Waraxe IT Security Portal
Login or Register
November 24, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 52
Members: 0
Total: 52
Full disclosure
APPLE-SA-11-19-2024-5 macOS Sequoia 15.1.1
Local Privilege Escalations in needrestart
APPLE-SA-11-19-2024-4 iOS 17.7.2 and iPadOS 17.7.2
APPLE-SA-11-19-2024-3 iOS 18.1.1 and iPadOS 18.1.1
APPLE-SA-11-19-2024-2 visionOS 2.1.1
APPLE-SA-11-19-2024-1 Safari 18.1.1
Reflected XSS - fronsetiav1.1
XXE OOB - fronsetiav1.1
St. Poelten UAS | Path Traversal in Korenix JetPort 5601
St. Poelten UAS | Multiple Stored Cross-Site Scripting in SEH utnserver Pro
Apple web content filter bypass allows unrestricted access to blocked content (macOS/iOS/iPadOS/visionO S/watchOS)
SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Perl -> Tutorial how to use exploits!!! Goto page 1, 2Next
Post new topicReply to topic View previous topic :: View next topic
Tutorial how to use exploits!!!
PostPosted: Tue Jul 11, 2006 12:58 pm Reply with quote
superninja
Active user
Active user
Joined: Jul 03, 2006
Posts: 38




:::FOR Newbies like me:::

FIRST OF ALL YOU NEED ACTIVE PERL
*****************************************
You guys can download Active Perl for free from here - http://downloads.activestate.com/ActivePerl/Windows/5.8/ActivePerl-5.8.8.817-MSWin32-x86-257965.zip

For linux users - http://downloads.activestate.com/ActivePerl/Linux/5.8/ActivePerl-5.8.8.817-i686-linux-2.2.17-gcc-257965.tar.gz

******************************************


1.ok first go to exploit page,i'll chose this exploit for phpbb 2.0.6 -> http://www.milw0rm.com/id.php?id=137

---------------------------------

2.Now press CTRL+A to select all text then CTRL+C to copy it.

---------------------------------

3.Open notepad and press CTRL+V to paste the text,now in notepad go to File -> Save As... and save it with exploitname.pl in C:\Perl\
.Dont forget the .pl after the name!.

---------------------------------

(Your Perl must be installed in C:\)
4.Now open 'cmd' and type 'cd\' without the quotes,then 'cd perl' without the quotes then 'perl exploitname.pl' without the quotes again.

---------------------------------

5.Now some text will appear.If you use the phpbb 2.0.6 exploit this text will appear:

Code:
****************************************************************
r57phpbb.pl\n";
phpBB v<=2.06 search_id sql injection exploit (POC version)
by RusH security team // www.rsteam.ru , http://rst.void.ru
coded by f3sy1 & 1dt.w0lf // 16/12/2003\n";
Usage: r57phpbb-poc.pl <server> <folder> <user_id> <search_id>
e.g.: r57phpbb-poc.pl 127.0.0.1 phpBB2 2 2
[~] <server> - server ip
[~] <folder> - forum folder
[~] <user_id> - user id (2 default for phpBB admin)
[~] <search_id> - play with this value for results
****************************************************************


6.Now enter this

-> perl exploitname.pl hostIP forumfolder userid somenumber


Then press enter


Created by superninja from http://uphacks.com/

Visit www.UpHacks.com


Last edited by superninja on Tue Jul 11, 2006 9:55 pm; edited 2 times in total
View user's profile Send private message
PostPosted: Tue Jul 11, 2006 8:13 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Good tutorial, only one little mistake - pasting hotkey is "CTRL+V", if I remember right.
And you can share your Activeperl installing experiences - from where to download and did install go smoothly Smile
View user's profile Send private message Send e-mail Visit poster's website
a little nudge in the right direction :)
PostPosted: Sat Jul 15, 2006 3:15 pm Reply with quote
Zipper_
Active user
Active user
Joined: Aug 03, 2005
Posts: 29




