BotNets are Mainly Created by Great Scripters, but some of them really LACK on Security!
A recent report made to siph0n.in by abdilo and asterea (@4sterea) identified How Un-Secure the Most Recent Botnets are!
Let's give a look into it!
(1) BotNet is Vulnerable to Sh3ll Upload Vulnerability
iBanking
=============
Type: Shell Upload
Sh3ll: *(2)
(18) BotNets are VULNERABLE to SQL Injection:
Random panel
==========
Type: SQLi
Vuln: http://site.com/g.php?id=1
Athena
==========
Type: SQLi
Vuln: http://localhost:8992/panel/gate.php?botid=1&newbot=1&country=AUD&country_code=AUD &ip=10.0.0.1&os=win&cpu=amd&type=mate&cores=1999&version=88.8&net=wlan&admin=narwals&busy=no&lastseen=now
Casinoloader
==========
Type: SQLi
Vuln: http://localhost/gateway.php
POSTDATA page=1&val=1
Citadel
==========
Type: SQLi
Vuln: http://localhost/cp.php?bots=1
DLOADER
=============
Type: SQLi
Vuln1: http://localhost/includes/get_kktocc.php?line=1
Vuln2: http://localhost/includes/update_url.php?fid=1
HERPES
=============
SQL injection.
http://localhost/tasks.php POST: vote=1&submitted=1
JACKPOS
=============
blindsqli after you login, pretty useless so i wont bother.
JHTTP
=============
Some sqlinjection vulnerabilities past the assets folder.
SAKURA
=============
Type: SQLi
http://localhost/func.php?showtopic=2 http://localhost/index.php?showtopic=322 http://localhost/sakuraadmin44.php?filename=1.png&cmd=rm%20-f%20-r%20%2Fusr%2F&edit=2312 http://localhost/sakuraadmin44.php?filename=1.png&cmd=apt-get%20install%20backdoor http://localhost/sakuraadmin44.php?link=http%3A%2F%2Fmetasploit.com%2F&threads=10 http://localhost/showthread.php?t=123 http://localhost/showthread.php?t=23&cmd=32
Type: SQLi - POST
http://localhost/sakuraadmin44.php?threads=222&link=21213.com POST: exploits=992.ds http://localhost/sakuraadmin44.php?threads=11 POST: snick=123&file=321&exploits=123 http://localhost/sakuraadmin44.php?threads=21 POST: snick=1
SILENCE WINLOCKER V5.0
=================
SQL injection.
http://localhost/forma.php?pin=4322 http://localhost/index.php?x=1&act=delete&id=1 http://localhost/picture.php?pin=8787 http://localhost/tmp/get.php?pin=1334
SMOKE LOADER
=============
Type: SQLi
http://localhost/control.php?id=1 http://localhost/guest.php?id=1
POST
SOLARBOT
=============
SQL injection.
localhost/index.php POSTDATA i=1881&p=80&u=8302&h=282&s=AUD
SPY-EYE
=============
Type: SQLi
http://localhost/frm_boa-grabber_sub.php?dt=11%2F11%2F1998
TINBA
=============
Type: SQLi
\tinybanker panel\admin/control/logs.act.php http://localhost/logs.act.php Post Data: bot_uid=1&botcomment=mate
UMBRA
=============
Type: SQLi
Vuln: http://localhost/delete_command.php?deleteID=1
VERTEXNET
=============
There are sqlinjection vulnerabilities but the likely hood of you actually finding a way of exploiting them is low.
ZEUS AND ZEUS EVO
=============
Type: SQLi
Vuln: http://localhost/gate.php?ip=8.8.8.8
ZSKIMMER
=============
Type: SQLi
Vuln: http://localhost/process.php?xy=2
(3) BotNets are VULNERABLE to Cross-Site Scripting Vulnerability and Other Medium Issues:
CYTHOSIA BOTNET
=============
Type: Stored XSS and iFrame redirect
Click add task Command: IFRAME SRC="whateverekorlemonpartyorwhatnot.com" /IFRAME
Then Click Create Task Finally click Tasks. VOILA!
(Credits to asterea for finding this botnet panel)
CRIMEPACK 3.1.3
============
Secure shit, like no XSS's or anything.
PLASMA
=============
Some Cross site scripting vulns and nothing else so no use telling you about them.
Furthermore they have also identified (5) Secure Sh3lls :-)
Here you all can find the Secure Ones!
Alin1
==========
Nothing, unless logged in.
Betabot
==========
Nope.
CRIMEPACK 3.1.3
============
Secure shit, like no XSS's or anything.
SMSBOT
=============
nothing interesting.
SPY POSCARDSTEALER
=============
nope its secure.
------------------------------------------------------------------------------
If you all find any new Vulnerability, you can directly contact them below!
Contact: [email protected]
Twitter: 4sterea
------------------------------------------------------------------------------
(*)1 Source:
https://siph0n.in/exploits.php?id=3528
(*)2 iBanking Sh3ll:
http://pastebin.com/Dfczctfv
About the Author :
Christian Galeone is a Cyber Security Researcher from Italy, he's currently studying to ITCL Marco Polo ( Vocational Technical Institute | Vo-Tech ) attending the IT Programming Class.
He has been Acknowledged by the TOP 5 Companies including Yahoo!, Microsoft, AT&T, Sony etc. He is currently working with HOC as author of Cyber Security & Critical Tools Research Articles.
0 comments:
Post a Comment
Note: only a member of this blog may post a comment.