Follow us on Twitter!
It is never to LATE to become what you never WERE.
Thursday, April 17, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 20
Guests Online: 17
Members Online: 3

Registered Members: 82822
Newest Member: TheBunter
Latest Articles
View Thread

HellBound Hackers | Computer General | Hacking in general

Page 1 of 2 1 2 >
Author

Exploits!

Demons Halo
Member



Posts: 261
Location: Sweden
Joined: 26.03.09
Rank:
Apprentice
Posted on 28-06-09 10:41
Hi.
I just googled this list of exploits Expliots.txt.
Can any of you more experienced guys take a look at it and tell me in case it's outdated? I'm planning on making a python program that checks a certain sites for all the exploits in this list... But before I do, I need to know in case some of these actually works Pfft


here comes 2 more:

L2_ex_list.txt
Exploit_List.txt




Edited by Demons Halo on 28-06-09 12:48
base_dropper@hotmail.com www.demonshalo.com
Author

RE: Exploits!

pimpim
Member



Posts: 45
Location: Reading your /etc/shadow
Joined: 26.10.08
Rank:
Newbie
Posted on 28-06-09 11:36
Some might still work, for example the Frontpage Extensions Exploits, but a lot of them are old CGI-scripts and stuff...

Also, many of the exploits are exploits for old php3 scripts, the current version of PHP is 5.2.10 wich says some about the age of that list Wink


www.hellboundhackers.org/sig/c/34966/blow me.png

Edited by pimpim on 28-06-09 11:42
sa.backman@hotmail.com
Author

RE: Exploits!

Demons Halo
Member



Posts: 261
Location: Sweden
Joined: 26.03.09
Rank:
Apprentice
Posted on 28-06-09 12:28
yeah it is old indeed Pfft that's why I wanted people to check it out xD


base_dropper@hotmail.com www.demonshalo.com
Author

RE: Exploits!


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-06-09 13:03
Why not exploit the places you want yourself? I Realy think thats an good idea Smile


Author

RE: Exploits!

KvK
Member



Posts: 94
Location: EIP‭‮
Joined: 17.01.09
Rank:
Apprentice
Posted on 28-06-09 16:51
If you need a list of vulnerabilities, OWASP has a great one that has helped me several times in the past. There is a page for each attack consisting of a brief summary as well as examples of it's use. Check it out.

http://www.owasp.. . .ory:Attack

I'll post the list below for everyone to see.
(Yes, even those of you who were too lazy to click the link.)

Code
    * Account lockout attack
    * Argument Injection or Modification
    * Asymmetric resource consumption (amplification)
    * Blind SQL Injection
    * Blind XPath Injection
    * Brute force attack
    * Buffer overflow attack
    * CSRF
    * Cache Poisoning
    * Code Injection
    * Command Injection
    * Comment Injection Attack
    * Cross Site Tracing
    * Cross-Site Request Forgery (CSRF)
    * Cross-User Defacement
    * Cross-site Scripting (XSS)
    * Cryptanalysis
    * Custom Special Character Injection
    * Denial of Service
    * Direct Dynamic Code Evaluation ('Eval Injection')
    * Direct Static Code Injection
    * Double Encoding
    * Forced browsing
    * Format string attack
    * Full Path Disclosure
    * HTTP Request Smuggling
    * HTTP Response Splitting
    * LDAP injection
    * Man-in-the-browser attack
    * Man-in-the-middle attack
    * Mobile code: invoking untrusted mobile code
    * Mobile code: non-final public field
    * Mobile code: object hijack
    * Network Eavesdropping
    * One-Click Attack
    * Overflow Binary Resource File
    * Page Hijacking
    * Parameter Delimiter
    * Path Manipulation
    * Path Traversal
    * Relative Path Traversal
    * Repudiation Attack
    * Resource Injection
    * SQL Injection
    * Server-Side Includes (SSI) Injection
    * Session Prediction
    * Session fixation
    * Session hijacking attack
    * Setting Manipulation
    * Special Element Injection
    * Spyware
    * Traffic flood
    * Trojan Horse
    * Unicode Encoding
    * Web Parameter Tampering
    * XPATH Injection
    * XSRF







Edited by KvK on 28-06-09 16:52
Author

RE: Exploits!

