hello after makehaving made THCrealbad xxx.xxx.xxx.xxx 1 or 2 that is necessary you it to make to have Shell because I have make nc xxx.xxx.xxx.xxx 31337 but nothing occurs I espere that you will be able to help me thank you

Yeah when you scan for port 554, you come up with a bunch of vuln. real servers.
So you will definetly come across older versions of real which aren't supported by the exploit.
Hope that might clear up something.
-ddrj

it only hack realserver 8 and 9....but I,ve yet to have a shell on 9.....

well i have tried a few (win32)'s of version 8 and 9, but NOPE... no shell

Me2! I codet a scanner scans over 10000 IPS got 100 Vulns!
But noone of these Results i got a shell!
And i say MY SCANNER WORKS! Just the exploit doesnt work!
My scanner scans for RealServer 7.8.9 on any os!

I'm still trying cause i dont wanna give up but still no shell here guys

This night I scanned for port 554 got 200kb results in a .txt thats like 3000 ip's I think

I checked them all but when I do nc xxx.xxx.xxx.xxx 31337 it just closes

anyone who fixed this ?

wenn i connect with nc i got ever this shit error:

Warning: forward host lookup failed for TCREALSERVER: h_errno 11001: HOST_NOT_FO
UND
TCREALSERVER [xxx.xx.xxx.xx] 31337 (?): connection refused

can you share your scanner program maZer`- with the rest of us?

thanks

who's good a good exploit?

I'm also getting "connection refused"

someone refresh my memory...

<nc.exe ip port>?
is that how u do netcat?

nc.exe -v <ip> <port>

@axlxa

try the next ip, not every vuln is hackable!

Goot Luck!

i got shell guys but only on windows systems and the shell is not as a root x/

i already had a few shells working on realserver 8 win32...the main problem is that the port 31337 is a well known door used by another backdoor worm so most firewalls and ISPs automatically block this door making it stealth or just refusing access to it..

maybe someone could code an exploit that would spawn the shell on another door less known as the 31337 ("eleet"..) door

I allways rescan the vuln's found with Nmap to see if they are firewalled and if so just forget ure shell


Greetz Imps2

To those who can't get a shell...you have to be patient and keep trying more IPs. If you dont get a shell on a certain IP, it's no good trying to exploit it again and again! It's probably firewalled. N-E-X-T I-P!

i've got only 2 win shells so far...scanned half the world LOL,btw,i tryed to shell up a lnx realserver (from win),i get some [open] (good ones...),but after that,i cant see anything,so no root,no dir,just nothing...there is a trick so hax lnx real's using a win machine?

paste links for ya scanners

Getting results from this is no problem.
Although I don't know how to secure the boxes afterwards.
Anyone have any idea's ?

ive got a few win shells and one linux
and to answer a cople of q:
once in a linux shell u need to type the following so u wont get kicked by the box
(when u see [open] but no shell yet):
ps -ef | grep -i rmserver
and then look for the first master pid and type:
kill -9 <master pid of rmserver>
if lucky u should get a shell

and an idea about securing it... run an ftp on port 31337 so when u try to connect via netcat it will connect u to the ftp instead of the exploit (it works)

sry for bringing an old thread up but im not sure if this exploit is dead or not

Where can i find scanner for real server ?

-Conection refused ,
means something ( a firewall or a configured ACL ) is protecting that network .
that device/software deny ur access to the port , even if the exploit-code
do the job.
u should edit ur code , so it drop shell to a non-filtered port .
i suggest using firewalk to determine....

the code worked for me soooo many times....but i donnow wich code ur
useing.

im a real noob at programming so maybe someone can plz post the edited code to change the port from 31337 to something else? or directions on how to do that will be helpful too