i followed your installation advice to a (T) i type cd\ then cd perl everything ok then i type perl exploitname.pl it pops up ina notepad instead of executing if i did something wrong please let me know ive been trying to execute perl scripts for just over a year now with not much luck so thanks in advance Zipper.
View user's profile Send private message
Re: a little nudge in the right direction :)
PostPosted: Sat Jul 15, 2006 3:24 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Zipper_ wrote:
i followed your installation advice to a (T) i type cd\ then cd perl everything ok then i type perl exploitname.pl it pops up ina notepad instead of executing if i did something wrong please let me know ive been trying to execute perl scripts for just over a year now with not much luck so thanks in advance Zipper.


After you have installed ActivePerl on windows computer

1. open command prompt
2. navigate to Perl folder, bin subfolder ("cd" commands)
Now, if you make "dir" command, you must able to see "perl.exe"
3. If you see perl.exe in dir listing, then issue command "perl -help".
You must see now help text.
4. issue command "perl exploit.pl" - exploit must be executed.
And by the way, exploit file must be in same folder as perl.exe
If you still get notepad opened, then something is very wrong Smile

Of course, things are ALOT easier, if your computer has configured valid PATH parameter to perl.exe ...
In this case you can run perl scripts from any place.
View user's profile Send private message Send e-mail Visit poster's website
Re: a big nudge in the right direction :)
PostPosted: Sun Jul 16, 2006 3:43 am Reply with quote
Zipper_
Active user
Active user
Joined: Aug 03, 2005
Posts: 29




Quote:
After you have installed ActivePerl on windows computer

1. open command prompt
2. navigate to Perl folder, bin subfolder ("cd" commands)
Now, if you make "dir" command, you must able to see "perl.exe"
3. If you see perl.exe in dir listing, then issue command "perl -help".
You must see now help text.
4. issue command "perl exploit.pl" - exploit must be executed.
And by the way, exploit file must be in same folder as perl.exe
If you still get notepad opened, then something is very wrong Smile

Of course, things are ALOT easier, if your computer has configured valid PATH parameter to perl.exe ...
In this case you can run perl scripts from any place.


Sorry for the long post but i thought id show you so you could let me know whats what:

Code:
Directory of C:\

05/22/2006 08:59 AM 0 AUTOEXEC.BAT
07/16/2006 11:13 AM <DIR> bin
05/22/2006 08:59 AM 0 CONFIG.SYS
05/22/2006 09:05 AM <DIR> Documents and Settings
07/16/2006 11:13 AM <DIR> eg
07/16/2006 10:53 AM 2,910 exploit.pl
07/16/2006 11:25 AM <DIR> html
05/29/2006 01:37 PM <DIR> Inetpub
07/16/2006 11:15 AM <DIR> lib
07/11/2006 11:12 AM <DIR> Program Files
07/16/2006 11:14 AM <DIR> site
07/11/2006 11:23 AM <DIR> WINDOWS
4 File(s) 12,426 bytes
9 Dir(s) 1,220,337,664 bytes free

