Jump to content
mario23

CGI scanner v1.33

By mario23, in Exploituri

Recommended Posts

mario23 Newbie

mario23

Posted
Posted

/* ---------------------------------------------------------------------- */

/* CGI scanner v1.33, m0dify and recode by su1d sh3ll //UnlG 1999         */

/* Tested on Slackware linux with kernel 2.0.35;2.0.36;                   */

/*           FreeBSD 2.2.2-3.1;IRIX 5.3                                   */

/* Source c0de by [CKS & Fdisk]                                           */

/* Gr33tz to: Packet St0rm and Ken, ADM crew, ech0 security and CKS, ch4x,*/

/*            el8.org users, #c0de, rain.forest.puppy/[WT], MnemoniX ,    */

/*            hypoclear of lUSt                                           */

/* Fuck to: www.hackzone.ru , HDT...  CHC fuck u 2 llamaz-scr1pt k1dd1ez  */

/*          hey! v0rt-fu if u kewl programmer u must write u own proggi,  */

/*          and stop modify th1s scanner...(i can do it better and CKS ;) */

/*          hmm, remember if u can add 2 CGi to scanner u can't change    */

/*          real Version number and name.....better go read 'C' Bible ;) */  

/* c0m1ng s00n: hmmm.... i forgot B) again forgot... :)                 */

/* codex@bogus.net // added misc TCP port support 06.05.99 */

#include <fcntl.h>

#include <sys/types.h>

#include <sys/socket.h>

#include <netinet/in.h>

#include <signal.h>

#include <stdio.h>

#include <string.h>

#include <netdb.h>

#include <ctype.h>

#include <arpa/nameser.h>

#include <sys/stat.h>

#include <strings.h>

#include <stdio.h>

#include <stdlib.h>

#include <unistd.h>

#include <sys/socket.h>

int main(int argc, char *argv[])

{

int sock,debugm=0;

struct in_addr addr;

struct sockaddr_in sin;

struct hostent *he;

unsigned long start;

unsigned long end;

unsigned long counter;

char foundmsg[] = "200";

char *cgistr;

char buffer[1024];

int count=0;

int numin;

char cgibuff[1024];

char *buff[100];    /* Don't u think 100 is enought?  ;)*/

char *cginame[100]; /* Don't u think 100 is enought? */

int myport = 80;

buff[1] = "GET /cgi-bin/unlg1.1 HTTP/1.0nn";

/* v0rt-fu when u modify source, check this first line.... that's my B)      */

buff[2] = "GET /cgi-bin/rwwwshell.pl HTTP/1.0nn";

buff[3] = "GET /cgi-bin/phf HTTP/1.0nn";    

buff[4] = "GET /cgi-bin/Count.cgi HTTP/1.0nn";

buff[5] = "GET /cgi-bin/test-cgi HTTP/1.0nn";

buff[6] = "GET /cgi-bin/nph-test-cgi HTTP/1.0nn";

buff[7] = "GET /cgi-bin/php.cgi HTTP/1.0nn";

buff[8] = "GET /cgi-bin/handler HTTP/1.0nn";

buff[9] = "GET /cgi-bin/webgais HTTP/1.0nn";

buff[10] = "GET /cgi-bin/websendmail HTTP/1.0nn";

buff[11] = "GET /cgi-bin/webdist.cgi HTTP/1.0nn";

buff[12] = "GET /cgi-bin/faxsurvey HTTP/1.0nn";

buff[13] = "GET /cgi-bin/htmlscript HTTP/1.0nn";

buff[14] = "GET /cgi-bin/pfdispaly.cgi HTTP/1.0nn";

buff[15] = "GET /cgi-bin/perl.exe HTTP/1.0nn";

buff[16] = "GET /cgi-bin/wwwboard.pl HTTP/1.0nn";

buff[17] = "GET /cgi-bin/www-sql HTTP/1.0nn";

buff[18] = "GET /cgi-bin/view-source HTTP/1.0nn";

