exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Guile-scan.c

Guile-scan.c
Posted Sep 29, 1999

Cgi Scan v3.1: scans for vulnerable web servers. Based on Ech0's cgi scanner, modified and re-written by Guilecool (### - ircNET - ImperialS). Scans 44 known vulnerabilities.

tags | web, cgi, vulnerability
systems | unix
SHA-256 | 032700ebd0a78cfdac4738909b0120a5f7918bcbf24870952327c173ffe3ecf8

Guile-scan.c

Change Mirror Download
/* Cgi Scan v3.1 - scans for vunerabil webbased servers    */

/* Based on Ech0's cgi scanner - i thought it was crap :( */
/* Modified and re-written by Guilecool (### - ircNET - ImperialS) */

/* Most of these can be exploited via www.anonymiser.com */
/* phf isnt allow - others havent been tested by should */
/* work. */

/* Considering this scans a server for 44 vunerabilities */
/* only those exploits found are shown so you can track */
/* what is actually happening */

/* Thanks to ImPeRiAlS for helping me pull through the */
/* the hard times and made me continue to code :) */

/* Guilecool */

#include <fcntl.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <signal.h>
#include <stdio.h>
#include <string.h>
#include <netdb.h>
#include <ctype.h>
#include <arpa/nameser.h>
#include <sys/stat.h>
#include <strings.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/socket.h>

void main(int argc, char *argv[])
{
int sock,debugm=0;
struct in_addr addr;
struct sockaddr_in sin;
struct hostent *he;
unsigned long start;
unsigned long end;
unsigned long counter;
char foundmsg[] = "200";
char *cgistr;
char buffer[1024];
int count=0;
int numin;
char cgibuff[1024];
char *buff[50];
char *cginame[50];

buff[1] = "GET /cgi-bin/unlg1.1 HTTP/1.0\n\n";
buff[2] = "GET /cgi-bin/phf HTTP/1.0\n\n";
buff[3] = "GET /cgi-bin/Count.cgi HTTP/1.0\n\n";
buff[4] = "GET /cgi-bin/test-cgi HTTP/1.0\n\n";
buff[5] = "GET /cgi-bin/nph-test-cgi HTTP/1.0\n\n";
buff[6] = "GET /cgi-bin/php.cgi HTTP/1.0\n\n";
buff[7] = "GET /cgi-bin/handler HTTP/1.0\n\n";
buff[8] = "GET /cgi-bin/webgais HTTP/1.0\n\n";
buff[9] = "GET /cgi-bin/websendmail HTTP/1.0\n\n";
buff[10] = "GET /cgi-bin/webdist.cgi HTTP/1.0\n\n";
buff[11] = "GET /cgi-bin/faxsurvey HTTP/1.0\n\n";
buff[12] = "GET /cgi-bin/htmlscript HTTP/1.0\n\n";
buff[13] = "GET /cgi-bin/pfdispaly.cgi HTTP/1.0\n\n";
buff[14] = "GET /cgi-bin/perl.exe HTTP/1.0\n\n";
buff[15] = "GET /cgi-bin/wwwboard.pl HTTP/1.0\n\n";
buff[16] = "GET /cgi-bin/www-sql HTTP/1.0\n\n";
buff[17] = "GET /cgi-bin/view-source HTTP/1.0\n\n";
buff[18] = "GET /cgi-bin/campas HTTP/1.0\n\n";
buff[19] = "GET /cgi-bin/aglimpse HTTP/1.0\n\n";
buff[20] = "GET /cgi-bin/man.sh HTTP/1.0\n\n";
buff[21] = "GET /cgi-bin/AT-admin.cgi HTTP/1.0\n\n";
buff[22] = "GET /cgi-bin/filemail.pl HTTP/1.0\n\n";
buff[23] = "GET /cgi-bin/maillist.pl HTTP/1.0\n\n";
buff[24] = "GET /cgi-bin/jj HTTP/1.0\n\n";
buff[25] = "GET /cgi-bin/info2www HTTP/1.0\n\n";
buff[26] = "GET /cgi-bin/files.pl HTTP/1.0\n\n";
buff[27] = "GET /cgi-bin/finger HTTP/1.0\n\n";
buff[28] = "GET /cgi-bin/bnbform.cgi HTTP/1.0\n\n";
buff[29] = "GET /cgi-bin/survey.cgi HTTP/1.0\n\n";
buff[30] = "GET /cgi-bin/AnyForm2 HTTP/1.0\n\n";
buff[31] = "GET /cgi-bin/textcounter.pl HTTP/1.0\n\n";
buff[32] = "GET /cgi-bin/classifieds.cgi HTTP/1.0\n\n";
buff[33] = "GET /cgi-bin/environ.cgi HTTP/1.0\n\n";
buff[34] = "GET /_vti_pvt/service.pwd HTTP/1.0\n\n";
buff[35] = "GET /_vti_pvt/users.pwd HTTP/1.0\n\n";
buff[36] = "GET /_vti_pvt/authors.pwd HTTP/1.0\n\n";
buff[37] = "GET /_vti_pvt/administrators.pwd HTTP/1.0\n\n";
buff[38] = "GET /cgi-dos/args.bat HTTP/1.0\n\n";
buff[39] = "GET /cgi-win/uploader.exe HTTP/1.0\n\n";
buff[40] = "GET /search97.vts HTTP/1.0\n\n";
buff[41] = "GET /carbo.dll HTTP/1.0\n\n";
buff[42] = "GET /cgi-bin/fpexplore.exe HTTP/1.0\n\n";
buff[43] = "GET /cfdocs/expeval/openfile.cfm HTTP/1.0\n\n";
buff[44] = "GET /cgi-bin/whois_raw.cgi HTTP/1.0\n\n";