Demons Halo
Member



Posts: 261
Location: Sweden
Joined: 26.03.09
Rank:
Apprentice
Posted on 28-06-09 18:10
I love the site...
Sites like this are so awesome when it comes to explaining the vulnerability
thnx a lot for the link =D

:happy:




Edited by Demons Halo on 28-06-09 21:11
base_dropper@hotmail.com www.demonshalo.com
Author

RE: Exploits!

KvK
Member



Posts: 94
Location: EIP‭‮
Joined: 17.01.09
Rank:
Apprentice
Posted on 28-06-09 18:31
No problem. Good luck with your web exploitation program. :happy:


Author

RE: Exploits!

ranma
Member



Posts: 273
Location: Behind a sphere
Joined: 27.08.05
Rank:
Active User
Posted on 29-06-09 01:18
Avlid wrote:
Why not exploit the places you want yourself? I Realy think thats an good idea Smile


1) It can be offered to a 3rd party to test their own website
2) Experience
3) A perfunctory check on a website before you go in and do stuff yourself


Wisdom spared is wisdom squared.
Author

RE: Exploits!

Demons Halo
Member



Posts: 261
Location: Sweden
Joined: 26.03.09
Rank:
Apprentice
Posted on 29-06-09 11:39
ranma wrote:
Avlid wrote:
Why not exploit the places you want yourself? I Realy think thats an good idea Smile


1) It can be offered to a 3rd party to test their own website
2) Experience
3) A perfunctory check on a website before you go in and do stuff yourself


indeed =D

trying all those exploits by hand would take you ages!


base_dropper@hotmail.com www.demonshalo.com
Author

RE: Exploits!


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 29-06-09 12:28
ranma wrote:
Avlid wrote:
Why not exploit the places you want yourself? I Realy think thats an good idea Smile


1) It can be offered to a 3rd party to test their own website
2) Experience
3) A perfunctory check on a website before you go in and do stuff yourself


Okey, good point Smile


Author

RE: Exploits!

Demons Halo
Member



Posts: 261
Location: Sweden
Joined: 26.03.09
Rank:
Apprentice
Posted on 29-06-09 12:43
The lists I posted are a big outdates, yes I know Pfft But it scrolling through them made me wonder, is there many sites that still uses CGI?


From webopedia.com
A CGI program is any program designed to accept and return data that conforms to the CGI specification. The program could be written in any programming language, including C, Perl, Java, or Visual Basic.


I don't know if this is true but from what I've noticed web-developers now a days build their sites using PHP/ASP/.NET & SQL etc. It's really rare to see a site with a CGI directory anymore... Am I blind or is it truly so?



base_dropper@hotmail.com www.demonshalo.com
Author

RE: Exploits!

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 29-06-09 12:56
Demons Halo wrote:
I don't know if this is true but from what I've noticed web-developers now a days build their sites using PHP/ASP/.NET & SQL etc. It's really rare to see a site with a CGI directory anymore... Am I blind or is it truly so?


Perl is frequently used.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: Exploits!

Demons Halo
Member



Posts: 261
Location: Sweden
Joined: 26.03.09
Rank:
Apprentice
Posted on 29-06-09 14:24
spyware wrote:
Demons Halo wrote:
I don't know if this is true but from what I've noticed web-developers now a days build their sites using PHP/ASP/.NET & SQL etc. It's really rare to see a site with a CGI directory anymore... Am I blind or is it truly so?


Perl is frequently used.


