Login or Register :: Home :: Search :: Your Account :: Forums :: Waraxe Advisories :: Tools :: November 17, 2024 Menu Home Logout Discussions Forums Members List IRC chat Tools Base64 coder MD5 hash CRC32 checksum ROT13 coder SHA-1 hash URL-decoder Sql Char Encoder Affiliates y3dips ITsec Md5 Cracker User Manuals AlbumNow Content Content Sections FAQ Top Info Feedback Recommend Us Search Journal Your Account User Info Welcome, Anonymous Nickname Password (Register) Membership: Latest: MichaelSnaRe New Today: 0 New Yesterday: 0 Overall: 9144 People Online: Visitors: 73 Members: 0 Total: 73 Full disclosure SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879) Security issue in the TX Text Control .NET Server for ASP.NET. SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater Unsafe eval() in TestRail CLI 4 vulnerabilities in ibmsecurity 32 vulnerabilities in IBM Security Verify Access xlibre Xnest security advisory & bugfix releases APPLE-SA-10-29-2024-1 Safari 18.1 SEC Consult SA-20241030-0 :: Query Filter Injection in Ping Identity PingIDM (formerly known as ForgeRock Identity Management) (CVE-2024-23600) SEC Consult SA-20241023-0 :: Authenticated Remote Code Execution in Multiple Xerox printers (CVE-2024-6333) APPLE-SA-10-28-2024-8 visionOS 2.1 APPLE-SA-10-28-2024-7 tvOS 18.1 APPLE-SA-10-28-2024-6 watchOS 11.1 APPLE-SA-10-28-2024-5 macOS Ventura 13.7.1 APPLE-SA-10-28-2024-4 macOS Sonoma 14.7.1 IT Security and Insecurity Portal www.waraxe.us Forum Index -> Perl -> Tutorial how to use exploits!!! Goto page 1, 2Next View previous topic :: View next topic Tutorial how to use exploits!!! Posted: Tue Jul 11, 2006 12:58 pm superninja Active user Joined: Jul 03, 2006 Posts: 38 :::FOR Newbies like me::: FIRST OF ALL YOU NEED ACTIVE PERL ***************************************** You guys can download Active Perl for free from here - http://downloads.activestate.com/ActivePerl/Windows/5.8/ActivePerl-5.8.8.817-MSWin32-x86-257965.zip For linux users - http://downloads.activestate.com/ActivePerl/Linux/5.8/ActivePerl-5.8.8.817-i686-linux-2.2.17-gcc-257965.tar.gz ****************************************** 1.ok first go to exploit page,i'll chose this exploit for phpbb 2.0.6 -> http://www.milw0rm.com/id.php?id=137 --------------------------------- 2.Now press CTRL+A to select all text then CTRL+C to copy it. --------------------------------- 3.Open notepad and press CTRL+V to paste the text,now in notepad go to File -> Save As... and save it with exploitname.pl in C:\Perl\ .Dont forget the .pl after the name!. --------------------------------- (Your Perl must be installed in C:\) 4.Now open 'cmd' and type 'cd\' without the quotes,then 'cd perl' without the quotes then 'perl exploitname.pl' without the quotes again. --------------------------------- 5.Now some text will appear.If you use the phpbb 2.0.6 exploit this text will appear: Code: **************************************************************** r57phpbb.pl\n"; phpBB v<=2.06 search_id sql injection exploit (POC version) by RusH security team // www.rsteam.ru , http://rst.void.ru coded by f3sy1 & 1dt.w0lf // 16/12/2003\n"; Usage: r57phpbb-poc.pl <server> <folder> <user_id> <search_id> e.g.: r57phpbb-poc.pl 127.0.0.1 phpBB2 2 2 [~] <server> - server ip [~] <folder> - forum folder [~] <user_id> - user id (2 default for phpBB admin) [~] <search_id> - play with this value for results **************************************************************** 