Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How robots and spiders are causing issues, how to stop them. We can also talk about Completely Automated Public Turing Test To Tell Computers And Humans Apart - their use, their compliance issues, porn proxies, PWNtcha and other ways to defeat them. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Worm code
Posted by: SpoofGhost
Date: August 07, 2009 07:59AM

Hi there, its been a while since i've posted something here.

i already appoligize for my bad engish ;p

but as i'm continueing one of my projects i'm asking for some info and help.
i'm curently working on a worm for a very big community site. not to harm but to learn. anyway i manged to find 2 bugs 1 was rather useless and the second one is
use full but quite hard to exploit tho i manged to exploit it anyway ;p.

the problem with that bug is that it exisit on a cashed site i believe! anyway every 4 ~ 10 min i have to send out a request with the payload this is becouse some how the site is lost afther that period of time.

Anyway i made some fancy php script wich does that for me with Curl and cronjobs
also i had to update the link every time i did got a new link from the request
i already knew that it isn't very handy couse if it spreads exponentionaly eventually it will crash the script due to over load. so i tought out someting else. the site is some what stupid as they you can send an email to yourself if you lost your password to recover it so i'm aiming on that weakness in there site.
its easy to change the mail with the xss bug.

the only thing that i now have to do is automaticly login to a email account like hotmail or gmail with curl orso. i already manged to login to gmail but i couln't read out emails that is the problem so does anyone has some code or some explanation or anyting else wich can help me further on reading out the emails from gmail or hotmail or so ever.

anyway if this project is done i will show you my code. its quite alot and i'm sure it can be improved alot as well. but this is actually my first attempt on a
"bot alike code" with php/javascript and xss holes.

I might going to try to create a multiple site xss worm wich will search for weaknesses in other site. i was thinking on using xssed's xss database to search for common bugs in site's to spread it self among other site's as well tho it might be tricky to create such a self coding worm. but this way you could create a worm wich would track down a certain user and gathering info about him.

anyway this sounds very intresting to me becouse i don't think it has done befor and if u ask me the potential for such an attack is there. as there are already xss scanners etc wich can be implemented into a worm to track down new hole's to spread its self to.

yours spoof-ghost.

Options: ReplyQuote
Re: Worm code
Posted by: PaPPy
Date: August 07, 2009 08:41AM

a useful feature of gmail is adding a + symbol before the @ symbol and adding additional text

ex:
email@gmail.com

can now be email+accountID@gmail.com

http://www.xssed.com/archive/author=PaPPy/

Options: ReplyQuote
Re: Worm code
Posted by: SpoofGhost
Date: August 07, 2009 08:55AM

oke thanks, tho it isn't really where i'm looking for i guess. still i'm going to toy with this! anyway the problem is i need to read out the email.

what i'm trying to do is send a prived msg to person x from a friend. with a link in it he clicks on it afther that his email get changed to my email afther that the script will notice my php script that the mail has changed and an email has send to change the fictems password the script will read out the mail and extract the link in that mail to change the password afther that it will change the password and reset the users account to its original form but with the changed password. then the cycle will go on. grab the persons friend list mail all of them and so on tho i might need more email adresses in order to make it work smoot as you can't use 1 email adresses for diffrent accounts so it has to be changed in order to use it to hijack another account.

anyway the only problem is getting the content of the in gmail i will probably be able to fix it but any help that make's it a bit easyer would be nice.

thanks anyway pappy :).

Options: ReplyQuote
Re: Worm code
Posted by: PaPPy
Date: August 07, 2009 09:04AM

right but most sites dont allow the same email adress to be used for 2 accounts ;)
that is why i gave u this tip as i have used it in the past to do such a thing

im sure u have been doing some googleing, but came up with these
http://www.phpclasses.org/blog/package/2/post/1-Process-incoming-email-messages-using-PHP.html

http://www.weberdev.com/get_example-501.html

also if you find a cheap site u can curl to you can have gmail forward all your mail

http://www.xssed.com/archive/author=PaPPy/

Options: ReplyQuote
Re: Worm code
Posted by: SpoofGhost
Date: August 07, 2009 09:15AM

hey thanks man i guess your right :P din't thought of that.
going to look into it and i will definitly show the results here :)

Options: ReplyQuote
Re: Worm code
Posted by: PaPPy
Date: August 07, 2009 09:19AM

/bow
this brings back memories of a site i did this too...

strange they arent around any more

http://www.xssed.com/archive/author=PaPPy/

Options: ReplyQuote
Re: Worm code
Posted by: SpoofGhost
Date: August 07, 2009 04:30PM

sometimes you really have to be creative to make something work but imo those
are the one's wich will provide the moste fun becouse your learn alot from it.

Options: ReplyQuote
Re: Worm code
Posted by: Anonymous User
Date: August 09, 2009 11:19AM

@SpoofGhost: The combination of Mailinator and Dapper is nice - pump the mails into the Mailinator account, scrape the data with Dapper and convert it into an RSS feed. Afterwards subscribe to that feed with Google Reader and you even have it backed up + API access :)

Options: ReplyQuote
Re: Worm code
Posted by: backbone
Date: August 12, 2009 06:12PM

The easiest way would be through the POP3 protocol.
POP3 PHP Class -> http://www.phpclasses.org/browse/file/3.html

---
blog [-] microblog

Options: ReplyQuote
Re: Worm code
Posted by: SpoofGhost
Date: August 14, 2009 04:58AM

hey thanks .mario and backbone, going to look into that a pop3 might also be possible to pull this of. haven't had anytime to work further on the project tho.

