Zipper.

+++++++++
problem soved i thought i'd keep the post and let people know how i fixed it thnx alot guys you have been a great help i will be posting and helping as much as i can on this cool community it has taken me the best part of half a year or so to get this right finally i have
+++++++++

typed:cd\ - brings up c:\> prompt
typed:dir - did not see perl.exe so i reinstalled to c:\ not c:\perl (thnx waraxe)
reinstalled to c:\>
typed:cd\ - brings up c:\> prompt
typed:cd\bin - brings up c:\bin> prompt
typed:perl.exe exploit.pl
:RESULT:
Code:
|***********************************************************|
 r57phpbb.pl
 phpBB v<=2.06 search_id sql injection exploit (POC version)
 by RusH security team // www.rsteam.ru , http://rst.void.ru
 coded by f3sy1 & 1dt.w0lf // 16/12/2003
 Usage: r57phpbb-poc.pl <server> <folder> <user_id> <search_id>
 e.g.: r57phpbb-poc.pl 127.0.0.1 phpBB2 2 2
 [~] <server> - server ip
 [~] <folder> - forum folder
 [~] <user_id> - user id (2 default for phpBB admin)
 [~] <search_id> - play with this value for results
|***********************************************************|

I hope this clears up any future problems for anyone with this kind of issue.

one quick question if anyone knows i have a few exploits in my bin now is thier a way to define a folder instead of using the same folder as perl.exe maybe for eg a folder named xploitZ.
View user's profile Send private message
PostPosted: Sun Jul 16, 2006 10:27 pm Reply with quote
subzero
Valuable expert
Valuable expert
 
Joined: Mar 16, 2005
Posts: 42




take a look at
http://kisobox.com/area52.php might give u extra info
View user's profile Send private message Visit poster's website
PostPosted: Sun Jul 16, 2006 11:13 pm Reply with quote
waraxe
Site admin
Site admin
 
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




subzero wrote:
take a look at
http://kisobox.com/area52.php might give u extra info


Nice videos, subzero! Smile
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Sun Dec 16, 2007 8:40 pm Reply with quote
AiFarSeNi
Beginner
Beginner
 
Joined: Dec 16, 2007
Posts: 1




some of perl says:

Code:
C:\perl1>perl exploit.pl
Can't exec /usr/bin/php at exploit.pl line 1.


what is the problemm ?
View user's profile Send private message
PostPosted: Wed Dec 19, 2007 6:37 pm Reply with quote
waraxe
Site admin
Site admin
 
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




AiFarSeNi wrote:
some of perl says:

Code:
C:\perl1>perl exploit.pl
Can't exec /usr/bin/php at exploit.pl line 1.


what is the problemm ?


Please give more details!
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Fri Dec 28, 2007 6:40 am Reply with quote
y3dips
Valuable expert
Valuable expert
 
Joined: Feb 25, 2005
Posts: 281
Location: Indonesia




AiFarSeNi wrote:
some of perl says:

Code:
C:\perl1>perl exploit.pl
Can't exec /usr/bin/php at exploit.pl line 1.


what is the problemm ?



install and define your php path,
thats what the error tell you about

_________________
IO::y3dips->new(http://clog.ammar.web.id);
View user's profile Send private message Visit poster's website Yahoo Messenger
PostPosted: Tue Oct 28, 2008 9:09 am Reply with quote
mattoni
Active user
Active user
 
Joined: Oct 26, 2008
Posts: 34
Location: United Kingdom




i have downloaded For linux users - http://downloads.activestate.com/ActivePerl/Linux/5.8/ActivePerl-5.8.8.817-i686-linux-2.2.17-gcc-257965.tar.gz

then i created newfolder in c:\ and i gave name (perl) for this folder.

then i puted the file which i downloded from the link above to this folder.

then i made a copy past of exploit (2.3.5 Multiple Vulnerabilities) in notepad.

i named the file as 2.3.5 Multiple Vulnerabilities.pl

then i saved the file in perl folder .

then i started with Cd

i had this massage.... What is my mistake please ?


[/img]
View user's profile Send private message
PostPosted: Tue Oct 28, 2008 10:59 am Reply with quote
overcheckin
Beginner
Beginner
 
Joined: Sep 17, 2008
Posts: 3




Windows Terminal doesn't like spaces in file names

try renaming it or run it within double quotes

eg "2.3.5 Multiple Vulnerabilities.pl"
View user's profile Send private message
PostPosted: Tue Oct 28, 2008 11:21 am Reply with quote
mattoni
Active user
Active user
 
Joined: Oct 26, 2008
Posts: 34
Location: United Kingdom




Just i need to be sure for this step.>>> i am using winXP , So What i should download ?

Code:
You guys can download Active Perl for free from here - http://downloads.activestate.com/ActivePerl/Windows/5.8/ActivePerl-5.8.8.817-MSWin32-x86-257965.zip


or
Code:

For linux users - http://downloads.activestate.com/ActivePerl/Linux/5.8/ActivePerl-5.8.8.817-i686-linux-2.2.17-gcc-257965.tar.gz


i have downloded from linux user Shocked , is it correct ?
View user's profile Send private message
PostPosted: Tue Oct 28, 2008 11:28 am Reply with quote
overcheckin
Beginner
Beginner
 
Joined: Sep 17, 2008
Posts: 3




its plain obvious

running xp = perl windows package!
runnng linux= perl linux package!
View user's profile Send private message
PostPosted: Tue Oct 28, 2008 11:37 am Reply with quote
mattoni
Active user
Active user
 
Joined: Oct 26, 2008
Posts: 34
Location: United Kingdom




Wink step by step i will learn more.

thank you overcheckin

so i have to delete the file and replace it by the other for xp.

thanks again
View user's profile Send private message
Tutorial how to use exploits!!!
  www.waraxe.us Forum Index -> Perl
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 2  
Goto page 1, 2  Next
  
  
 Post new topic  Reply to topic  




Powered by phpBB 2001-2008 phpBB Group






Book Opinions
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2013 Janek Vind "waraxe"
Page Generation: 0.097 Seconds