6.Now enter this -> perl exploitname.pl hostIP forumfolder userid somenumber Then press enter Created by superninja from http://uphacks.com/ Visit www.UpHacks.com Last edited by superninja on Tue Jul 11, 2006 9:55 pm; edited 2 times in total Posted: Tue Jul 11, 2006 8:13 pm waraxe Site admin Joined: May 11, 2004 Posts: 2407 Location: Estonia, Tartu Good tutorial, only one little mistake - pasting hotkey is "CTRL+V", if I remember right. And you can share your Activeperl installing experiences - from where to download and did install go smoothly a little nudge in the right direction :) Posted: Sat Jul 15, 2006 3:15 pm Zipper_ Active user Joined: Aug 03, 2005 Posts: 29 i followed your installation advice to a (T) i type cd\ then cd perl everything ok then i type perl exploitname.pl it pops up ina notepad instead of executing if i did something wrong please let me know ive been trying to execute perl scripts for just over a year now with not much luck so thanks in advance Zipper. Re: a little nudge in the right direction :) Posted: Sat Jul 15, 2006 3:24 pm waraxe Site admin Joined: May 11, 2004 Posts: 2407 Location: Estonia, Tartu Zipper_ wrote: i followed your installation advice to a (T) i type cd\ then cd perl everything ok then i type perl exploitname.pl it pops up ina notepad instead of executing if i did something wrong please let me know ive been trying to execute perl scripts for just over a year now with not much luck so thanks in advance Zipper. After you have installed ActivePerl on windows computer 1. open command prompt 2. navigate to Perl folder, bin subfolder ("cd" commands) Now, if you make "dir" command, you must able to see "perl.exe" 3. If you see perl.exe in dir listing, then issue command "perl -help". You must see now help text. 4. issue command "perl exploit.pl" - exploit must be executed. And by the way, exploit file must be in same folder as perl.exe If you still get notepad opened, then something is very wrong Of course, things are ALOT easier, if your computer has configured valid PATH parameter to perl.exe ... In this case you can run perl scripts from any place. Re: a big nudge in the right direction :) Posted: Sun Jul 16, 2006 3:43 am Zipper_ Active user Joined: Aug 03, 2005 Posts: 29 Quote: After you have installed ActivePerl on windows computer 1. open command prompt 2. navigate to Perl folder, bin subfolder ("cd" commands) Now, if you make "dir" command, you must able to see "perl.exe" 3. If you see perl.exe in dir listing, then issue command "perl -help". You must see now help text. 4. issue command "perl exploit.pl" - exploit must be executed. And by the way, exploit file must be in same folder as perl.exe If you still get notepad opened, then something is very wrong Of course, things are ALOT easier, if your computer has configured valid PATH parameter to perl.exe ... In this case you can run perl scripts from any place. Sorry for the long post but i thought id show you so you could let me know whats what: Code: Directory of C:\ 05/22/2006 08:59 AM 0 AUTOEXEC.BAT 07/16/2006 11:13 AM <DIR> bin 05/22/2006 08:59 AM 0 CONFIG.SYS 05/22/2006 09:05 AM <DIR> Documents and Settings 07/16/2006 11:13 AM <DIR> eg 07/16/2006 10:53 AM 2,910 exploit.pl 07/16/2006 11:25 AM <DIR> html 05/29/2006 01:37 PM <DIR> Inetpub 07/16/2006 11:15 AM <DIR> lib 07/11/2006 11:12 AM <DIR> Program Files 07/16/2006 11:14 AM <DIR> site 07/11/2006 11:23 AM <DIR> WINDOWS 4 File(s) 12,426 bytes 9 Dir(s) 1,220,337,664 bytes free C:\>dir bin Volume in drive C is Eye Volume Serial Number is xxxx-xxxx Directory of C:\bin 07/16/2006 11:13 AM <DIR> . 