Simple CGI scanner which works on Linux, OpenBSD, and others. Updated to fix y2k problem.
67283afef975011510958b99f1bfc3a7059b81d45720412147d8ce0cd3d535ee/*
* AUTHOR: ZinC_Sh(C) E-MAIL: zinc_sh@hotmail.com
*
* DATE: Sat Feb 5 19:07:44 GMT+2 2000 @754
*
* SYSTEMS: Linux , OpenBSD , FreeBSD and more...
*
* COMPILE: gcc -o cgiS cgiS.c
*
* EXEC: cgiS www.destination.com
*
* DESCRIPTION: The Following Code Is a Cgi-Scaner That Scans Files.*
* Which You Can Find In The /cgi-bin/*.*
*
* --------- [ Cgi-Scaners Problem ] ---------
*
* With The Entrance Of 2000 a Problem Presented in The Cgi-ScanerS.
* 9 to 10 Sites That They Were Scanned , had as result The Finding
* Of all The Files That Scanner had Checked. ( CAN'T BE THAT )
*
* PROBLEM: The Problem Appears To The ''Variable'' Which The Coder has declared
* in order to be checked by the strstr();.
* The ''Variable'' is "200"
*
* SOLUTION: The Solution is feasable By Changing "200" To "200 OK"
*
* PROBLEM DESCRIPTION: The real Problem iS That The strstr(); scans For The
* String named "200" in The Buffer Which received From The Site.
* The "200" Will Be included in The buffer Only If The search on The Site is
* True ( That means ''the file exists '' ),
* Otherwise, Other data Will Be stored in The Buffer Such as HTTPd Version, DATE
* and more...
* From The first of January/2000 we Have The Problem With The date Which
* is 1/1/"200"0 and includes The "200".
* This Means That Both results "TRUE" and "FALSE" have The DAte [1/1/2000] So,
* That Is The Problem.
*
* If Anyone Modify This Code I woulD like To Have A copy.
*
* May The Poula Kapribekou Be With YOu...
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <unistd.h>
#include <arpa/inet.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/tcp.h>
#include <netinet/ip.h>
#include <netinet/in.h>
#include <netdb.h>
#include <unistd.h>
#define RMT_PORT 80
#define OXO 1
#define LOOK "200 OK" /* ALL PROBLES HAVE A SOLUTION :) */
#define OUT_FILE "DOuiD.cgi" /* The out-put file with the result */
main(int argc, char *argv[])
{
struct sockaddr_in rmt_host;
struct hostent *rh;
FILE *f;
char buffer1[BUFSIZ];
char buffer2[BUFSIZ];
char *cgi[100]; /* You Can Change It Of Course */
char *name[100]; /* Here Also */
int sock,i=1;
memset(cgi,0,100);
memset(name,0,100);
memset(buffer1,0,BUFSIZ);
memset(buffer2,0,BUFSIZ);
/* THe CGI's List /cgi-bin/*.* */
cgi[1] = "GET /cgi-bin/phf SH \n\n";
cgi[2] = "GET /cgi-bin/test-cgi SH \n\n";
cgi[3] = "GET /cgi-bin/nph-test-cgi SH \n\n";
cgi[4] = "GET /cgi-bin/whois_raw.cgi SH \n\n";
cgi[5] = "GET /cgi-bin/Count.cgi SH \n\n";
cgi[6] = "GET /cgi-bin/search/tidfinder.cgi SH \n\n";
cgi[7] = "GET /cgi-bin/finger SH \n\n";
cgi[8] = "GET /cgi-bin/tablebuild.pl SH \n\n";
cgi[9] = "GET /cgi-bin/displayTC.pl SH \n\n";
cgi[10] = "GET /cgi-bin/uptime SH \n\n";
cgi[11] = "GET /cgi-bin/cvsweb/src/usr.bin/rdist/expand.c SH \n\n";
cgi[12] = "GET /cgi-bin/c_download.cgi SH \n\n";
cgi[13] = "GET /cgi-bin/program.pl SH \n\n";
cgi[14] = "GET /cgi-bin/ntitar.pl SH \n\n";
cgi[15] = "GET /cgi-bin/enter.cgi SH \n\n";
cgi[15] = "GET /cgi-bin/query_string.cgi SH \n\n";
cgi[16] = "GET /cgi-bin/AT-generate.cgi SH \n\n";
cgi[17] = "GET /cgi-bin/test.html SH \n\n";
cgi[18] = "GET /cgi-bin/test-unix.html SH \n\n";
cgi[19] = "GET /cgi-bin/printenv SH \n\n";
cgi[20] = "GET /cgi-bin/dasp/fm_shell.asp SH \n\n";
cgi[21] = "GET /cgi-bin/wa SH \n\n";
cgi[22] = "GET /cgi-bin/visadmin.exe SH \n\n";
cgi[23] = "GET /cgi-bin/wguest.exe SH \n\n";
cgi[24] = "GET /cgi-bin/rguest.exe SH \n\n";
cgi[25] = "GET /cgi-bin/AnyForm2 SH \n\n";
cgi[26] = "GET /cgi-dos/args.bat SH \n\n";
cgi[27] = "GET /cgi-bin/perlshop.cgi SH \n\n";
cgi[28] = "GET /cgi-bin/edit.pl SH \n\n";
cgi[29] = "GET /cgi-bin/guestbook.cgi SH \n\n";
cgi[30] = "GET /cgi-bin/cgiwrap SH \n\n";
cgi[31] = "GET /cgi-bin/wrap SH \n\n";