C:\>dir bin
Volume in drive C is Eye
Volume Serial Number is xxxx-xxxx

Directory of C:\bin

07/16/2006 11:13 AM <DIR> .
07/16/2006 11:13 AM <DIR> ..
03/20/2006 05:55 PM 86,098 a2p.exe
07/16/2006 11:14 AM 38,375 c2ph.bat
02/03/2005 06:33 PM 5,449 config.pl
02/27/2005 09:19 PM 481 configPPM3.pl
07/16/2006 11:14 AM 4,458 cpan.bat
07/13/2001 11:43 AM 647 crc32
03/20/2006 06:29 PM 1,065 crc32.bat
01/01/2003 11:43 AM 107 decode-base64
03/20/2006 06:41 PM 525 decode-base64.bat
01/01/2003 11:33 AM 104 decode-qp
03/20/2006 06:41 PM 522 decode-qp.bat
03/20/2006 06:19 PM 25,409 dprofpp.bat
07/16/2006 11:14 AM 39,873 enc2xs.bat
01/01/2003 07:21 PM 248 encode-base64
03/20/2006 06:41 PM 666 encode-base64.bat
01/01/2003 11:32 AM 104 encode-qp
03/20/2006 06:41 PM 522 encode-qp.bat
03/20/2006 06:19 PM 3,265 exetype.bat
07/16/2006 11:14 AM 25,414 find2perl.bat
06/21/2005 09:07 AM 9,331 gedi
03/20/2006 06:40 PM 9,749 gedi.bat
12/06/2005 04:16 AM 15,130 GET
03/20/2006 06:22 PM 15,548 GET.bat
07/16/2006 11:14 AM 28,662 h2ph.bat
07/16/2006 11:14 AM 62,621 h2xs.bat
12/06/2005 04:16 AM 15,130 HEAD
03/20/2006 06:22 PM 15,548 HEAD.bat
02/14/2006 03:01 PM 2,686 IISScriptMap.pl
06/26/2005 12:42 PM 1,440 IISVirtualDir.pl
07/16/2006 11:14 AM 4,860 instmodsh.bat
07/16/2006 11:14 AM 16,857 libnetcfg.bat
12/11/2004 06:03 AM 8,772 lwp-download
03/20/2006 06:22 PM 9,190 lwp-download.bat
04/10/2004 12:54 PM 2,513 lwp-mirror
03/20/2006 06:22 PM 2,931 lwp-mirror.bat
12/06/2005 04:16 AM 15,130 lwp-request
03/20/2006 06:22 PM 15,548 lwp-request.bat
04/10/2004 12:54 PM 15,643 lwp-rget
03/20/2006 06:22 PM 16,061 lwp-rget.bat
03/20/2006 05:55 PM 45,135 perl.exe
03/20/2006 05:55 PM 45,135 perl5.8.8.exe
03/20/2006 05:55 PM 802,897 perl58.dll
07/16/2006 11:14 AM 40,528 perlbug.bat
07/16/2006 11:14 AM 19,015 perlcc.bat
07/16/2006 11:14 AM 647 perldoc.bat
03/20/2006 06:30 PM 126,813 PerlEx30.dll
11/07/2001 09:40 AM 182 PerlExOverLimit.txt
03/20/2006 06:30 PM 36,955 PerlEz.dll
03/20/2006 06:19 PM 1,642 perlglob.bat
03/20/2006 05:53 PM 16,467 perlglob.exe
03/20/2006 06:30 PM 32,863 perlis.dll
07/16/2006 11:14 AM 12,782 perlivp.bat
03/20/2006 06:30 PM 24,576 PerlMsg.dll
03/20/2006 06:30 PM 61,531 PerlSE.dll
07/16/2006 11:14 AM 6,501 piconv.bat
03/20/2006 06:19 PM 13,634 pl2bat.bat
07/16/2006 11:14 AM 5,310 pl2pm.bat
06/14/2005 03:23 PM 9,543 plexalizer.pl
07/16/2006 11:14 AM 2,894 pod2html.bat
07/16/2006 11:14 AM 11,049 pod2latex.bat
07/16/2006 11:14 AM 20,470 pod2man.bat
07/16/2006 11:14 AM 8,445 pod2text.bat
03/20/2006 06:19 PM 3,893 pod2usage.bat
03/20/2006 06:19 PM 4,280 podchecker.bat
03/20/2006 06:19 PM 3,039 podselect.bat
12/06/2005 04:16 AM 15,130 POST
03/20/2006 06:22 PM 15,548 POST.bat
03/20/2006 06:40 PM 45,461 ppm
03/20/2006 06:41 PM 45,879 ppm.bat
03/20/2006 06:40 PM 45,461 ppm3
03/20/2006 06:40 PM 146,670 ppm3-bin
03/20/2006 06:40 PM 147,088 ppm3-bin.bat
07/16/2006 11:14 AM 104 ppm3-bin.cfg
03/20/2006 06:41 PM 45,879 ppm3.bat
07/16/2006 11:14 AM 9,955 prove.bat
07/16/2006 11:14 AM 55,398 psed.bat
07/16/2006 11:14 AM 38,375 pstruct.bat
10/10/2005 02:22 AM 2,732 ptar
03/20/2006 06:29 PM 3,150 ptar.bat
08/22/2005 02:25 AM 1,651 ptardiff
03/20/2006 06:29 PM 2,069 ptardiff.bat
03/17/2004 01:30 PM 7,623 ptked
03/20/2006 06:40 PM 8,041 ptked.bat
07/27/2003 08:23 AM 18,127 ptksh
03/20/2006 06:40 PM 18,545 ptksh.bat
03/20/2006 06:23 PM 4,915 reloc_perl
03/20/2006 06:23 PM 5,333 reloc_perl.bat
03/20/2006 06:19 PM 2,434 runperl.bat
07/16/2006 11:14 AM 55,398 s2p.bat
03/20/2006 06:19 PM 57,030 search.bat
03/20/2006 06:28 PM 3,286 SOAPsh.bat
06/14/2002 10:15 AM 2,868 SOAPsh.pl
07/16/2006 11:14 AM 18,426 splain.bat
03/20/2006 06:28 PM 1,144 stubmaker.bat
07/18/2001 02:09 PM 726 stubmaker.pl
02/28/2004 09:10 AM 1,475 tkjpeg
03/20/2006 06:40 PM 1,893 tkjpeg.bat
02/28/2004 08:35 AM 19,499 widget
03/20/2006 06:39 PM 19,917 widget.bat
03/20/2006 05:55 PM 45,135 wperl.exe
03/20/2006 06:28 PM 3,289 XMLRPCsh.bat
06/14/2002 10:15 AM 2,871 XMLRPCsh.pl
07/16/2006 11:14 AM 54,161 xsubpp.bat
103 File(s) 2,845,594 bytes
2 Dir(s) 1,220,337,664 bytes free

