/* McMurtrey/Whitaker & Associates Cart32 */ /* Remote Administration Password Vulnrability Scanner */ /* - - - - - - - - - - - - - - - - - - - - - - - - - - */ /* use this to check and see if a host is vulnerable */ /* to the backdoor. */ /* - - - - - - - - - - - - - - - - - - - - - - - - - - */ /* you can either read the source and learn what to do */ /* after you find a vulnerable host or you can goto... */ /* http://www.securityfocus.com and read the article. */ /* - - - - - - - - - - - - - - - - - - - - - - - - - - */ /* code by: rossex */ /* greets to the ones who helped me before on stuff */ /* - - - - - - - - - - - - - - - - - - - - - - - - - - */ /* this might be a lame scanner but its a start =) */ #include /* includes */ #include #include #include #include #include #include #include #include #include #include #include #include #define CODER "rossex" /* heh */ /* defines */ #define BANNER "- - - - - - - - - - - -" main(int argc, char *argv[]) { int sock; struct in_addr addr; struct sockaddr_in sin; struct hostent *he; unsigned long s; unsigned long c; char yay[] = "200"; char *cart32; char buffer[1024]; int cunt=0; int no,geez=0; char cartbuff[1024]; char *blah[3]; char *hmm[3]; /* to tell the script what to look for */ blah[1] = "GET /scripts/cart32.exe/cart32clientlist HTTP/1.0\n\n"; blah[2] = "GET /scripts/c32web.exe/ChangeAdminPassword HTTP/1.0\n\n"; hmm[1] = "Cart32clientlist"; hmm[2] = "ChangeAdminPassword"; if (argc<2) { printf("%s",BANNER); printf("\n--[ cart32 scanner ]--\n"); printf("--[ by: %s ]--",CODER); /* self promotion */ printf("\n%s",BANNER); printf("\n\nusage: %s host\n\n",argv[0]); printf("\n"); exit(0); } /* see if the host is real */ if ((he=gethostbyname(argv[1])) == NULL) { herror("gethostbyname"); exit(0); } printf("\n--[ cart32 starting ]--\n"); s=inet_addr(argv[1]); c=ntohl(s); /* connect to the host */ sock=socket(AF_INET, SOCK_STREAM, 0); bcopy(he->h_addr, (char *)&sin.sin_addr, he->h_length); sin.sin_family=AF_INET; sin.sin_port=htons(80); if (connect(sock, (struct sockaddr*)&sin, sizeof(sin))!=0) { perror("connect"); } printf("\npress to check the host\n"); getchar(); while(cunt++ < 2) { sock=socket(AF_INET, SOCK_STREAM, 0); bcopy(he->h_addr, (char *)&sin.sin_addr, he->h_length); sin.sin_family=AF_INET; sin.sin_port=htons(80); if (connect(sock, (struct sockaddr*)&sin, sizeof(sin))!=0) { perror("connect"); } printf("Searching for %s : ",hmm[cunt]); for(no=0;no < 1024;no++) { cartbuff[no] = '\0'; } send(sock, blah[cunt],strlen(blah[cunt]),0); recv(sock, cartbuff, sizeof(cartbuff),0); cart32 = strstr(cartbuff,yay); if( cart32 != NULL) { printf(" possible vulnrability\n");++geez; } else printf("error not found\n"); } if (geez) { printf("\nread instructions on exploiting\n"); } else {printf ("\nnot vulnerable\n");} } /* 1 */

亚洲欧美在线