exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

cgiscan2.c

cgiscan2.c
Posted Aug 17, 1999
Authored by Bronc Buster

Updated version of cgi exploit scanner, with additional checks for new exploits.

tags | exploit, cgi
SHA-256 | c62d6178c4b5ea44b60d8e433c016dcee55f3ea9036fdc47f21330b0c6fe6b76

cgiscan2.c

Change Mirror Download
/*
See my original code for credits.

This asks a web server (on Unix or NT) if it is running services
that are known to be exploitable. If it finds them it tells you,
but it won't exploit them. I updated this so it looks for some new
holes in diffrent types of web servers, and new web server that are
coming out on the market.

To complie:
luser$ gcc cgiscan.c -o cgiscan
To use:
luser$ ./cgiscan somedomain.com (i.e. ./cgiscan antionline.com)

coded by Bronc Buster
Jan 1999
Updated Feb 1999
*/

#include <sys/types.h>
#include <netinet/in.h>
#include <string.h>
#include <netdb.h>
#include <ctype.h>
#include <arpa/nameser.h>
#include <strings.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/socket.h>
#define MAX_SIZE 24 /* make this the size of temp[] if you change it */

int main(int argc, char *argv[])
{
int s;
struct in_addr addr;
struct sockaddr_in victem;
struct hostent *bad;
char foundmsg[] = "200";
char *cgistr;
char buffer[1024];
char cgibuff[1024];
int num,i=0;
char *temp[MAX_SIZE];
char *name[MAX_SIZE];

temp[1] = "GET /cgi-bin/phf HTTP/1.0\n\n";
temp[2] = "GET /cgi-bin/Count.cgi HTTP/1.0\n\n";
temp[3] = "GET /cgi-bin/test-cgi HTTP/1.0\n\n";
temp[4] = "GET /cgi-bin/php.cgi HTTP/1.0\n\n";
temp[5] = "GET /cgi-bin/handler HTTP/1.0\n\n";
temp[6] = "GET /cgi-bin/webgais HTTP/1.0\n\n";
temp[7] = "GET /cgi-bin/websendmail HTTP/1.0\n\n";
temp[8] = "GET /cgi-bin/webdist.cgi HTTP/1.0\n\n";
temp[9] = "GET /cgi-bin/faxsurvey HTTP/1.0\n\n";
temp[10] = "GET /cgi-bin/htmlscript HTTP/1.0\n\n";
temp[11] = "GET /cgi-bin/pfdispaly.cgi HTTP/1.0\n\n";
temp[12] = "GET /cgi-bin/perl.exe HTTP/1.0\n\n";
temp[13] = "GET /cgi-bin/wwwboard.pl HTTP/1.0\n\n";
temp[14] = "GET /cgi-bin/www-sql HTTP/1.0\n\n";
temp[15] = "GET /_vti_pvt/service.pwd HTTP/1.0\n\n";
temp[16] = "GET /_vti_pvt/users.pwd HTTP/1.0\n\n";
temp[17] = "GET /cgi-bin/aglimpse HTTP/1.0\n\n";
temp[18] = "GET /cgi-bin/man.sh HTTP/1.0\n\n";
temp[19] = "GET /cgi-bin/view-source HTTP/1.0\n\n";
temp[20] = "GET /cgi-bin/campas HTTP/1.0\n\n";
temp[21] = "GET /cgi-bin/nph-test-cgi HTTP/1.0\n\n";
temp[22] = "GET /cgi-dos/args.bat HTTP/1.0\n\n";
temp[23] = "GET /cgi-win/uploader.exe HTTP/1.0\n\n";

name[1] = "phf";
name[2] = "Count.cgi";
name[3] = "test-cgi";
name[4] = "php.cgi";
name[5] = "handler";
name[6] = "webgais";
name[7] = "websendmail";
name[8] = "webdist.cgi";
name[9] = "faxsurvey";
name[10] = "htmlscript";
name[11] = "pfdisplay";
name[12] = "perl.exe";
name[13] = "wwwboard.pl";
name[14] = "www-sql";
name[15] = "service.pwd";
name[16] = "users.pwd";
name[17] = "aglimpse";
name[18] = "man.sh";
name[19] = "view-source";
name[20] = "campas";
name[21] = "nph-test-cgi";
name[22] = "args.bat";
name[23] = "uploader.exe";

if (argc!=2)
{
exit(printf("\nUsage : %s domain.com\n ",argv[0]));
}
if ((bad=gethostbyname(argv[1])) == NULL)
{
exit(printf("Error getting hostname"));
}

printf("New web server hole and info scanner for elite kode kiddies\n");
printf("coded by Bronc Buster - Updated Feb 1999\n");

system("sleep 2");

s=socket(AF_INET, SOCK_STREAM, 0);
if(s<0) exit(printf("Socket error"));
bcopy(bad->h_addr, (char *)&victem.sin_addr, bad->h_length);
victem.sin_family=AF_INET;
victem.sin_port=htons(80);

if (connect(s, (struct sockaddr*)&victem, sizeof(victem))<0)
{
exit(printf("Connect error"));
}
printf("\nGetting HTTP version\n\n");
send(s, "HEAD / HTTP/1.0\n\n",17,0);
recv(s, buffer, sizeof(buffer),0);
printf("Version:\n%s",buffer);

close(s);
system("sleep 2");

while(i++ < MAX_SIZE)
{
s=socket(AF_INET, SOCK_STREAM, 0);
bcopy(bad->h_addr, (char *)&victem.sin_addr, bad->h_length);
victem.sin_family=AF_INET;
victem.sin_port=htons(80);
if (connect(s, (struct sockaddr*)&victem, sizeof(victem))<0)
{
exit(printf("Connect error"));
}
printf("Searching for %s : ",name[i]);
for(num=0; num<1024; num++)
{
cgibuff[num] = '\0';
}

send(s, temp[i],strlen(temp[i]),0);
recv(s, cgibuff, sizeof(cgibuff),0);
cgistr = strstr(cgibuff,foundmsg);
if(cgistr != NULL)
printf(" * * Found * * \n");
else
printf(". . Not Found . .\n");

close(s);
}
return 0;
}
/* EOF */

/*
Fryz, Prophet, Snupe, MostHateD - you are the lamest fucks
on this planet.

b4b0 - I still have them pics of you guys in a gay orgy you sent me,
please stop sending them.
*/

Login or Register to add favorites

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    8 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close