/* Fast CGI Checker este si que va rápido!! */ /* Para que okupe - si lo guardas en un server */ /* que "administras", no olvides stripear el */ /* binario y por si acaso borra la fuente ;) */ /* Source c0de original por [CKS & Fdisk] */ /* gracias Doing por ayudarnos a mejorarlo */ /* Saludos a #hacker_novatos y a toda la peña del DSR */ /* Este es software libre y sigue la GPL de GNU www.gnu.org ;) */ /* Ver final del código fuente para más información */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include int main(int argc, char *argv[]) { int sock,debugm=0; struct in_addr addr; struct sockaddr_in sin; struct hostent *he; unsigned long start; unsigned long end; unsigned long counter; char foundmsg[] = "200"; char *cgistr; char buffer[1024]; int count=0; int numin,suxes=0; char cgibuff[20]; char *buff[100]; /* Don't u think 100 is enough? ;-)*/ char *cginame[100]; /* Don't u think 100 is enough? */ buff[1] = "GET /cgi-bin/unlg1.1 HTTP/1.0\n\n"; /* v0rt-fu when u modify source, check this first line.... that's my 8-) */ buff[2] = "GET /cgi-bin/rwwwshell.pl HTTP/1.0\n\n"; buff[3] = "GET /cgi-bin/phf HTTP/1.0\n\n"; buff[4] = "GET /cgi-bin/Count.cgi HTTP/1.0\n\n"; buff[5] = "GET /cgi-bin/test-cgi HTTP/1.0\n\n"; buff[6] = "GET /cgi-bin/nph-test-cgi HTTP/1.0\n\n"; buff[7] = "GET /cgi-bin/nph-publish HTTP/1.0\n\n"; buff[8] = "GET /cgi-bin/php.cgi HTTP/1.0\n\n"; buff[9] = "GET /cgi-bin/handler HTTP/1.0\n\n"; buff[10] = "GET /cgi-bin/webgais HTTP/1.0\n\n"; buff[11] = "GET /cgi-bin/websendmail HTTP/1.0\n\n"; buff[12] = "GET /cgi-bin/webdist.cgi HTTP/1.0\n\n"; buff[13] = "GET /cgi-bin/faxsurvey HTTP/1.0\n\n"; buff[14] = "GET /cgi-bin/htmlscript HTTP/1.0\n\n"; buff[15] = "GET /cgi-bin/pfdispaly.cgi HTTP/1.0\n\n"; buff[16] = "GET /cgi-bin/perl.exe HTTP/1.0\n\n"; buff[17] = "GET /cgi-bin/wwwboard.pl HTTP/1.0\n\n"; buff[18] = "GET /cgi-bin/www-sql HTTP/1.0\n\n"; buff[19] = "GET /cgi-bin/view-source HTTP/1.0\n\n"; buff[20] = "GET /cgi-bin/campas HTTP/1.0\n\n"; buff[21] = "GET /cgi-bin/aglimpse HTTP/1.0\n\n"; buff[22] = "GET /cgi-bin/glimpse HTTP/1.0\n\n"; buff[23] = "GET /cgi-bin/man.sh HTTP/1.0\n\n"; buff[24] = "GET /cgi-bin/AT-admin.cgi HTTP/1.0\n\n"; buff[25] = "GET /cgi-bin/filemail.pl HTTP/1.0\n\n"; buff[26] = "GET /cgi-bin/maillist.pl HTTP/1.0\n\n"; buff[27] = "GET /cgi-bin/jj HTTP/1.0\n\n"; buff[28] = "GET /cgi-bin/info2www HTTP/1.0\n\n"; buff[29] = "GET /cgi-bin/files.pl HTTP/1.0\n\n"; buff[30] = "GET /cgi-bin/finger HTTP/1.0\n\n"; buff[31] = "GET /cgi-bin/bnbform.cgi HTTP/1.0\n\n"; buff[32] = "GET /cgi-bin/survey.cgi HTTP/1.0\n\n"; buff[33] = "GET /cgi-bin/AnyForm2 HTTP/1.0\n\n"; buff[34] = "GET /cgi-bin/textcounter.pl HTTP/1.0\n\n"; buff[35] = "GET /cgi-bin/classifieds.cgi HTTP/1.0\n\n"; buff[36] = "GET /cgi-bin/environ.cgi HTTP/1.0\n\n"; buff[37] = "GET /cgi-bin/wrap HTTP/1.0\n\n"; buff[38] = "GET /cgi-bin/cgiwrap HTTP/1.0\n\n"; buff[39] = "GET /cgi-bin/guestbook.cgi HTTP/1.0\n\n"; buff[40] = "GET /cgi-bin/edit.pl HTTP/1.0\n\n"; buff[41] = "GET /cgi-bin/perlshop.cgi HTTP/1.0\n\n"; buff[42] = "GET /_vti_inf.html HTTP/1.0\n\n"; buff[43] = "GET /_vti_pvt/service.pwd HTTP/1.0\n\n"; buff[44] = "GET /_vti_pvt/users.pwd HTTP/1.0\n\n"; buff[45] = "GET /_vti_pvt/authors.pwd HTTP/1.0\n\n"; buff[46] = "GET /_vti_pvt/administrators.pwd HTTP/1.0\n\n"; buff[47] = "GET /_vti_bin/shtml.dll HTTP/1.0\n\n"; buff[48] = "GET /_vti_bin/shtml.exe HTTP/1.0\n\n"; buff[49] = "GET /cgi-dos/args.bat HTTP/1.0\n\n"; buff[50] = "GET /cgi-win/uploader.exe HTTP/1.0\n\n"; buff[51] = "GET /cgi-bin/rguest.exe HTTP/1.0\n\n"; buff[52] = "GET /cgi-bin/wguest.exe HTTP/1.0\n\n"; buff[53] = "GET /scripts/issadmin/bdir.htr HTTP/1.0\n\n"; buff[54] = "GET /scripts/CGImail.exe HTTP/1.0\n\n"; buff[55] = "GET /scripts/tools/newdsn.exe HTTP/1.0\n\n"; buff[56] = "GET /scripts/fpcount.exe HTTP/1.0\n\n"; buff[57] = "GET /cfdocs/expelval/openfile.cfm HTTP/1.0\n\n"; buff[58] = "GET /cfdocs/expelval/exprcalc.cfm HTTP/1.0\n\n"; buff[59] = "GET /cfdocs/expelval/displayopenedfile.cfm HTTP/1.0\n\n"; buff[60] = "GET /cfdocs/expelval/sendmail.cfm HTTP/1.0\n\n"; buff[61] = "GET /iissamples/exair/howitworks/codebrws.asp HTTP/1.0\n\n"; buff[62] = "GET /iissamples/sdk/asp/docs/codebrws.asp HTTP/1.0\n\n"; buff[63] = "GET /msads/Samples/SELECTOR/showcode.asp HTTP/1.0\n\n"; buff[64] = "GET /search97.vts HTTP/1.0\n\n"; buff[65] = "GET /carbo.dll HTTP/1.0\n\n"; /*e have at archive about83 CGi,rule?;-) */ buff[66] = "GET /cgi-bin/info2html HTTP/1.0\n\n"; /* AÑADIDOS */ buff[67] = "GET /scripts/iisadmin/ism.dll HTTP/1.0\n\n"; buff[68] = "GET /scripts/slxweb.dll HTTP/1.0\n\n"; buff[69] = "GET /scripts/c32web.exe HTTP/1.0\n\n"; buff[70] = "GET /scripts/cart32.exe HTTP/1.0\n\n"; buff[71] = "GET /admin.php3 HTTP/1.0\n\n"; buff[72] = "GET /cgi-bin/amlite/amadmin.pl HTTP/1.0\n\n"; buff[73] = "GET /cgi-bin/subscribe.pl HTTP/1.0\n\n"; buff[74] = "GET /cgi-bin/htgrep HTTP/1.0\n\n"; buff[75] = "GET /cgi-bin/campas HTTP/1.0\n\n"; buff[76] = "GET /cgi-bin/excite HTTP/1.0\n\n"; buff[77] = "GET /search97.vts HTTP/1.0\n\n"; buff[78] = "GET /cgi-bin/plusmail HTTP/1.0\n\n"; buff[79] = "GET /cgi-auth/userreg.cgi HTTP/1.0\n\n"; buff[80] = "GET /cgi-bin/w3-msql HTTP/1.0\n\n"; buff[81] = "GET /cgi-bin/www-sql HTTP/1.0\n\n"; buff[82] = "GET /cgi-bin/wguest.exe HTTP/1.0\n\n"; buff[83] = "GET /cgi-bin/webwho.pl HTTP/1.0\n\n"; cginame[1] = "UnlG - backd00r "; cginame[2] = "THC - backd00r "; cginame[3] = "phf..classic :) "; cginame[4] = "Count.cgi "; cginame[5] = "test-cgi "; cginame[6] = "nph-test-cgi "; cginame[7] = "nph-publish "; cginame[8] = "php.cgi "; cginame[9] = "handler "; cginame[10] = "webgais "; cginame[11] = "websendmail "; cginame[12] = "webdist.cgi "; cginame[13] = "faxsurvey "; cginame[14] = "htmlscript "; cginame[15] = "pfdisplay "; cginame[16] = "perl.exe "; cginame[17] = "wwwboard.pl "; cginame[18] = "www-sql "; cginame[19] = "view-source "; cginame[20] = "campas "; cginame[21] = "aglimpse "; cginame[22] = "glimpse "; cginame[23] = "man.sh "; cginame[24] = "AT-admin.cgi "; cginame[25] = "filemail.pl "; cginame[26] = "maillist.pl "; cginame[27] = "jj "; cginame[28] = "info2www "; cginame[29] = "files.pl "; cginame[30] = "finger "; cginame[31] = "bnbform.cgi "; cginame[32] = "survey.cgi "; cginame[33] = "AnyForm2 "; cginame[34] = "textcounter.pl "; cginame[35] = "classifields.cgi"; cginame[36] = "environ.cgi "; cginame[37] = "wrap "; cginame[38] = "cgiwrap "; cginame[39] = "guestbook.cgi "; cginame[40] = "edit.pl "; cginame[41] = "perlshop.cgi "; cginame[42] = "_vti_inf.html "; cginame[43] = "service.pwd "; cginame[44] = "users.pwd "; cginame[45] = "authors.pwd "; cginame[46] = "administrators "; cginame[47] = "shtml.dll "; cginame[48] = "shtml.exe "; cginame[49] = "args.bat "; cginame[50] = "uploader.exe "; cginame[51] = "rguest.exe "; cginame[52] = "wguest.exe "; cginame[53] = "bdir - samples "; cginame[54] = "CGImail.exe "; cginame[55] = "newdsn.exe "; cginame[56] = "fpcount.exe "; cginame[57] = "openfile.cfm "; cginame[58] = "exprcalc.cfm "; cginame[59] = "dispopenedfile "; cginame[60] = "sendmail.cfm "; cginame[61] = "codebrws.asp "; cginame[62] = "codebrws.asp 2 "; cginame[63] = "showcode.asp "; cginame[64] = "search97.vts "; cginame[65] = "carbo.dll "; cginame[66] = "info2html "; cginame[67] = "ism.dll "; cginame[68] = "slxweb.dll "; cginame[69] = "c32web.exe "; cginame[70] = "cart32.exe "; cginame[71] = "php-nuke "; cginame[72] = "amlite "; cginame[73] = "sublite "; cginame[74] = "htgrep "; cginame[75] = "campas "; cginame[76] = "excite "; cginame[77] = "search97.vts "; cginame[78] = "plusmail "; cginame[79] = "userreg.cgi "; cginame[80] = "w3-msql "; cginame[81] = "www-sql "; cginame[82] = "wguest.exe "; cginame[83] = "webwho.pl "; if (argc<2) { printf("\n [-- CGI Checker 1.50. Por Craig y ECrayX (ver final código fuente) //UnlG --]"); printf("\nuso : %s host ",argv[0]); printf("\n o : %s host -d modo debug\n\n",argv[0]); exit(0); } if (argc>2) { if(strstr("-d",argv[2])) { debugm=1; } } if ((he=gethostbyname(argv[1])) == NULL) { herror("gethostbyname"); exit(0); } printf("\n\n\t [CKS & Fdisk]'s CGI Checker 1.50 - modificado por Craig y ECrayX //UnlG\n\n\n"); start=inet_addr(argv[1]); counter=ntohl(start); sock=socket(AF_INET, SOCK_STREAM, 0); bcopy(he->h_addr, (char *)&sin.sin_addr, he->h_length); sin.sin_family=AF_INET; sin.sin_port=htons(80); /* <--- if u want scan another port change it */ /* codex when u again change this code pls call proggi like this 1.35.1 or 1.35.[a..z] ;-) */ if (connect(sock, (struct sockaddr*)&sin, sizeof(sin))!=0) { perror("conecta"); } send(sock, "HEAD / HTTP/1.0\n\n",17,0); recv(sock, buffer, sizeof(buffer),0); printf("%s",buffer); close(sock); while(count++ < 83) /* 83 cgis..... no s3cur1ty in th1s w0rld ;-) y que lo digas */ { sock=socket(AF_INET, SOCK_STREAM, 0); bcopy(he->h_addr, (char *)&sin.sin_addr, he->h_length); sin.sin_family=AF_INET; sin.sin_port=htons(80); if (connect(sock, (struct sockaddr*)&sin, sizeof(sin))!=0) { perror("Kon3cta"); } printf("Buskand0 el %s : ",cginame[count]); for(numin=0;numin < 20;numin++) { cgibuff[numin] = '\0'; } send(sock, buff[count],strlen(buff[count]),0); recv(sock, cgibuff, sizeof(cgibuff),0); cgistr = strstr(cgibuff,foundmsg); if( cgistr != NULL) { printf("Me kiere !! ;)\n");++suxes; } else printf("No me kiere\n"); if(debugm==1) { printf("\n\n ------------------------\n %s \n ------------------------\n",cgibuff); printf("Es ke kieres ke T lo hag4 tod0? dale a 1a tekla!....\n"); getchar(); } close(sock); } if (suxes) { printf("...lammer server, hazte con el... 8====D(o)\n"); } else printf ("...el #@!$%& no tiene cgis conocidos.... ...joputa!\n"); } /* Código de ECrayX y Craig * * (c) 2000, Pedro Andújar y Jaime Anguiano Olarra. * * Pd. Actualmente estoy trabajando en una versión nueva para GNOME y Gtk+, cuando la * tenga terminada ya la pondré a vuestra disposición. Jaime. Visita www.gcubo.org * * Usadlo solo para asegurar vuestras máquinas. */