Jump to content
mario23

CGI scanner v1.33

By mario23, in Exploituri

Recommended Posts

mario23 Newbie

mario23

Posted
Posted

/* ---------------------------------------------------------------------- */

/* CGI scanner v1.33, m0dify and recode by su1d sh3ll //UnlG 1999         */

/* Tested on Slackware linux with kernel 2.0.35;2.0.36;                   */

/*           FreeBSD 2.2.2-3.1;IRIX 5.3                                   */

/* Source c0de by [CKS & Fdisk]                                           */

/* Gr33tz to: Packet St0rm and Ken, ADM crew, ech0 security and CKS, ch4x,*/

/*            el8.org users, #c0de, rain.forest.puppy/[WT], MnemoniX ,    */

/*            hypoclear of lUSt                                           */

/* Fuck to: www.hackzone.ru , HDT...  CHC fuck u 2 llamaz-scr1pt k1dd1ez  */

/*          hey! v0rt-fu if u kewl programmer u must write u own proggi,  */

/*          and stop modify th1s scanner...(i can do it better and CKS ;) */

/*          hmm, remember if u can add 2 CGi to scanner u can't change    */

/*          real Version number and name.....better go read 'C' Bible ;) */  

/* c0m1ng s00n: hmmm.... i forgot B) again forgot... :)                 */

/* codex@bogus.net // added misc TCP port support 06.05.99 */

#include <fcntl.h>

#include <sys/types.h>

#include <sys/socket.h>

#include <netinet/in.h>

#include <signal.h>

#include <stdio.h>

#include <string.h>

#include <netdb.h>

#include <ctype.h>

#include <arpa/nameser.h>

#include <sys/stat.h>

#include <strings.h>

#include <stdio.h>

#include <stdlib.h>

#include <unistd.h>

#include <sys/socket.h>

int main(int argc, char *argv[])

{

int sock,debugm=0;

struct in_addr addr;

struct sockaddr_in sin;

struct hostent *he;

unsigned long start;

unsigned long end;

unsigned long counter;

char foundmsg[] = "200";

char *cgistr;

char buffer[1024];

int count=0;

int numin;

char cgibuff[1024];

char *buff[100];    /* Don't u think 100 is enought?  ;)*/

char *cginame[100]; /* Don't u think 100 is enought? */

int myport = 80;

buff[1] = "GET /cgi-bin/unlg1.1 HTTP/1.0nn";

/* v0rt-fu when u modify source, check this first line.... that's my B)      */

buff[2] = "GET /cgi-bin/rwwwshell.pl HTTP/1.0nn";

buff[3] = "GET /cgi-bin/phf HTTP/1.0nn";    

buff[4] = "GET /cgi-bin/Count.cgi HTTP/1.0nn";

buff[5] = "GET /cgi-bin/test-cgi HTTP/1.0nn";

buff[6] = "GET /cgi-bin/nph-test-cgi HTTP/1.0nn";

buff[7] = "GET /cgi-bin/php.cgi HTTP/1.0nn";

buff[8] = "GET /cgi-bin/handler HTTP/1.0nn";

buff[9] = "GET /cgi-bin/webgais HTTP/1.0nn";

buff[10] = "GET /cgi-bin/websendmail HTTP/1.0nn";

buff[11] = "GET /cgi-bin/webdist.cgi HTTP/1.0nn";

buff[12] = "GET /cgi-bin/faxsurvey HTTP/1.0nn";

buff[13] = "GET /cgi-bin/htmlscript HTTP/1.0nn";

buff[14] = "GET /cgi-bin/pfdispaly.cgi HTTP/1.0nn";

buff[15] = "GET /cgi-bin/perl.exe HTTP/1.0nn";

buff[16] = "GET /cgi-bin/wwwboard.pl HTTP/1.0nn";

buff[17] = "GET /cgi-bin/www-sql HTTP/1.0nn";

buff[18] = "GET /cgi-bin/view-source HTTP/1.0nn";