I see Smile

well I've compiled a list that contains many "url exploits". Now I was thinking of making a script that takes in every line in that list and tries it next to the site name. EX:

Site: www.hellboundhackers.org
First line: /.htaccess
Python tries: www.hellboundhackers.org/.htaccess

When python tries that url, some response will come back ofc. It might be: access denied or file not found etc.
What is the best way to sort through all those "bad responces" capturing the ones I could use? as you know there could be hundreds of different responses, so I can't tell python which ones to keep by hand. Is there some built in way to sort through such stuff?

cheers


base_dropper@hotmail.com www.demonshalo.com
Author

RE: Exploits!

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 29-06-09 14:29
Demons Halo wrote:
When python tries that url, some response will come back ofc. It might be: access denied or file not found etc.
What is the best way to sort through all those "bad responces" capturing the ones I could use? as you know there could be hundreds of different responses, so I can't tell python which ones to keep by hand. Is there some built in way to sort through such stuff?

cheers


Anything but 404 is interesting.

Also, if you're serious about making a Nessus-like scanner, be prepared for years of research before you can even attempt something like this. If you want to produce a useful scanner, that is.

I doubt you know what you have to know to build this thing.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: Exploits!

Demons Halo
Member



Posts: 261
Location: Sweden
Joined: 26.03.09
Rank:
Apprentice
Posted on 29-06-09 14:38
I doubt you know what you have to know to build this thing.


So do I Pfft Although it's something fun to do, even if I don't get it right, I'll for sure learn more about a library or 2 ^^

besides, now that you mention it, all I need to do is isolate stuff like 404's and write the rest into a file. It seems so easy when I think about it, but I'm sure it will be a lot harder ;P

If you have some tips, don't hesitate!



base_dropper@hotmail.com www.demonshalo.com
Author

RE: Exploits!


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 29-06-09 15:43
I. Feel a another fuzzer script coming Pfft .


Author

RE: Exploits!

ranma
Member



Posts: 273
Location: Behind a sphere
Joined: 27.08.05
Rank:
Active User
Posted on 29-06-09 17:25
spyware wrote:
I doubt you know what you have to know to build this thing.


Hehe, that could be said for any coding project. But just doing it gives you tons of experience and a script to base future things off of.


Wisdom spared is wisdom squared.
Author

RE: Exploits!

Demons Halo
Member



Posts: 261
Location: Sweden
Joined: 26.03.09
Rank:
Apprentice
Posted on 29-06-09 20:21
S1L3NTKn1GhT wrote:
I. Feel a another fuzzer script coming Pfft .


to be honest I did not know what the word fuzzer means so i googled it:

A program used to generate random "fuzz" for testing purposes.

I must say THANKS! I found some useful stuff googling that word up Grin so far everything I found indicates that all I need to do is find a fast way to request a certain URL with the exploit from my list, filter the undesired ones, and saving the possible explots into a new file ^^

sounds like a fun project Pfft

@ranma:
exactly!!!
I like you Grin let's get married (L)


base_dropper@hotmail.com www.demonshalo.com
Author

RE: Exploits!

ranma
Member



Posts: 273
Location: Behind a sphere
Joined: 27.08.05
Rank:
Active User
Posted on 29-06-09 20:43
:love: How did you know I was single?


Wisdom spared is wisdom squared.
Author

RE: Exploits!

Demons Halo
Member



Posts: 261
Location: Sweden
Joined: 26.03.09
Rank:
Apprentice
Posted on 29-06-09 21:28
ranma wrote:
:love: How did you know I was single?


I just know *pervert smile*

On topic:
The script is ready, but there seems to be one tiny little problem! in a smaller exploit list (like 20-30 items) the script runes decently fast, but when I use the big list (LOTS OF ITEMS Pfft) python does not respond xD
Now I was expecting this so the question is: should I set a low time out? or is there a way to make the script check if a certain URL exists REALLY FAST?

:ninja:


base_dropper@hotmail.com www.demonshalo.com
Page 1 of 2 1 2 >