Options: ReplyQuote
Re: Worm code
Posted by: PaPPy
Date: August 14, 2009 02:47PM

if u want to collaborate i can try and do up something this weekend

i also have some server space that can be used

http://www.xssed.com/archive/author=PaPPy/

Options: ReplyQuote
Re: Worm code
Posted by: PaPPy
Date: August 14, 2009 08:27PM

.mario Wrote:
-------------------------------------------------------
> @SpoofGhost: The combination of Mailinator and
> Dapper is nice - pump the mails into the
> Mailinator account, scrape the data with Dapper
> and convert it into an RSS feed. Afterwards
> subscribe to that feed with Google Reader and you
> even have it backed up + API access :)


kinda took ur thought and did this
http://pappy.pastebin.com/fefe81cc

it can be edited further, you could even make it for each username have its own mailinator email, and then pump that into a GET variable to run thru the script

i didnt know if you needed to extract the password or an activation link. if you need help with it let me know.

if you run the code it works and should extract 2 passwords

feel free to bash my code, i know i suck

-------------edit
here is a curl version
http://pappy.pastebin.com/f65fa0bc0

curl version:Page loaded in 0.235 seconds.
file_get_contents version:Page loaded in 0.132 seconds.

your choice, just giving you an option

http://www.xssed.com/archive/author=PaPPy/



Edited 1 time(s). Last edit at 08/16/2009 04:37PM by PaPPy.

Options: ReplyQuote
Re: Worm code
Posted by: SpoofGhost
Date: September 15, 2009 05:59AM

havent been arround for some time i had a busy time with school,
anyway...

i'm continueing this project tho my host has some problems concerning Curl so i can't really use it. anyone knows some free hosting where this is enabled?

Options: ReplyQuote
Re: Worm code
Posted by: PaPPy
Date: September 15, 2009 10:35AM

i googled, dont know if it helps
http://www.google.com/search?hl=en&q=free+php+host+allows+curl&aq=f&oq=&aqi=

if none of them work out for u, let me know via PM and i may have a place i can host for you

http://www.xssed.com/archive/author=PaPPy/

Options: ReplyQuote
Re: Worm code
Posted by: SpoofGhost
Date: September 17, 2009 06:35AM

i tried the first site that showed up in your search result and it seems like a nice
hosting service. still have to check it out fully thanks alot!

Options: ReplyQuote
Re: Worm code
Posted by: RonPaul
Date: October 04, 2009 02:43PM

thanks for the code and info about gmail, came in really helpful here:
http://sla.ckers.org/forum/read.php?3,26267,26268#msg-26268

Options: ReplyQuote
Re: Worm code
Posted by: SpoofGhost
Date: November 10, 2009 08:49AM

hmm project isn't comming from the ground very busy with other stuff..
but i have looked into mailinator and that looks great

Options: ReplyQuote
Re: Worm code
Posted by: PaPPy
Date: November 10, 2009 10:13AM

:( was hoping to see something cool

http://www.xssed.com/archive/author=PaPPy/

Options: ReplyQuote
Re: Worm code
Posted by: SpoofGhost
Date: November 11, 2009 06:45AM

oh, well i'm working it i hope when i'm done your not disapointed :P

Options: ReplyQuote
Re: Worm code
Posted by: SpoofGhost
Date: November 12, 2009 05:57AM

oh i do have a bit of a problem.. maybe you guys know a solution.
the thing i'm having problems with is the an option from curl

followlocation, it give's an error anyway i need to turn off save mode
and also open basedir tho save mode is off open_basedir is still a problem.

i can't turn this off as i'm using a "free host" so i need a solution for this.
i already had some sorth of solution but i'm not sure if this is working.

anyway if some one knows a good free host wich supports curl and got things setup
so i can use this function, or a good workaround wich i prefer. as the current host is quite nice. as it supports almost everything i could need and need.

thanks in advance

Options: ReplyQuote
Re: Worm code
Posted by: PaPPy
Date: November 12, 2009 07:00AM

googling brings up a lot of subjects on the issues

http://secunia.com/advisories/13023/
seems that option maybe disabled in curl all together? or maybe its real old and i dont know what im talking about

what are you trying to do exactly?

http://www.xssed.com/archive/author=PaPPy/

Options: ReplyQuote
Re: Worm code
Posted by: SpoofGhost
Date: November 12, 2009 07:13AM

i need to login and inject the xss in one of there pages but the problem is that the page only exists for 10 min orso thus i need to do it over and over again thats why i need curl in the first place its almost a bot... as it has some more functions it can preform...

Options: ReplyQuote
Re: Worm code
Posted by: PaPPy
Date: November 12, 2009 08:50AM

i get that part, but what are u trying to that this curl feature is prevent you from doing

http://www.xssed.com/archive/author=PaPPy/

Options: ReplyQuote


Sorry, only registered users may post in this forum.