/* * AUTHOR: ZinC_Sh(C) E-MAIL: zinc_sh@hotmail.com * * DATE: Sat Feb 5 19:07:44 GMT+2 2000 @754 * * SYSTEMS: Linux , OpenBSD , FreeBSD and more... * * COMPILE: gcc -o cgiS cgiS.c * * EXEC: cgiS www.destination.com * * DESCRIPTION: The Following Code Is a Cgi-Scaner That Scans Files.* * Which You Can Find In The /cgi-bin/*.* * * --------- [ Cgi-Scaners Problem ] --------- * * With The Entrance Of 2000 a Problem Presented in The Cgi-ScanerS. * 9 to 10 Sites That They Were Scanned , had as result The Finding * Of all The Files That Scanner had Checked. ( CAN'T BE THAT ) * * PROBLEM: The Problem Appears To The ''Variable'' Which The Coder has declared * in order to be checked by the strstr();. * The ''Variable'' is "200" * * SOLUTION: The Solution is feasable By Changing "200" To "200 OK" * * PROBLEM DESCRIPTION: The real Problem iS That The strstr(); scans For The * String named "200" in The Buffer Which received From The Site. * The "200" Will Be included in The buffer Only If The search on The Site is * True ( That means ''the file exists '' ), * Otherwise, Other data Will Be stored in The Buffer Such as HTTPd Version, DATE * and more... * From The first of January/2000 we Have The Problem With The date Which * is 1/1/"200"0 and includes The "200". * This Means That Both results "TRUE" and "FALSE" have The DAte [1/1/2000] So, * That Is The Problem. * * If Anyone Modify This Code I woulD like To Have A copy. * * May The Poula Kapribekou Be With YOu... */ #include #include #include #include #include #include #include #include #include #include #include #include #include #define RMT_PORT 80 #define OXO 1 #define LOOK "200 OK" /* ALL PROBLES HAVE A SOLUTION :) */ #define OUT_FILE "DOuiD.cgi" /* The out-put file with the result */ main(int argc, char *argv[]) { struct sockaddr_in rmt_host; struct hostent *rh; FILE *f; char buffer1[BUFSIZ]; char buffer2[BUFSIZ]; char *cgi[100]; /* You Can Change It Of Course */ char *name[100]; /* Here Also */ int sock,i=1; memset(cgi,0,100); memset(name,0,100); memset(buffer1,0,BUFSIZ); memset(buffer2,0,BUFSIZ); /* THe CGI's List /cgi-bin/*.* */ cgi[1] = "GET /cgi-bin/phf SH \n\n"; cgi[2] = "GET /cgi-bin/test-cgi SH \n\n"; cgi[3] = "GET /cgi-bin/nph-test-cgi SH \n\n"; cgi[4] = "GET /cgi-bin/whois_raw.cgi SH \n\n"; cgi[5] = "GET /cgi-bin/Count.cgi SH \n\n"; cgi[6] = "GET /cgi-bin/search/tidfinder.cgi SH \n\n"; cgi[7] = "GET /cgi-bin/finger SH \n\n"; cgi[8] = "GET /cgi-bin/tablebuild.pl SH \n\n"; cgi[9] = "GET /cgi-bin/displayTC.pl SH \n\n"; cgi[10] = "GET /cgi-bin/uptime SH \n\n"; cgi[11] = "GET /cgi-bin/cvsweb/src/usr.bin/rdist/expand.c SH \n\n"; cgi[12] = "GET /cgi-bin/c_download.cgi SH \n\n"; cgi[13] = "GET /cgi-bin/program.pl SH \n\n"; cgi[14] = "GET /cgi-bin/ntitar.pl SH \n\n"; cgi[15] = "GET /cgi-bin/enter.cgi SH \n\n"; cgi[15] = "GET /cgi-bin/query_string.cgi SH \n\n"; cgi[16] = "GET /cgi-bin/AT-generate.cgi SH \n\n"; cgi[17] = "GET /cgi-bin/test.html SH \n\n"; cgi[18] = "GET /cgi-bin/test-unix.html SH \n\n"; cgi[19] = "GET /cgi-bin/printenv SH \n\n"; cgi[20] = "GET /cgi-bin/dasp/fm_shell.asp SH \n\n"; cgi[21] = "GET /cgi-bin/wa SH \n\n"; cgi[22] = "GET /cgi-bin/visadmin.exe SH \n\n"; cgi[23] = "GET /cgi-bin/wguest.exe SH \n\n"; cgi[24] = "GET /cgi-bin/rguest.exe SH \n\n"; cgi[25] = "GET /cgi-bin/AnyForm2 SH \n\n"; cgi[26] = "GET /cgi-dos/args.bat SH \n\n"; cgi[27] = "GET /cgi-bin/perlshop.cgi SH \n\n"; cgi[28] = "GET /cgi-bin/edit.pl SH \n\n"; cgi[29] = "GET /cgi-bin/guestbook.cgi SH \n\n"; cgi[30] = "GET /cgi-bin/cgiwrap SH \n\n"; cgi[31] = "GET /cgi-bin/wrap SH \n\n"; cgi[32] = "GET /cgi-bin/environ.cgi SH \n\n"; cgi[33] = "GET /cgi-bin/classifieds.cgi SH \n\n"; cgi[34] = "GET /cgi-bin/textcounter.pl SH \n\n"; cgi[35] = "GET /cgi-win/uploader.exe SH \n\n"; cgi[36] = "GET /cgi-bin/nph-publish SH \n\n"; cgi[37] = "GET /cgi-bin/handler SH \n\n"; cgi[38] = "GET /cgi-bin/faxsurvey SH \n\n"; cgi[39] = "GET /cgi-bin/php.cgi SH \n\n"; cgi[40] = "GET /cgi-bin/wwwboard.pl SH \n\n"; cgi[41] = "GET /cgi-bin/websendmail SH \n\n"; cgi[42] = "GET /cgi-bin/rwwwshell.pl SH \n\n"; cgi[43] = "GET /cgi-bin/campas SH \n\n"; cgi[44] = "GET /cgi-bin/webdist.cgi SH \n\n"; cgi[45] = "GET /cgi-bin/aglimpse SH \n\n"; cgi[46] = "GET /cgi-bin/man.sh SH \n\n"; cgi[47] = "GET /cgi-bin/info2www SH \n\n"; cgi[48] = "GET /cgi-bin/jj SH \n\n"; cgi[49] = "GET /cgi-bin/files.pl SH \n\n"; cgi[50] = "GET /cgi-bin/maillist.pl SH \n\n"; cgi[51] = "GET /cgi-bin/filemail.pl SH \n\n"; cgi[52] = "GET /cgi-bin/bnbform.cgi SH \n\n"; cgi[53] = "GET /cgi-bin/survey.cgi SH \n\n"; cgi[54] = "GET /cgi-bin/glimpse SH \n\n"; cgi[55] = "GET /cgi-bin/www-sql SH \n\n"; /* CGi Description */ name[1] = "phf "; name[2] = "test-cgi "; name[3] = "nph-test-cgi "; name[4] = "whois_raw.cgi "; name[5] = "Count.cgi "; name[6] = "tidfinder.cgi "; name[7] = "finger "; name[8] = "tablebuild.pl "; name[9] = "displayTC.pl "; name[10] = "uptime "; name[11] = "expand.c "; name[12] = "c_download.cgi "; name[13] = "program.pl "; name[14] = "ntitar.pl "; name[15] = "enter.cgi "; name[16] = "query_tring.cgi "; name[17] = "test.html "; name[18] = "test-unix.html "; name[19] = "printenv "; name[20] = "fm_shell.asp "; name[21] = "wa "; name[22] = "visadmin.exe "; name[23] = "wguest.exe "; name[24] = "rguest.exe "; name[25] = "AnyForm2 "; name[26] = "args.bat "; name[27] = "perlshop.cgi "; name[28] = "edit.pl "; name[29] = "guestbook "; name[30] = "cgiwrap "; name[31] = "wrap "; name[32] = "environ.cgi "; name[33] = "classifieds.cgi "; name[34] = "textcounter.pl "; name[35] = "uploader.exe "; name[36] = "nph-publish "; name[37] = "handler "; name[38] = "faxsurvey "; name[39] = "php.cgi "; name[40] = "wwwboard.pl "; name[41] = "websendmail "; name[42] = "rwwwshwll "; name[43] = "campas "; name[44] = "webdist.cgi "; name[45] = "aglimpse "; name[46] = "man.sh "; name[47] = "info2www "; name[48] = "jj "; name[49] = "files.pl "; name[50] = "maillist.pl "; name[51] = "filemail.pl "; name[52] = "bnbform.cgi "; name[53] = "survey.cgi "; name[54] = "slinpse "; name[55] = "www-sql "; if ((f=fopen(OUT_FILE,"a"))==NULL){ perror("fopen"); exit(OXO); } if (argc != 2){ fprintf(stderr,"Usage: %s \ncgiS.c By ZinC_Sh(C).\n",argv[0]); exit(OXO); } if ((rh=gethostbyname(argv[1])) == NULL){ perror("gethostbyname"); exit(OXO); } printf("\t\t\t\b\b------------------------\n"); printf("\t\t\t\b\b|\033[6;35m CGi Scaner V1.0.1 .- \033[0m|\n"); printf("\t\t\t\b\b|\033[6;35m By ZinC_Sh(C).- \033[0m|\n"); printf("\t\t\t\b\b------------------------\n\n"); while (i < 55) { if((sock=socket(AF_INET,SOCK_STREAM,0)) == -1){ perror("Socket"); exit(OXO); } bzero(&(rmt_host.sin_zero),8); rmt_host.sin_family = AF_INET; rmt_host.sin_addr = *((struct in_addr *)rh->h_addr); rmt_host.sin_port = htons(RMT_PORT); if (connect(sock,(struct sockaddr *) &rmt_host ,sizeof(rmt_host)) != 0){ perror("connect"); exit(OXO); } printf("LookinG For %s\b\b\b\bCGI in /cgi-bin/ :",name[i]); send(sock,cgi[i],sizeof(cgi),0); recv(sock,buffer1,sizeof(buffer1),0); if((strstr(buffer1,LOOK)) != 0){ printf("\t\033[1;32mCGI FounD !!!\033[0m\n"); fputs("FounD !!!",f); fputs(cgi[i],f); } else { printf("\tCGI NoT FounD.\n"); } close(sock); i++; } printf("\nKapUt !\nMay The Poula KApribekou Be With You... (ZinC_Sh).\n"); printf("The Results Will Be Found In THe DOuiD.cgi File.\n"); fclose(f); return 0; }