On Wed, 24 Mar 1999 bakuat_private wrote: > Hi, aleph1 > this is a quick and dirty scanner I wrote to look for vulernable wu-ftpd > servers. Sorry, but this is kind of dumb. This will check to make sure that you're using a specific build of wu-ftpd... but what if you rebuilt it yourself? then the timestamp will be different. The timestamp reflects the time/date/zone in which this particular server binary was COMPILED. So basically all this program tells me is if I'm using Redhat's prebuilt wu-ftpd binary, right? My TurboLinux wu-ftpd RPM is correctly patched, but it will say that it's 19:19:11 PST 1999 since that's when I built it, and I built it in California. > <---------wscan.c------> > #include <netdb.h> > > #define FTPPORT 21 > #define VERBOSE 1 > > int > main (int argc, char **argv) > { > struct hostent *hp; > struct in_addr addr; > struct sockaddr_in s; > u_char *buf[280]; > int p, i; > > > if (argc == 1) > { > printf("WUftpd Buffer overflow scanner.\n"); > printf("Written by 03m0s1s 3/19/1999\n"); > printf ("Usage: %s <hostname>\n",argv[0]); > exit (1); > } > > hp = gethostbyname (argv[1]); > if (!hp) exit (1); > > bcopy (hp->h_addr, &addr, sizeof (struct in_addr)); > p = socket (s.sin_family = 2, 1, IPPROTO_TCP); > s.sin_port = htons (FTPPORT); > s.sin_addr.s_addr = inet_addr (inet_ntoa (addr)); > connect (p, &s, sizeof (s)); > alarm (4); /*Time out after 4 seconds */ > read (p, buf, 255); /* Grab the banner*/ > > if (strstr (buf, "Version wu-2.4.2-academ[BETA-18](1)")) > { > if (strstr (buf, "Mon Jan 18 19:19:31 EST 1999")) > printf ("%s is patched.\n", inet_ntoa (addr)); > else > printf ("%s is vulnerable.\n", inet_ntoa (addr)); > /*It must be the "Mon Aug 3 19:17:20 EDT 1998) ready." banner. */ > } > else > printf ("%s does not look BETA-18.\n", inet_ntoa (addr)); > > if (VERBOSE) > printf ("%s\n\n", buf); > write (p,"bye\n",4); /*We just want the banner no need to stick around.*/ > > } > <------end wuscan.c----------> > <-------wuss perl script-----> > #!/usr/bin/perl -w > #Automate class C subnet scan, it doesnt check to see if the host is up > #could add a ping routine in here. > #Syntax ./wuss [aaa.bbb.ccc] > > $net = $ARGV[0]; > $START=1; > $END=254; > > > while ($START < $END) { > $HOST ="$net.$START"; > print `./wuscan $HOST`; > $START = $START + 1; > } > <------wuss---------> > > > > > _______________________________________________________ > Get your free, private email at http://mail.excite.com/ > -------------------------------------------------- Scott M. Stone <sstoneat_private> Head of TurboLinux English / Systems Administrator Pacific HiTech, Inc. (http://www.turbolinux.com)
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:40:13 PDT