C:\>

im trying to use the script in the example to make things easier for the test so the path @ the top is #!/usr/bin/perl -w is this wrong? sorry if thes questions sound a bit stupid but everyone learns somewhere i guess thanks in advance Zipper.

+++++++++
problem soved i thought i'd keep the post and let people know how i fixed it thnx alot guys you have been a great help i will be posting and helping as much as i can on this cool community it has taken me the best part of half a year or so to get this right finally i have
+++++++++

typed:cd\ - brings up c:\> prompt
typed:dir - did not see perl.exe so i reinstalled to c:\ not c:\perl (thnx waraxe)
reinstalled to c:\>
typed:cd\ - brings up c:\> prompt
typed:cd\bin - brings up c:\bin> prompt
typed:perl.exe exploit.pl
:RESULT:
Code:
|***********************************************************|
r57phpbb.pl
phpBB v<=2.06 search_id sql injection exploit (POC version)
by RusH security team // www.rsteam.ru , http://rst.void.ru
coded by f3sy1 & 1dt.w0lf // 16/12/2003
Usage: r57phpbb-poc.pl <server> <folder> <user_id> <search_id>
e.g.: r57phpbb-poc.pl 127.0.0.1 phpBB2 2 2
[~] <server> - server ip
[~] <folder> - forum folder
[~] <user_id> - user id (2 default for phpBB admin)
[~] <search_id> - play with this value for results
|***********************************************************|

I hope this clears up any future problems for anyone with this kind of issue.

one quick question if anyone knows i have a few exploits in my bin now is thier a way to define a folder instead of using the same folder as perl.exe maybe for eg a folder named xploitZ.
View user's profile Send private message
PostPosted: Sun Jul 16, 2006 10:27 pm Reply with quote
subzero
Valuable expert
Valuable expert
Joined: Mar 16, 2005
Posts: 42




take a look at
http://kisobox.com/area52.php might give u extra info
View user's profile Send private message Visit poster's website
PostPosted: Sun Jul 16, 2006 11:13 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




subzero wrote:
take a look at
http://kisobox.com/area52.php might give u extra info