buff[19] = "GET /cgi-bin/campas HTTP/1.0nn";

buff[20] = "GET /cgi-bin/aglimpse HTTP/1.0nn";

buff[21] = "GET /cgi-bin/glimpse HTTP/1.0nn";

buff[22] = "GET /cgi-bin/man.sh HTTP/1.0nn";

buff[23] = "GET /cgi-bin/AT-admin.cgi HTTP/1.0nn";

buff[24] = "GET /cgi-bin/filemail.pl HTTP/1.0nn";

buff[25] = "GET /cgi-bin/maillist.pl HTTP/1.0nn";

buff[26] = "GET /cgi-bin/jj HTTP/1.0nn";

buff[27] = "GET /cgi-bin/info2www HTTP/1.0nn";

buff[28] = "GET /cgi-bin/files.pl HTTP/1.0nn";  

buff[29] = "GET /cgi-bin/finger HTTP/1.0nn";

buff[30] = "GET /cgi-bin/bnbform.cgi HTTP/1.0nn";

buff[31] = "GET /cgi-bin/survey.cgi HTTP/1.0nn";

buff[32] = "GET /cgi-bin/AnyForm2 HTTP/1.0nn";

buff[33] = "GET /cgi-bin/textcounter.pl HTTP/1.0nn";

buff[34] = "GET /cgi-bin/classifieds.cgi HTTP/1.0nn";

buff[35] = "GET /cgi-bin/environ.cgi HTTP/1.0nn";

buff[36] = "GET /_vti_pvt/service.pwd HTTP/1.0nn";

buff[37] = "GET /_vti_pvt/users.pwd HTTP/1.0nn";

buff[38] = "GET /_vti_pvt/authors.pwd HTTP/1.0nn";

buff[39] = "GET /_vti_pvt/administrators.pwd HTTP/1.0nn";

buff[40] = "GET /_vti_pvt/shtml.dll HTTP/1.0nn";

buff[41] = "GET /_vti_pvt/shtml.exe HTTP/1.0nn";

buff[42] = "GET /cgi-dos/args.bat HTTP/1.0nn";

buff[43] = "GET /cgi-win/uploader.exe HTTP/1.0nn";

buff[44] = "GET /scripts/issadmin/bdir.htr HTTP/1.0nn";

buff[45] = "GET /scripts/CGImail.exe HTTP/1.0nn";

buff[46] = "GET /scripts/tools/newdsn.exe HTTP/1.0nn";

buff[47] = "GET /scripts/fpcount.exe HTTP/1.0nn";

buff[48] = "GET /cfdocs/expelval/openfile.cfm HTTP/1.0nn";

buff[49] = "GET /cfdocs/expelval/exprcalc.cfm HTTP/1.0nn";

buff[50] = "GET /cfdocs/expelval/displayopenedfile.cfm HTTP/1.0nn";

buff[51] = "GET /cfdocs/expelval/sendmail.cfm HTTP/1.0nn";

buff[52] = "GET /search97.vts HTTP/1.0nn";

buff[53] = "GET /carbo.dll HTTP/1.0nn"; /* we have at archive about 70 CGi ,

                                                                  rule? ;) */

cginame[1] = "UnlG - backd00r ";

cginame[2] = "THC - backd00r  ";

cginame[3] = "phf..classic :) ";

cginame[4] = "Count.cgi       ";

cginame[5] = "test-cgi        ";

cginame[6] = "nph-test-cgi    ";

cginame[7] = "php.cgi         ";

cginame[8] = "handler         ";

cginame[9] = "webgais         ";

cginame[10] = "websendmail     ";

cginame[11] = "webdist.cgi     ";

cginame[12] = "faxsurvey       ";

cginame[13] = "htmlscript      ";

cginame[14] = "pfdisplay       ";

cginame[15] = "perl.exe        ";

cginame[16] = "wwwboard.pl     ";

cginame[17] = "www-sql         ";

cginame[18] = "view-source     ";

cginame[19] = "campas          ";