07/16/2006 11:13 AM <DIR> .. 03/20/2006 05:55 PM 86,098 a2p.exe 07/16/2006 11:14 AM 38,375 c2ph.bat 02/03/2005 06:33 PM 5,449 config.pl 02/27/2005 09:19 PM 481 configPPM3.pl 07/16/2006 11:14 AM 4,458 cpan.bat 07/13/2001 11:43 AM 647 crc32 03/20/2006 06:29 PM 1,065 crc32.bat 01/01/2003 11:43 AM 107 decode-base64 03/20/2006 06:41 PM 525 decode-base64.bat 01/01/2003 11:33 AM 104 decode-qp 03/20/2006 06:41 PM 522 decode-qp.bat 03/20/2006 06:19 PM 25,409 dprofpp.bat 07/16/2006 11:14 AM 39,873 enc2xs.bat 01/01/2003 07:21 PM 248 encode-base64 03/20/2006 06:41 PM 666 encode-base64.bat 01/01/2003 11:32 AM 104 encode-qp 03/20/2006 06:41 PM 522 encode-qp.bat 03/20/2006 06:19 PM 3,265 exetype.bat 07/16/2006 11:14 AM 25,414 find2perl.bat 06/21/2005 09:07 AM 9,331 gedi 03/20/2006 06:40 PM 9,749 gedi.bat 12/06/2005 04:16 AM 15,130 GET 03/20/2006 06:22 PM 15,548 GET.bat 07/16/2006 11:14 AM 28,662 h2ph.bat 07/16/2006 11:14 AM 62,621 h2xs.bat 12/06/2005 04:16 AM 15,130 HEAD 03/20/2006 06:22 PM 15,548 HEAD.bat 02/14/2006 03:01 PM 2,686 IISScriptMap.pl 06/26/2005 12:42 PM 1,440 IISVirtualDir.pl 07/16/2006 11:14 AM 4,860 instmodsh.bat 07/16/2006 11:14 AM 16,857 libnetcfg.bat 12/11/2004 06:03 AM 8,772 lwp-download 03/20/2006 06:22 PM 9,190 lwp-download.bat 04/10/2004 12:54 PM 2,513 lwp-mirror 03/20/2006 06:22 PM 2,931 lwp-mirror.bat 12/06/2005 04:16 AM 15,130 lwp-request 03/20/2006 06:22 PM 15,548 lwp-request.bat 04/10/2004 12:54 PM 15,643 lwp-rget 03/20/2006 06:22 PM 16,061 lwp-rget.bat 03/20/2006 05:55 PM 45,135 perl.exe 03/20/2006 05:55 PM 45,135 perl5.8.8.exe 03/20/2006 05:55 PM 802,897 perl58.dll 07/16/2006 11:14 AM 40,528 perlbug.bat 07/16/2006 11:14 AM 19,015 perlcc.bat 07/16/2006 11:14 AM 647 perldoc.bat 03/20/2006 06:30 PM 126,813 PerlEx30.dll 11/07/2001 09:40 AM 182 PerlExOverLimit.txt 03/20/2006 06:30 PM 36,955 PerlEz.dll 03/20/2006 06:19 PM 1,642 perlglob.bat 03/20/2006 05:53 PM 16,467 perlglob.exe 03/20/2006 06:30 PM 32,863 perlis.dll 07/16/2006 11:14 AM 12,782 perlivp.bat 03/20/2006 06:30 PM 24,576 PerlMsg.dll 03/20/2006 06:30 PM 61,531 PerlSE.dll 07/16/2006 11:14 AM 6,501 piconv.bat 03/20/2006 06:19 PM 13,634 pl2bat.bat 07/16/2006 11:14 AM 5,310 pl2pm.bat 06/14/2005 03:23 PM 9,543 plexalizer.pl 07/16/2006 11:14 AM 2,894 pod2html.bat 07/16/2006 11:14 AM 11,049 pod2latex.bat 07/16/2006 11:14 AM 20,470 pod2man.bat 07/16/2006 11:14 AM 8,445 pod2text.bat 03/20/2006 06:19 PM 3,893 pod2usage.bat 03/20/2006 06:19 PM 4,280 podchecker.bat 03/20/2006 06:19 PM 3,039 podselect.bat 12/06/2005 04:16 AM 15,130 POST 03/20/2006 06:22 PM 15,548 POST.bat 03/20/2006 06:40 PM 45,461 ppm 03/20/2006 06:41 PM 45,879 ppm.bat 03/20/2006 06:40 PM 45,461 ppm3 03/20/2006 06:40 PM 146,670 ppm3-bin 03/20/2006 06:40 PM 147,088 ppm3-bin.bat 07/16/2006 11:14 AM 104 ppm3-bin.cfg 03/20/2006 06:41 PM 45,879 ppm3.bat 07/16/2006 11:14 AM 9,955 prove.bat 07/16/2006 11:14 AM 55,398 psed.bat 07/16/2006 11:14 AM 38,375 pstruct.bat 10/10/2005 02:22 AM 2,732 ptar 03/20/2006 06:29 PM 3,150 ptar.bat 08/22/2005 02:25 AM 1,651 ptardiff 03/20/2006 06:29 PM 2,069 ptardiff.bat 03/17/2004 01:30 PM 7,623 ptked 03/20/2006 06:40 PM 8,041 ptked.bat 07/27/2003 08:23 AM 18,127 ptksh 03/20/2006 06:40 PM 18,545 ptksh.bat 03/20/2006 06:23 PM 4,915 