buff[19] = "GET /cgi-bin/campas HTTP/1.0nn";

buff[20] = "GET /cgi-bin/aglimpse HTTP/1.0nn";

buff[21] = "GET /cgi-bin/glimpse HTTP/1.0nn";

buff[22] = "GET /cgi-bin/man.sh HTTP/1.0nn";

buff[23] = "GET /cgi-bin/AT-admin.cgi HTTP/1.0nn";

buff[24] = "GET /cgi-bin/filemail.pl HTTP/1.0nn";

buff[25] = "GET /cgi-bin/maillist.pl HTTP/1.0nn";

buff[26] = "GET /cgi-bin/jj HTTP/1.0nn";

buff[27] = "GET /cgi-bin/info2www HTTP/1.0nn";

buff[28] = "GET /cgi-bin/files.pl HTTP/1.0nn";  

buff[29] = "GET /cgi-bin/finger HTTP/1.0nn";

buff[30] = "GET /cgi-bin/bnbform.cgi HTTP/1.0nn";

buff[31] = "GET /cgi-bin/survey.cgi HTTP/1.0nn";

buff[32] = "GET /cgi-bin/AnyForm2 HTTP/1.0nn";

buff[33] = "GET /cgi-bin/textcounter.pl HTTP/1.0nn";

buff[34] = "GET /cgi-bin/classifieds.cgi HTTP/1.0nn";

buff[35] = "GET /cgi-bin/environ.cgi HTTP/1.0nn";

buff[36] = "GET /_vti_pvt/service.pwd HTTP/1.0nn";

buff[37] = "GET /_vti_pvt/users.pwd HTTP/1.0nn";

buff[38] = "GET /_vti_pvt/authors.pwd HTTP/1.0nn";

buff[39] = "GET /_vti_pvt/administrators.pwd HTTP/1.0nn";

buff[40] = "GET /_vti_pvt/shtml.dll HTTP/1.0nn";

buff[41] = "GET /_vti_pvt/shtml.exe HTTP/1.0nn";

buff[42] = "GET /cgi-dos/args.bat HTTP/1.0nn";

buff[43] = "GET /cgi-win/uploader.exe HTTP/1.0nn";

buff[44] = "GET /scripts/issadmin/bdir.htr HTTP/1.0nn";

buff[45] = "GET /scripts/CGImail.exe HTTP/1.0nn";

buff[46] = "GET /scripts/tools/newdsn.exe HTTP/1.0nn";

buff[47] = "GET /scripts/fpcount.exe HTTP/1.0nn";

buff[48] = "GET /cfdocs/expelval/openfile.cfm HTTP/1.0nn";

buff[49] = "GET /cfdocs/expelval/exprcalc.cfm HTTP/1.0nn";

buff[50] = "GET /cfdocs/expelval/displayopenedfile.cfm HTTP/1.0nn";

buff[51] = "GET /cfdocs/expelval/sendmail.cfm HTTP/1.0nn";

buff[52] = "GET /search97.vts HTTP/1.0nn";

buff[53] = "GET /carbo.dll HTTP/1.0nn"; /* we have at archive about 70 CGi ,

                                                                  rule? ;) */

cginame[1] = "UnlG - backd00r ";

cginame[2] = "THC - backd00r  ";

cginame[3] = "phf..classic :) ";

cginame[4] = "Count.cgi       ";

cginame[5] = "test-cgi        ";

cginame[6] = "nph-test-cgi    ";

cginame[7] = "php.cgi         ";

cginame[8] = "handler         ";

cginame[9] = "webgais         ";

cginame[10] = "websendmail     ";

cginame[11] = "webdist.cgi     ";

cginame[12] = "faxsurvey       ";

cginame[13] = "htmlscript      ";

cginame[14] = "pfdisplay       ";

cginame[15] = "perl.exe        ";

cginame[16] = "wwwboard.pl     ";

cginame[17] = "www-sql         ";

cginame[18] = "view-source     ";

cginame[19] = "campas          ";