cginame[20] = "aglimpse        ";

cginame[21] = "glimpse         ";

cginame[22] = "man.sh          ";

cginame[23] = "AT-admin.cgi    ";

cginame[24] = "filemail.pl     ";

cginame[25] = "maillist.pl     ";

cginame[26] = "jj              ";

cginame[27] = "info2www        ";

cginame[28] = "files.pl        ";

cginame[29] = "finger          ";

cginame[30] = "bnbform.cgi     ";

cginame[31] = "survey.cgi      ";

cginame[32] = "AnyForm2        ";

cginame[33] = "textcounter.pl  ";

cginame[34] = "classifields.cgi";

cginame[35] = "environ.cgi     ";

cginame[36] = "service.pwd     ";

cginame[37] = "users.pwd       ";

cginame[38] = "authors.pwd     ";

cginame[39] = "administrators  ";

cginame[40] = "shtml.dll       ";

cginame[41] = "shtml.exe       ";

cginame[42] = "args.bat        ";

cginame[43] = "uploader.exe    ";

cginame[44] = "bdir - samples  ";

cginame[45] = "CGImail.exe     ";

cginame[46] = "newdsn.exe      ";

cginame[47] = "fpcount.exe     ";

cginame[48] = "openfile.cfm    ";

cginame[49] = "exprcalc.cfm    ";

cginame[50] = "dispopenedfile  ";

cginame[51] = "sendmail.cfm    ";

cginame[52] = "search97.vts    ";

cginame[53] = "carbo.dll       ";

if (argc<2)

  {

  printf("n [-- CGI Checker 1.34. Modified by su1d sh3ll //UnlG --]");

  printf("nusage : %s host <port> ",argv[0]);

  printf("n   Or : %s host <port> -d   for debug modenn",argv[0]);  

  exit(0);

  }

/* --- seriously rubbish hack, but never mind (codex@bogus.net) */

if(argv[2]) {

  if(strstr("-d",argv[2])) {

    debugm=1;

  }

  if(atoi(argv[2])) {

    myport=atoi(argv[2]);

  } else {

    printf("Error: need a valid portn");

    exit(0);

  }

}

if(argv[3]) {

  if(strstr("-d",argv[3])) {

    debugm=1;

  }  

}

if ((he=gethostbyname(argv[1])) == NULL)

  {

  herror("gethostbyname");

  exit(0);

  }

printf("nnt [CKS & Fdisk]'s CGI Checker - modify by su1d sh3ll 04.05.99nnn");

start=inet_addr(argv[1]);

counter=ntohl(start);

  sock=socket(AF_INET, SOCK_STREAM, 0);

  bcopy(he->h_addr, (char *)&sin.sin_addr, he->h_length);

  sin.sin_family=AF_INET;

  sin.sin_port=htons(myport);

 if (connect(sock, (struct sockaddr*)&sin, sizeof(sin))!=0)

    {

    perror("connect");

    }

  printf("nnt [ Press any key to check out the httpd version...... ]n");

  getchar();     /* CKS  sorry, but ur new piece of code don't work :( */

  send(sock, "HEAD / HTTP/1.0nn",17,0);

  recv(sock, buffer, sizeof(buffer),0);

  printf("%s",buffer);

  close(sock);  

 

  printf("nt [ Press any key to search 4 CGI stuff...... ]n");

  getchar();

   

while(count++ < 53)    /* huh! 53 cgi..... no secur1ty in th1s w0rld ;)*/

  {

  sock=socket(AF_INET, SOCK_STREAM, 0);

  bcopy(he->h_addr, (char *)&sin.sin_addr, he->h_length);

  sin.sin_family=AF_INET;

  sin.sin_port=htons(80);

  if (connect(sock, (struct sockaddr*)&sin, sizeof(sin))!=0)

    {

    perror("connect");

    }

  printf("Searching for %s : ",cginame[count]);

 

  for(numin=0;numin < 1024;numin++)

     {

     cgibuff[numin] = '

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...