reloc_perl 03/20/2006 06:23 PM 5,333 reloc_perl.bat 03/20/2006 06:19 PM 2,434 runperl.bat 07/16/2006 11:14 AM 55,398 s2p.bat 03/20/2006 06:19 PM 57,030 search.bat 03/20/2006 06:28 PM 3,286 SOAPsh.bat 06/14/2002 10:15 AM 2,868 SOAPsh.pl 07/16/2006 11:14 AM 18,426 splain.bat 03/20/2006 06:28 PM 1,144 stubmaker.bat 07/18/2001 02:09 PM 726 stubmaker.pl 02/28/2004 09:10 AM 1,475 tkjpeg 03/20/2006 06:40 PM 1,893 tkjpeg.bat 02/28/2004 08:35 AM 19,499 widget 03/20/2006 06:39 PM 19,917 widget.bat 03/20/2006 05:55 PM 45,135 wperl.exe 03/20/2006 06:28 PM 3,289 XMLRPCsh.bat 06/14/2002 10:15 AM 2,871 XMLRPCsh.pl 07/16/2006 11:14 AM 54,161 xsubpp.bat 103 File(s) 2,845,594 bytes 2 Dir(s) 1,220,337,664 bytes free C:\> im trying to use the script in the example to make things easier for the test so the path @ the top is #!/usr/bin/perl -w is this wrong? sorry if thes questions sound a bit stupid but everyone learns somewhere i guess thanks in advance Zipper. +++++++++ problem soved i thought i'd keep the post and let people know how i fixed it thnx alot guys you have been a great help i will be posting and helping as much as i can on this cool community it has taken me the best part of half a year or so to get this right finally i have +++++++++ typed:cd\ - brings up c:\> prompt typed:dir - did not see perl.exe so i reinstalled to c:\ not c:\perl (thnx waraxe) reinstalled to c:\> typed:cd\ - brings up c:\> prompt typed:cd\bin - brings up c:\bin> prompt typed:perl.exe exploit.pl :RESULT: Code: |***********************************************************| r57phpbb.pl phpBB v<=2.06 search_id sql injection exploit (POC version) by RusH security team // www.rsteam.ru , http://rst.void.ru coded by f3sy1 & 1dt.w0lf // 16/12/2003 Usage: r57phpbb-poc.pl <server> <folder> <user_id> <search_id> e.g.: r57phpbb-poc.pl 127.0.0.1 phpBB2 2 2 [~] <server> - server ip [~] <folder> - forum folder [~] <user_id> - user id (2 default for phpBB admin) [~] <search_id> - play with this value for results |***********************************************************| I hope this clears up any future problems for anyone with this kind of issue. one quick question if anyone knows i have a few exploits in my bin now is thier a way to define a folder instead of using the same folder as perl.exe maybe for eg a folder named xploitZ. Posted: Sun Jul 16, 2006 10:27 pm subzero Valuable expert Joined: Mar 16, 2005 Posts: 42 take a look at http://kisobox.com/area52.php might give u extra info Posted: Sun Jul 16, 2006 11:13 pm waraxe Site admin Joined: May 11, 2004 Posts: 2407 Location: Estonia, Tartu subzero wrote: take a look at http://kisobox.com/area52.php might give u extra info Nice videos, subzero! Posted: Sun Dec 16, 2007 8:40 pm AiFarSeNi Beginner Joined: Dec 16, 2007 Posts: 1 some of perl says: Code: C:\perl1>perl exploit.pl Can't exec /usr/bin/php at exploit.pl line 1. what is the problemm ? Posted: Wed Dec 19, 2007 6:37 pm waraxe Site admin Joined: May 11, 2004 Posts: 2407 Location: Estonia, Tartu AiFarSeNi wrote: some of perl says: Code: C:\perl1>perl exploit.pl Can't exec /usr/bin/php at exploit.pl line 1. what is the problemm ? Please give more details! Posted: Fri Dec 28, 2007 6:40 am y3dips Valuable expert Joined: Feb 25, 2005 Posts: 281 Location: Indonesia AiFarSeNi wrote: some of perl says: Code: C:\perl1>perl exploit.pl Can't exec /usr/bin/php at exploit.pl line 1. what is the problemm ? install and define your