what you don't know can hurt you

cgiscan2.c

cgiscan2.c
Posted Aug 17, 1999
Authored by Bronc Buster

Updated version of cgi exploit scanner, with additional checks for new exploits.

tags | exploit, cgi
MD5 | bcae04b7d21516c8070762163a6836dd

cgiscan2.c

Change Mirror Download
/*
See my original code for credits.

This asks a web server (on Unix or NT) if it is running services
that are known to be exploitable. If it finds them it tells you,
but it won't exploit them. I updated this so it looks for some new
holes in diffrent types of web servers, and new web server that are
coming out on the market.

To complie:
luser$ gcc cgiscan.c -o cgiscan
To use:
luser$ ./cgiscan somedomain.com (i.e. ./cgiscan antionline.com)

coded by Bronc Buster
Jan 1999
Updated Feb 1999
*/

#include <sys/types.h>
#include <netinet/in.h>
#include <string.h>
#include <netdb.h>
#include <ctype.h>
#include <arpa/nameser.h>
#include <strings.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/socket.h>
#define MAX_SIZE 24 /* make this the size of temp[] if you change it */

int main(int argc, char *argv[])
{
int s;
struct in_addr addr;
struct sockaddr_in victem;
struct hostent *bad;
char foundmsg[] = "200";
char *cgistr;
char buffer[1024];
char cgibuff[1024];
int num,i=0;
char *temp[MAX_SIZE];
char *name[MAX_SIZE];

temp[1] = "GET /cgi-bin/phf HTTP/1.0\n\n";
temp[2] = "GET /cgi-bin/Count.cgi HTTP/1.0\n\n";
temp[3] = "GET /cgi-bin/test-cgi HTTP/1.0\n\n";
temp[4] = "GET /cgi-bin/php.cgi HTTP/1.0\n\n";
temp[5] = "GET /cgi-bin/handler HTTP/1.0\n\n";
temp[6] = "GET /cgi-bin/webgais HTTP/1.0\n\n";
temp[7] = "GET /cgi-bin/websendmail HTTP/1.0\n\n";
temp[8] = "GET /cgi-bin/webdist.cgi HTTP/1.0\n\n";
temp[9] = "GET /cgi-bin/faxsurvey HTTP/1.0\n\n";
temp[10] = "GET /cgi-bin/htmlscript HTTP/1.0\n\n";
temp[11] = "GET /cgi-bin/pfdispaly.cgi HTTP/1.0\n\n";
temp[12] = "GET /cgi-bin/perl.exe HTTP/1.0\n\n";
temp[13] = "GET /cgi-bin/wwwboard.pl HTTP/1.0\n\n";
temp[14] = "GET /cgi-bin/www-sql HTTP/1.0\n\n";
temp[15] = "GET /_vti_pvt/service.pwd HTTP/1.0\n\n";
temp[16] = "GET /_vti_pvt/users.pwd HTTP/1.0\n\n";
temp[17] = "GET /cgi-bin/aglimpse HTTP/1.0\n\n";
temp[18] = "GET /cgi-bin/man.sh HTTP/1.0\n\n";
temp[19] = "GET /cgi-bin/view-source HTTP/1.0\n\n";
temp[20] = "GET /cgi-bin/campas HTTP/1.0\n\n";
temp[21] = "GET /cgi-bin/nph-test-cgi HTTP/1.0\n\n";
temp[22] = "GET /cgi-dos/args.bat HTTP/1.0\n\n";
temp[23] = "GET /cgi-win/uploader.exe HTTP/1.0\n\n";

name[1] = "phf";
name[2] = "Count.cgi";
name[3] = "test-cgi";
name[4] = "php.cgi";
name[5] = "handler";
name[6] = "webgais";
name[7] = "websendmail";
name[8] = "webdist.cgi";
name[9] = "faxsurvey";
name[10] = "htmlscript";
name[11] = "pfdisplay";
name[12] = "perl.exe";
name[13] = "wwwboard.pl";
name[14] = "www-sql";
name[15] = "service.pwd";
name[16] = "users.pwd";
name[17] = "aglimpse";
name[18] = "man.sh";
name[19] = "view-source";
name[20] = "campas";
name[21] = "nph-test-cgi";
name[22] = "args.bat";
name[23] = "uploader.exe";

if (argc!=2)
{
exit(printf("\nUsage : %s domain.com\n ",argv[0]));
}
if ((bad=gethostbyname(argv[1])) == NULL)
{
exit(printf("Error getting hostname"));
}

printf("New web server hole and info scanner for elite kode kiddies\n");
printf("coded by Bronc Buster - Updated Feb 1999\n");

system("sleep 2");

s=socket(AF_INET, SOCK_STREAM, 0);
if(s<0) exit(printf("Socket error"));
bcopy(bad->h_addr, (char *)&victem.sin_addr, bad->h_length);
victem.sin_family=AF_INET;
victem.sin_port=htons(80);

if (connect(s, (struct sockaddr*)&victem, sizeof(victem))<0)
{
exit(printf("Connect error"));
}
printf("\nGetting HTTP version\n\n");
send(s, "HEAD / HTTP/1.0\n\n",17,0);
recv(s, buffer, sizeof(buffer),0);
printf("Version:\n%s",buffer);

close(s);
system("sleep 2");

while(i++ < MAX_SIZE)
{
s=socket(AF_INET, SOCK_STREAM, 0);
bcopy(bad->h_addr, (char *)&victem.sin_addr, bad->h_length);
victem.sin_family=AF_INET;
victem.sin_port=htons(80);
if (connect(s, (struct sockaddr*)&victem, sizeof(victem))<0)
{
exit(printf("Connect error"));
}
printf("Searching for %s : ",name[i]);
for(num=0; num<1024; num++)
{
cgibuff[num] = '\0';
}

send(s, temp[i],strlen(temp[i]),0);
recv(s, cgibuff, sizeof(cgibuff),0);
cgistr = strstr(cgibuff,foundmsg);
if(cgistr != NULL)
printf(" * * Found * * \n");
else
printf(". . Not Found . .\n");

close(s);
}
return 0;
}
/* EOF */

/*
Fryz, Prophet, Snupe, MostHateD - you are the lamest fucks
on this planet.

b4b0 - I still have them pics of you guys in a gay orgy you sent me,
please stop sending them.
*/

Login or Register to add favorites

File Archive:

January 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    4 Files
  • 2
    Jan 2nd
    3 Files
  • 3
    Jan 3rd
    3 Files
  • 4
    Jan 4th
    33 Files
  • 5
    Jan 5th
    31 Files
  • 6
    Jan 6th
    21 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    19 Files
  • 9
    Jan 9th
    1 Files
  • 10
    Jan 10th
    1 Files
  • 11
    Jan 11th
    33 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    27 Files
  • 14
    Jan 14th
    8 Files
  • 15
    Jan 15th
    16 Files
  • 16
    Jan 16th
    1 Files
  • 17
    Jan 17th
    2 Files
  • 18
    Jan 18th
    20 Files
  • 19
    Jan 19th
    32 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close