Got Bored So I tough i should write A post On How To use PHP , Perl , Python and C exploits for new generation of hackers and Beginners.
PHP
________
Exploit Title :- DoS exploit for Filezilla FTP Server 0.9.20 beta
Exploit :- www.1337day.com/exploit/6238
First you need to install PHP onto your computer.
WAMP is a free web server that comes with PHP
Download Wamp :- www.wampserver.com
Next, paste the PHP exploit into notepad
and save it as “exploit.php”.
On line 13 of this exploit you will see:
$address = gethostbyname(‘192.168.1.3’); here you will have
to edit in the IP address of the target
Save this edited file into the PHP directory on your server that
contains the PHP executable file
In WAMP the directory would be C:\wamp\bin\php\php5.x.x
Next open up the command prompt or terminal
and go to the PHP directory by using the CD (change directory)
command followed by the directory location.
C:\wamp\bin\php\php5.2.5>
php exploit.php
Undefined variable:.....on line 18
If you go to line 18 of this exploit , will see the line
$junk.=”../../../sun-tzu/../../../sun-tzu/../../../sun-tzu”;
remove it,run the exploit again
+++++++++++++++++++++++
PERL
________
Download and install the appropriate version of Active Perl
Download Active Perl :- www.activestate.com/activeperl/downloads
Exploit Title :- DoS exploit for WinFTP Server 2.3.0
Exploit :- www.1337day.com/exploit/6613
Edit the options like the target server and others as needed.
Then save the file as “exploit.pl”.
As you can see Pearl exploits begin with “!/usr/bin/perl”.
Open CMD or Terminal and change into the directory with the exploit
using the CD (change directory command). Then run the exploit by typing:
“perl exploit.pl”.
C:\Documents and Settings\sevic\Desktop\perl exploit.pl
+++++++++++++++++++++++
PYTHON
___________
Download and Install Python
Python:http://www.python.org/download/
Exploit Title :- FTPDMIN v. 0.96 LIST Denial of Service(DoS):
Exploit :- www.1337day.com/exploit/6342
As you can see Python exploits begin with As "# usr/bin/python"
paste the python exploit into notepad or any word processor
and save it as “exploit.py" to folder where you installed Python ,
C:\Python is by default
Open CMD or Terminal and change into the directory with the exploit
using the CD (change directory command).
Then run the exploit by typing:
“exploit.py”.
C:\Python25\exploit.py
+++++++++++++++++++++++
C\C++
___________
C/C++ are the most popular programming languages used in developing exploit code.
Some C/C++ code can be compiled with any compiler and on any operating system. There are also C/C++ scripts that are made to be compiled by a particular compiler, or in a particular operating system. You can usually find this information commented in the top of the script. Below is a list of the most popular compilers for each
operating system.
Windows
• Microsoft Visual C++
• Borland C++
• Dev-C++
Mac
• MrC/MrCpp
• Xcode
Linux
• GCC
Most C/C++ exploit code is made to be compiled in Linux.
If you wish to run one them but you’re only option is Windows, then you can use Cygwin . Cygwin is a Linux-like environment that runs in Windows and acts as a Linux emulation layer, allowing you to run Linux scripts in windows. Although many linux C/C++ exploit scripts will work with Cygwin, there are
also many may not. I will show you how you can use Cygwin right after I give you an example of compiling and running a C/C++ script in Linux
Exploit Title :- BeroFTPD 1.3.4(1) Linux x86 remote root exploit
Exploit :- www.1337day.com/exploit/8277
Save exploit as exploit.c
run the terminal and compile it:
#gcc -o whatever exploit.c
To run the exploit, simply type “./whatever”.
run this script against a vulnerable box and you will got root acces
If you only have access to a Windows machine, and you come across a C/C++
script that is only meant to be compiled in Linux, then you can use Cygwin
to make it possible in Windows
Cygwin
1. Download Cygwin from http://www.cygwin.com/.
Using the same exploit as the last example, save and move it into the
“C:\cygwin” directory as “exploit.c”.
First you must change the directory to the home directory (C:\cygwin) by
using the command “cd /”. Next use the “ls” command to display all the files
in the current directory. You should see “exploit.c
compile it with “gcc -o whatever exploit.c
To run the exploit, simply type “./exploit”.
+++++++++++++++++++++++
Conclusion:
The more exploits you run, the more you will notice that half of
them may not work. Many exploits are created and tested in specific
environments and the expected outcome only happens when the exploit
is run in the exact same environment.That is another reason why programming knowledge is needed, so you could edit the exploit script to work for you
PHP
________
Exploit Title :- DoS exploit for Filezilla FTP Server 0.9.20 beta
Exploit :- www.1337day.com/exploit/6238
First you need to install PHP onto your computer.