php path, thats what the error tell you about _________________ IO::y3dips->new(http://clog.ammar.web.id); Posted: Tue Oct 28, 2008 9:09 am mattoni Active user Joined: Oct 26, 2008 Posts: 34 Location: United Kingdom i have downloaded For linux users - http://downloads.activestate.com/ActivePerl/Linux/5.8/ActivePerl-5.8.8.817-i686-linux-2.2.17-gcc-257965.tar.gz then i created newfolder in c:\ and i gave name (perl) for this folder. then i puted the file which i downloded from the link above to this folder. then i made a copy past of exploit (2.3.5 Multiple Vulnerabilities) in notepad. i named the file as 2.3.5 Multiple Vulnerabilities.pl then i saved the file in perl folder . then i started with Cd i had this massage.... What is my mistake please ? [/img] Posted: Tue Oct 28, 2008 10:59 am overcheckin Beginner Joined: Sep 17, 2008 Posts: 3 Windows Terminal doesn't like spaces in file names try renaming it or run it within double quotes eg "2.3.5 Multiple Vulnerabilities.pl" Posted: Tue Oct 28, 2008 11:21 am mattoni Active user Joined: Oct 26, 2008 Posts: 34 Location: United Kingdom Just i need to be sure for this step.>>> i am using winXP , So What i should download ? Code: You guys can download Active Perl for free from here - http://downloads.activestate.com/ActivePerl/Windows/5.8/ActivePerl-5.8.8.817-MSWin32-x86-257965.zip or Code: For linux users - http://downloads.activestate.com/ActivePerl/Linux/5.8/ActivePerl-5.8.8.817-i686-linux-2.2.17-gcc-257965.tar.gz i have downloded from linux user , is it correct ? Posted: Tue Oct 28, 2008 11:28 am overcheckin Beginner Joined: Sep 17, 2008 Posts: 3 its plain obvious running xp = perl windows package! runnng linux= perl linux package! Posted: Tue Oct 28, 2008 11:37 am mattoni Active user Joined: Oct 26, 2008 Posts: 34 Location: United Kingdom step by step i will learn more. thank you overcheckin so i have to delete the file and replace it by the other for xp. thanks again Tutorial how to use exploits!!! www.waraxe.us Forum Index -> Perl You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum All times are GMT Page 1 of 2 Goto page 1, 2Next All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 YearOldest FirstNewest First Select a forumSecurity Research by waraxe----------------General discussionHow to fixMetasploit relatedHash cracking requests----------------MD5 hashesAll other hashesHash related informationhttp://www.waraxe.us portal----------------SuggestionsCooperation proposalsSecurity bugs and issues in general----------------Newbies cornerSql injectionCross-site scripting aka XSSRemote file inclusionFull path disclosureShell commands injectionPhishing and Social EngineeringAll other security holesVarious software----------------PhpNukePostNukePhpBBXMB forumvBulletin BoardInvision Power Boarde107MamboJoomlaXOOPSM$ WindowsLinux worldAll other softwareCoppermine Photo GalleryProgramming languages----------------PhpMySqlPerlJavaJavascriptC and C++Visual BasicBorland Delphi and PascalPythonHTML and XMLAssemblerReverse engineering----------------Newbies cornerDisassemblingPHP script decode requestsMiscellaneous stuff----------------Future of the ITNanotechnologyFun cornerLinksTry2hack sitesProxy databaseDirect Downloads----------------ToolsTutorialsWordlistsRecycle Bin----------------Removed messagesOutdated posts Powered by phpBB © 2001-2008 phpBB Group

Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.062 Seconds