cginame[20] = "aglimpse        ";

cginame[21] = "glimpse         ";

cginame[22] = "man.sh          ";

cginame[23] = "AT-admin.cgi    ";

cginame[24] = "filemail.pl     ";

cginame[25] = "maillist.pl     ";

cginame[26] = "jj              ";

cginame[27] = "info2www        ";

cginame[28] = "files.pl        ";

cginame[29] = "finger          ";

cginame[30] = "bnbform.cgi     ";

cginame[31] = "survey.cgi      ";

cginame[32] = "AnyForm2        ";

cginame[33] = "textcounter.pl  ";

cginame[34] = "classifields.cgi";

cginame[35] = "environ.cgi     ";

cginame[36] = "service.pwd     ";

cginame[37] = "users.pwd       ";

cginame[38] = "authors.pwd     ";

cginame[39] = "administrators  ";

cginame[40] = "shtml.dll       ";

cginame[41] = "shtml.exe       ";

cginame[42] = "args.bat        ";

cginame[43] = "uploader.exe    ";

cginame[44] = "bdir - samples  ";

cginame[45] = "CGImail.exe     ";

cginame[46] = "newdsn.exe      ";

cginame[47] = "fpcount.exe     ";

cginame[48] = "openfile.cfm    ";

cginame[49] = "exprcalc.cfm    ";

cginame[50] = "dispopenedfile  ";

cginame[51] = "sendmail.cfm    ";

cginame[52] = "search97.vts    ";

cginame[53] = "carbo.dll       ";

if (argc<2)

  {

  printf("n [-- CGI Checker 1.34. Modified by su1d sh3ll //UnlG --]");

  printf("nusage : %s host <port> ",argv[0]);

  printf("n   Or : %s host <port> -d   for debug modenn",argv[0]);  

  exit(0);

  }

/* --- seriously rubbish hack, but never mind (codex@bogus.net) */

if(argv[2]) {

  if(strstr("-d",argv[2])) {

    debugm=1;

  }

  if(atoi(argv[2])) {

    myport=atoi(argv[2]);

  } else {

    printf("Error: need a valid portn");

    exit(0);

  }

}

if(argv[3]) {

  if(strstr("-d",argv[3])) {

    debugm=1;

  }  

}

if ((he=gethostbyname(argv[1])) == NULL)

  {

  herror("gethostbyname");

  exit(0);

  }

printf("nnt [CKS & Fdisk]'s CGI Checker - modify by su1d sh3ll 04.05.99nnn");

start=inet_addr(argv[1]);

counter=ntohl(start);

  sock=socket(AF_INET, SOCK_STREAM, 0);

  bcopy(he->h_addr, (char *)&sin.sin_addr, he->h_length);

  sin.sin_family=AF_INET;

  sin.sin_port=htons(myport);

 if (connect(sock, (struct sockaddr*)&sin, sizeof(sin))!=0)

    {

    perror("connect");

    }

  printf("nnt [ Press any key to check out the httpd version...... ]n");

  getchar();     /* CKS  sorry, but ur new piece of code don't work :( */

  send(sock, "HEAD / HTTP/1.0nn",17,0);

  recv(sock, buffer, sizeof(buffer),0);

  printf("%s",buffer);

  close(sock);  

 

  printf("nt [ Press any key to search 4 CGI stuff...... ]n");

  getchar();

   

while(count++ < 53)    /* huh! 53 cgi..... no secur1ty in th1s w0rld ;)*/

  {

  sock=socket(AF_INET, SOCK_STREAM, 0);

  bcopy(he->h_addr, (char *)&sin.sin_addr, he->h_length);

  sin.sin_family=AF_INET;

  sin.sin_port=htons(80);

  if (connect(sock, (struct sockaddr*)&sin, sizeof(sin))!=0)

    {

    perror("connect");

    }

  printf("Searching for %s : ",cginame[count]);

 

  for(numin=0;numin < 1024;numin++)

     {

     cgibuff[numin] = '

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...