Nice videos, subzero! Smile
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Sun Dec 16, 2007 8:40 pm Reply with quote
AiFarSeNi
Beginner
Beginner
Joined: Dec 16, 2007
Posts: 1




some of perl says:

Code:
C:\perl1>perl exploit.pl
Can't exec /usr/bin/php at exploit.pl line 1.


what is the problemm ?
View user's profile Send private message
PostPosted: Wed Dec 19, 2007 6:37 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




AiFarSeNi wrote:
some of perl says:

Code:
C:\perl1>perl exploit.pl
Can't exec /usr/bin/php at exploit.pl line 1.


what is the problemm ?


Please give more details!
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Fri Dec 28, 2007 6:40 am Reply with quote
y3dips
Valuable expert
Valuable expert
Joined: Feb 25, 2005
Posts: 281
Location: Indonesia




AiFarSeNi wrote:
some of perl says:

Code:
C:\perl1>perl exploit.pl
Can't exec /usr/bin/php at exploit.pl line 1.


what is the problemm ?



install and define your php path,
thats what the error tell you about

_________________
IO::y3dips->new(http://clog.ammar.web.id);
View user's profile Send private message Visit poster's website Yahoo Messenger
PostPosted: Tue Oct 28, 2008 9:09 am Reply with quote
mattoni
Active user
Active user
Joined: Oct 26, 2008
Posts: 34
Location: United Kingdom




i have downloaded For linux users - http://downloads.activestate.com/ActivePerl/Linux/5.8/ActivePerl-5.8.8.817-i686-linux-2.2.17-gcc-257965.tar.gz

then i created newfolder in c:\ and i gave name (perl) for this folder.

then i puted the file which i downloded from the link above to this folder.

then i made a copy past of exploit (2.3.5 Multiple Vulnerabilities) in notepad.

i named the file as 2.3.5 Multiple Vulnerabilities.pl

then i saved the file in perl folder .

then i started with Cd

i had this massage.... What is my mistake please ?


[/img]
View user's profile Send private message
PostPosted: Tue Oct 28, 2008 10:59 am Reply with quote
overcheckin
Beginner
Beginner
Joined: Sep 17, 2008
Posts: 3




Windows Terminal doesn't like spaces in file names

try renaming it or run it within double quotes

eg "2.3.5 Multiple Vulnerabilities.pl"
View user's profile Send private message
PostPosted: Tue Oct 28, 2008 11:21 am Reply with quote
mattoni
Active user
Active user
Joined: Oct 26, 2008
Posts: 34
Location: United Kingdom




Just i need to be sure for this step.>>> i am using winXP , So What i should download ?

Code:
You guys can download Active Perl for free from here - http://downloads.activestate.com/ActivePerl/Windows/5.8/ActivePerl-5.8.8.817-MSWin32-x86-257965.zip


or
Code:

For linux users - http://downloads.activestate.com/ActivePerl/Linux/5.8/ActivePerl-5.8.8.817-i686-linux-2.2.17-gcc-257965.tar.gz


i have downloded from linux user Shocked , is it correct ?
View user's profile Send private message
PostPosted: Tue Oct 28, 2008 11:28 am Reply with quote
overcheckin
Beginner
Beginner
Joined: Sep 17, 2008
Posts: 3




its plain obvious

running xp = perl windows package!
runnng linux= perl linux package!
View user's profile Send private message
PostPosted: Tue Oct 28, 2008 11:37 am Reply with quote
mattoni
Active user
Active user
Joined: Oct 26, 2008
Posts: 34
Location: United Kingdom




Wink step by step i will learn more.

thank you overcheckin

so i have to delete the file and replace it by the other for xp.

thanks again
View user's profile Send private message
Tutorial how to use exploits!!!
www.waraxe.us Forum Index -> Perl
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 2
Goto page 1, 2Next
Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.048 Seconds