cgi[32] = "GET /cgi-bin/environ.cgi SH \n\n";
cgi[33] = "GET /cgi-bin/classifieds.cgi SH \n\n";
cgi[34] = "GET /cgi-bin/textcounter.pl SH \n\n";
cgi[35] = "GET /cgi-win/uploader.exe SH \n\n";
cgi[36] = "GET /cgi-bin/nph-publish SH \n\n";
cgi[37] = "GET /cgi-bin/handler SH \n\n";
cgi[38] = "GET /cgi-bin/faxsurvey SH \n\n";
cgi[39] = "GET /cgi-bin/php.cgi SH \n\n";
cgi[40] = "GET /cgi-bin/wwwboard.pl SH \n\n";
cgi[41] = "GET /cgi-bin/websendmail SH \n\n";
cgi[42] = "GET /cgi-bin/rwwwshell.pl SH \n\n";
cgi[43] = "GET /cgi-bin/campas SH \n\n";
cgi[44] = "GET /cgi-bin/webdist.cgi SH \n\n";
cgi[45] = "GET /cgi-bin/aglimpse SH \n\n";
cgi[46] = "GET /cgi-bin/man.sh SH \n\n";
cgi[47] = "GET /cgi-bin/info2www SH \n\n";
cgi[48] = "GET /cgi-bin/jj SH \n\n";
cgi[49] = "GET /cgi-bin/files.pl SH \n\n";
cgi[50] = "GET /cgi-bin/maillist.pl SH \n\n";
cgi[51] = "GET /cgi-bin/filemail.pl SH \n\n";
cgi[52] = "GET /cgi-bin/bnbform.cgi SH \n\n";
cgi[53] = "GET /cgi-bin/survey.cgi SH \n\n";
cgi[54] = "GET /cgi-bin/glimpse SH \n\n";
cgi[55] = "GET /cgi-bin/www-sql SH \n\n";
/* CGi Description */
name[1] = "phf ";
name[2] = "test-cgi ";
name[3] = "nph-test-cgi ";
name[4] = "whois_raw.cgi ";
name[5] = "Count.cgi ";
name[6] = "tidfinder.cgi ";
name[7] = "finger ";
name[8] = "tablebuild.pl ";
name[9] = "displayTC.pl ";
name[10] = "uptime ";
name[11] = "expand.c ";
name[12] = "c_download.cgi ";
name[13] = "program.pl ";
name[14] = "ntitar.pl ";
name[15] = "enter.cgi ";
name[16] = "query_tring.cgi ";
name[17] = "test.html ";
name[18] = "test-unix.html ";
name[19] = "printenv ";
name[20] = "fm_shell.asp ";
name[21] = "wa ";
name[22] = "visadmin.exe ";
name[23] = "wguest.exe ";
name[24] = "rguest.exe ";
name[25] = "AnyForm2 ";
name[26] = "args.bat ";
name[27] = "perlshop.cgi ";
name[28] = "edit.pl ";
name[29] = "guestbook ";
name[30] = "cgiwrap ";
name[31] = "wrap ";
name[32] = "environ.cgi ";
name[33] = "classifieds.cgi ";
name[34] = "textcounter.pl ";
name[35] = "uploader.exe ";
name[36] = "nph-publish ";
name[37] = "handler ";
name[38] = "faxsurvey ";
name[39] = "php.cgi ";
name[40] = "wwwboard.pl ";
name[41] = "websendmail ";
name[42] = "rwwwshwll ";
name[43] = "campas ";
name[44] = "webdist.cgi ";
name[45] = "aglimpse ";
name[46] = "man.sh ";
name[47] = "info2www ";
name[48] = "jj ";
name[49] = "files.pl ";
name[50] = "maillist.pl ";
name[51] = "filemail.pl ";
name[52] = "bnbform.cgi ";
name[53] = "survey.cgi ";
name[54] = "slinpse ";
name[55] = "www-sql ";
if ((f=fopen(OUT_FILE,"a"))==NULL){
perror("fopen");
exit(OXO);
}
if (argc != 2){
fprintf(stderr,"Usage: %s <remote host>\ncgiS.c By ZinC_Sh(C).\n",argv[0]);
exit(OXO);
}
if ((rh=gethostbyname(argv[1])) == NULL){
perror("gethostbyname");
exit(OXO);
}
printf("\t\t\t\b\b------------------------\n");
printf("\t\t\t\b\b|\033[6;35m CGi Scaner V1.0.1 .- \033[0m|\n");
printf("\t\t\t\b\b|\033[6;35m By ZinC_Sh(C).- \033[0m|\n");
printf("\t\t\t\b\b------------------------\n\n");
while (i < 55)
{
if((sock=socket(AF_INET,SOCK_STREAM,0)) == -1){
perror("Socket");
exit(OXO);
}
bzero(&(rmt_host.sin_zero),8);
rmt_host.sin_family = AF_INET;
rmt_host.sin_addr = *((struct in_addr *)rh->h_addr);
rmt_host.sin_port = htons(RMT_PORT);
if (connect(sock,(struct sockaddr *) &rmt_host ,sizeof(rmt_host)) != 0){
perror("connect");
exit(OXO);
}
printf("LookinG For %s\b\b\b\bCGI in /cgi-bin/ :",name[i]);
send(sock,cgi[i],sizeof(cgi),0);
recv(sock,buffer1,sizeof(buffer1),0);
if((strstr(buffer1,LOOK)) != 0){
printf("\t\033[1;32mCGI FounD !!!\033[0m\n");
fputs("FounD !!!",f);
fputs(cgi[i],f);
} else {
printf("\tCGI NoT FounD.\n");
}
close(sock);
i++;
}
printf("\nKapUt !\nMay The Poula KApribekou Be With You... (ZinC_Sh).\n");
printf("The Results Will Be Found In THe DOuiD.cgi File.\n");
fclose(f);
return 0;
}
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed