Synnergy Networks msadc scanner - This is just a basic string scanner that happens to scan for the msadc module string.
43eb2a907f3b1f2f09d00bfb5c51fe0347776efd1e8c47248536521263f254a9
// *** Synnergy Networks
// * Description:
//
// msadc scanner.
// * Usage:
//
// # gcc -o msadcscan-unix msadcscan-unix.c
// # ./msadcscan-unix [infile] [outfile]
// * Author:
//
// elux (elux@synnergy.net)
// Synnergy Networks (c) 1999, http://www.synnergy.net
// * Comments:
//
// This is just a basic string scanner that happens to scan for the msadc module
// string. If you want to edit this to scan for something else, by all means. It
// was designed to work with IP databases for the input-file.
// *** Synnergy Networks
#include <stdio.h>
#include <stdlib.h>
#include <signal.h>
#include <string.h>
#include <sys/errno.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#define HTTPPORT 80
#define MAXDATASIZE 100
int probe(char *host);
int main(int argc, char **argv)
{
FILE *in, *out;
char buf[MAXDATASIZE];
if (argc < 3)
{
fprintf(stderr, "\nmsadc vuln scanner - by elux\n");
fprintf(stderr, "usage: %s [infile] [outfile]\n\n", argv[0]);
exit(-1);
}
if ((in = fopen(argv[1], "r")) == NULL)
{
fprintf(stderr, "Error opening %s\n", argv[1]);
exit(1);
}
while (fgets(buf, 100, in) != NULL)
{
if (buf[strlen(buf) - 1] == '\n')
buf[strlen(buf) -1] = 0;
if (probe(buf) && (out = fopen(argv[2], "a")) != NULL)
{
buf[strlen(buf) + 1] = 0;
buf[strlen(buf)] = '\n';
fprintf(out, "%s", buf);
fclose(out);
}
}
fclose(in);
}
int probe(char *host)
{
struct sockaddr_in their_addr;
int sockfd;
struct hostent *he;
char sendstr[] = "GET /msadc/msadcs.dll";
char *vulnstr = "Microsoft-IIS/4.0";
char *vulnstr2 = "HTTP/1.1 200 OK";
char buf[MAXDATASIZE];
if ((he = gethostbyname(host)) == NULL)
return 0;
if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1)
return 0;
their_addr.sin_family = AF_INET;
their_addr.sin_port = htons(HTTPPORT);
their_addr.sin_addr = *((struct in_addr *)he->h_addr);
bzero(&(their_addr.sin_zero), 8);
if (connect(sockfd, (struct sockaddr *)&their_addr, sizeof(struct sockaddr)) == -1)
return 0;
sendstr[strlen(sendstr)] = '\n';
write(sockfd, sendstr, sizeof(sendstr));
read(sockfd, buf, 100);
if (strstr(buf, vulnstr) && strstr(buf, vulnstr2))
{
close(sockfd);
return 1;
}
else
close(sockfd);
return 0;
}
// EOF