cginame[1] = "UnlG ";
cginame[2] = "phf ";
cginame[3] = "Count.cgi ";
cginame[4] = "test-cgi ";
cginame[5] = "nph-test-cgi ";
cginame[6] = "php.cgi ";
cginame[7] = "handler ";
cginame[8] = "webgais ";
cginame[9] = "websendmail ";
cginame[10] = "webdist.cgi ";
cginame[11] = "faxsurvey ";
cginame[12] = "htmlscript ";
cginame[13] = "pfdisplay ";
cginame[14] = "perl.exe ";
cginame[15] = "wwwboard.pl ";
cginame[16] = "www-sql ";
cginame[17] = "view-source ";
cginame[18] = "campas ";
cginame[19] = "aglimpse ";
cginame[20] = "man.sh ";
cginame[21] = "AT-admin.cgi ";
cginame[22] = "filemail.pl ";
cginame[23] = "maillist.pl ";
cginame[24] = "jj ";
cginame[25] = "info2www ";
cginame[26] = "files.pl ";
cginame[27] = "finger ";
cginame[28] = "bnbform.cgi ";
cginame[29] = "survey.cgi ";
cginame[30] = "AnyForm2 ";
cginame[31] = "textcounter.pl ";
cginame[32] = "classifields.cgi ";
cginame[33] = "environ.cgi ";
cginame[34] = "service.pwd ";
cginame[35] = "users.pwd ";
cginame[36] = "authors.pwd ";
cginame[37] = "administrators.pwd ";
cginame[38] = "args.bat ";
cginame[39] = "uploader.exe ";
cginame[40] = "search97.vts ";
cginame[41] = "carbo.dll ";
cginame[42] = "fpexplore.exe ";
cginame[43] = "openfile.cfm ";
cginame[44] = "whois.cgi ";

if (argc<2)
{
printf("\n _ _ __ ___ _ _ _ _ __ ___ _ _ _ _ __ ___ _ _ ");
printf("\n( )_( )/. | / __)( )_( ) ( )_( )/. | / __)( )_( ) ( )_( )/. | / __)( )_( )");
printf("\n ) _ ((_ _)`__ ` ) _ ( ) _ ((_ _)`__ ` ) _ ( ) _ ((_ _)`__ ` ) _ ( ");
printf("\n(_) (_) (_) (___/(_) (_) (_) (_) (_) (___/(_) (_) (_) (_) (_) (___/(_) (_)");
printf("\n Presents");
printf("\n [ Cgi Scanner ]");
printf("\n v3.1");
printf("\n ### - ImPeRiAlS KreW - Guilecool ");
printf("\n");
printf("\nUsage: ./cgi www.server.com\n");
printf("\n");
exit(0);
}

if (argc>2)
{
if(strstr("-d",argv[2]))
{
debugm=1;
}
}

if ((he=gethostbyname(argv[1])) == NULL)
{
herror("gethostbyname");
exit(0);
}

start=inet_addr(argv[1]);
counter=ntohl(start);

sock=socket(AF_INET, SOCK_STREAM, 0);
bcopy(he->h_addr, (char *)&sin.sin_addr, he->h_length);
sin.sin_family=AF_INET;
sin.sin_port=htons(80);

if (connect(sock, (struct sockaddr*)&sin, sizeof(sin))!=0)
{
perror("connect");
}

printf("\n _ _ __ ___ _ _ _ _ __ ___ _ _ _ _ __ ___ _ _ ");
printf("\n( )_( )/. | / __)( )_( ) ( )_( )/. | / __)( )_( ) ( )_( )/. | / __)( )_( )");
printf("\n ) _ ((_ _)`__ ` ) _ ( ) _ ((_ _)`__ ` ) _ ( ) _ ((_ _)`__ ` ) _ ( ");
printf("\n(_) (_) (_) (___/(_) (_) (_) (_) (_) (___/(_) (_) (_) (_) (_) (___/(_) (_)");
printf("\n Presents");
printf("\n [ Cgi Scanner ]");
printf("\n v3.1");
printf("\n ### - ImPeRiAlS KreW - Guilecool ");
printf("\n");
printf("\nCgi Scan v3.0");
printf("\n\nPress any key to continue\n\n");
getchar();
printf("\nReceiving Httpd Version\n\n");
send(sock, "HEAD / HTTP/1.0\n\n",17,0);
recv(sock, buffer, sizeof(buffer),0);
printf("%s",buffer);
close(sock);
printf("\n\nReceiving Cgi Details\n\n");
while(count++ < 43)
{
sock=socket(AF_INET, SOCK_STREAM, 0);
bcopy(he->h_addr, (char *)&sin.sin_addr, he->h_length);
sin.sin_family=AF_INET;
sin.sin_port=htons(80);
if (connect(sock, (struct sockaddr*)&sin, sizeof(sin))!=0)
{
perror("connect");
}
for(numin=0;numin < 1024;numin++)
{
cgibuff[numin] = '\0';
}

send(sock, buff[count],strlen(buff[count]),0);
recv(sock, cgibuff, sizeof(cgibuff),0);
cgistr = strstr(cgibuff,foundmsg);

if( cgistr != NULL) {
printf("%s :",cginame[count]);
printf(" Found\n");
}

}
printf("\nScan Complete\n\n");
printf("\Guilecool -- ### impsrewl@hotmail.com\n\n");
}
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close