WAMP is a free web server that comes with PHP
Download Wamp :- www.wampserver.com
Next, paste the PHP exploit into notepad
and save it as “exploit.php”.
On line 13 of this exploit you will see:
$address = gethostbyname(‘192.168.1.3’); here you will have
to edit in the IP address of the target
Save this edited file into the PHP directory on your server that
contains the PHP executable file
In WAMP the directory would be C:\wamp\bin\php\php5.x.x
Next open up the command prompt or terminal
and go to the PHP directory by using the CD (change directory)
command followed by the directory location.
C:\wamp\bin\php\php5.2.5>
php exploit.php
Undefined variable:.....on line 18
If you go to line 18 of this exploit , will see the line
$junk.=”../../../sun-tzu/../../../sun-tzu/../../../sun-tzu”;
remove it,run the exploit again
+++++++++++++++++++++++
PERL
________
Download and install the appropriate version of Active Perl
Download Active Perl :- www.activestate.com/activeperl/downloads
Exploit Title :- DoS exploit for WinFTP Server 2.3.0
Exploit :- www.1337day.com/exploit/6613
Edit the options like the target server and others as needed.
Then save the file as “exploit.pl”.
As you can see Pearl exploits begin with “!/usr/bin/perl”.
Open CMD or Terminal and change into the directory with the exploit
using the CD (change directory command). Then run the exploit by typing:
“perl exploit.pl”.
C:\Documents and Settings\sevic\Desktop\perl exploit.pl
+++++++++++++++++++++++
PYTHON
___________
Download and Install Python
Python:http://www.python.org/download/
Exploit Title :- FTPDMIN v. 0.96 LIST Denial of Service(DoS):
Exploit :- www.1337day.com/exploit/6342
As you can see Python exploits begin with As "# usr/bin/python"
paste the python exploit into notepad or any word processor
and save it as “exploit.py" to folder where you installed Python ,
C:\Python is by default
Open CMD or Terminal and change into the directory with the exploit
using the CD (change directory command).
Then run the exploit by typing:
“exploit.py”.
C:\Python25\exploit.py
+++++++++++++++++++++++
C\C++
___________
C/C++ are the most popular programming languages used in developing exploit code.
Some C/C++ code can be compiled with any compiler and on any operating system. There are also C/C++ scripts that are made to be compiled by a particular compiler, or in a particular operating system. You can usually find this information commented in the top of the script. Below is a list of the most popular compilers for each
operating system.
Windows
• Microsoft Visual C++
• Borland C++
• Dev-C++
Mac
• MrC/MrCpp
• Xcode
Linux
• GCC
Most C/C++ exploit code is made to be compiled in Linux.
If you wish to run one them but you’re only option is Windows, then you can use Cygwin . Cygwin is a Linux-like environment that runs in Windows and acts as a Linux emulation layer, allowing you to run Linux scripts in windows. Although many linux C/C++ exploit scripts will work with Cygwin, there are
also many may not. I will show you how you can use Cygwin right after I give you an example of compiling and running a C/C++ script in Linux
Exploit Title :- BeroFTPD 1.3.4(1) Linux x86 remote root exploit
Exploit :- www.1337day.com/exploit/8277
Save exploit as exploit.c
run the terminal and compile it:
#gcc -o whatever exploit.c
To run the exploit, simply type “./whatever”.
run this script against a vulnerable box and you will got root acces
If you only have access to a Windows machine, and you come across a C/C++
script that is only meant to be compiled in Linux, then you can use Cygwin
to make it possible in Windows
Cygwin
1. Download Cygwin from http://www.cygwin.com/.
Using the same exploit as the last example, save and move it into the
“C:\cygwin” directory as “exploit.c”.
First you must change the directory to the home directory (C:\cygwin) by
using the command “cd /”. Next use the “ls” command to display all the files
in the current directory. You should see “exploit.c
compile it with “gcc -o whatever exploit.c
To run the exploit, simply type “./exploit”.
+++++++++++++++++++++++
Conclusion:
The more exploits you run, the more you will notice that half of
them may not work. Many exploits are created and tested in specific
environments and the expected outcome only happens when the exploit
is run in the exact same environment.That is another reason why programming knowledge is needed, so you could edit the exploit script to work for you
0 Comments:
Post a Comment