[SUPERPETZ MALWARE NETPAD & NETMASTER ALERT !]
.++.
|()()|
| /\ |
<<><>>
//||\\
////\\\\
/////\\\\\
\\\\\/////
/////\\\\\
\\\\\/////
\\\\////
''''''
(collect them all!!)
About Netpad:
-=---------=-
<selective juicy bits from from levcgi.com netpad.cgi readme>
" Yes, the rumors are true; you can use NetPad to hack other's web sites or plain out
destroy them. As is the case with all of the NetMaster programs, so is this a
hazardous tool and can be used for malicious fun at your own risk! Please, keep in
mind that the following information should be considered for educational purposes only
and using this program in any illegal manner is at your OWN discretion. I cannot and
will not be held responsible for the foul use of this or any of my programs!
Now, let's get started with some basics on how web servers and hosting companies work.
When you pay for hosting your site is on a server with often up to hundreds of other
sites! Every user has their own main directory which is located at a specific system
path. Sometimes it will look like "/home/sites/site24/web/" while other times maybe
"/www/htdocs/www.domain.com/web/" or something along those lines. Nearly all CGI
programs use those paths to dynamically create files on the fly as well as reference
other needed bits of data. With that knowledge alone you are quite capable of dealing
some pretty nasty damage!
Remember that when you are setting up NetPad you are required to enter the full path
to your main directory. This is so you can open and edit the files successfully! But,
now what if you were to enter in ANOTHER path instead of yours? Well quite simply, you
could open up other files on the server, and yes you can even "edit" their files as
well! Keep in mind this will vary greatly from server to server, but I have learned
that many servers leave this in plain site to deal the damage with ease. Let's assume
that your path is "/home/sites/site24/web/". Obviously by looking at that we can come
to the conclusion most probably at least 23 other sites are being hosted on your
server. So if you try entering "/home/sites/site23/web/" you will actually be opening
up files for SOMEONE ELSE'S site! This is a great way to steal source code, when it
normally would be forbidden.
But wait! It gets even worse! Many servers out there allow you to amend/edit files
WITHOUT even giving them proper permissions! Normally a file must be set to CHMOD 777
if the server is to write to it on the fly, yet some servers out there do NOT do this
and a file simply set at the standard 644 can be written to! This can potentially
cause a big security loop-hole as anyone with a mischievous mind can take advantage of
it! How you say? Simple! All you would need to do is change the path to that of
another site on the server and open up their files. Once you have done so you can go
crazy and edit their pages in anyway you desire!
But how do you know what their files are named you ask? By using your brain! Nearly
every single web site is run off Apache software, and even more use an "index" file as
your main file for each folder. So, when you are trying to hack into someone's site
using NetPad and want the names of their files so you can play with their site, try
starting with their index file. First try opening "index.html". If that doesn't work
open "index.htm". Still no dice? Well try any of these until you get a match:
index.cgi, index.pl, index.php, index.asp, index.jhtml, index.shtml, index.cfm... etc.
The list can go on quite long but these tend to be the most popular choices!
If you are serious in your efforts to wreck havoc on the net, then you should do two
things. First, NetPad is a package of a larger collection of webmaster tools called
NetMaster. Get the full package first! You will be ready for nearly anything! You will
be able to perform various tasks such as setting file permissions in the browser,
uploading files, renaming, moving and deleting files and so on! The second thing you
should do is think about respect and property. Many people spend a long time creating
their websites and to many of them it is the milestone of their life; don't go around
screwing with anyone's site whom you do not even know. Not only is it wrong, but it is
illegal in most countries! Not only are you really pissing off people and crushing
their creative outlet but you are risking jail time. The information I have provided
was merely a means of education and to exploit many server insecurities
in an effort to hopefully fix them and keep things more secure. If you are concerned
with the security of your server confront them! you never know; maybe they will try
and fix up their weak spots and keep your site in better hands!
In closing with using NetPad to hack I will state it is your own choice! Doing so can
get you wound up in jail. I won't be crying for you! Your actions will bring on your
own consequences so don't try and shift the blame on me! Think of it like this; would
you want someone you don't know screwing your site up just because they found a new
toy? I didn't think so... If you are going to risk getting kicked off your server and
possibly go to jail ask yourself if it is worth it. "
ALERT DETAILS:
-=----------=-
Path Disclosure and Command Execution vulnerabilities discovered by fellow researchers
b0iler([EMAIL PROTECTED]) and BrainRawt([EMAIL PROTECTED]) are special features
made by EVIL LEVCGI guy. Unfiltered input to open() function is special trapdoor for
malicious guys to break webservers. Entire Netmaster suite is also for secret hacking
of websites. BEWARE! DO NOT INSTALL THIS SOFTWARE! IT IS PURPOSELY INSECURE SO YOU CAN
GET HAKKED!!
Vendor website: http://www.levcgi.com/
Chek out the following sites if you do not think LEV is a spooky guy:
http://www.taintedthoughts.com/
http://www.lordofdeception.com/
http://www.gothcities.com/
He spooks me all the way to heck!!
(that's all)
Hush provide the worlds most secure, easy to use online applications - which solution
is right for you?
HushMail Secure Email http://www.hushmail.com/
HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/
Hush Business - security for your Business http://www.hush.com/
Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/
Looking for a good deal on a domain name?
http://www.hush.com/partners/offers.cgi?id=domainpeople
