/* [Wu-thang] - vulnerable wu-ftp scanner by del0rean@usa.net - ripped from BiT - easter 99 rippin'session - 10^10x to bELFaghor ./z0ne -o f0nk.net > eepees & ./wu-thang eepees & cat t0b30wN3d bye! */ #include #include #include #include #include #include #include #include #include #define FTPP0RT 21 #define VULN_VER1 "Version wu-2.4.2-academ[BETA-18](1)" #define VULN_VER2 "Version wu-2.4.2-academ[BETA-12]" #define VULN_VER3 "Version wu-2.4.2-academ[BETA-18-VR6]" int ftp(char *host); unsigned long int res(char *p); void timeout(int sig); void wri(char *ver); void scan(char *i); char tobeowned[]="t0b30wN3d"; /* 31337 0utf1le :) */ void main(int argc, char **argv) { if(argc<2) { printf("Wu-thang Wu-2.4.2 scanner\n"); printf("usage: %s < I n F i l e > \n", argv[0]); return; } scan(argv[1]); printf(".-|[d0ne!]|-.\n"); } int ftp(char *host) { struct sockaddr_in server_addr; int s,check=0; char buffer[300]; server_addr.sin_addr.s_addr=res(host); server_addr.sin_family=AF_INET; server_addr.sin_port = htons(FTPP0RT); s=socket(AF_INET,SOCK_STREAM,0); connect(s,(struct sockaddr *) &server_addr,sizeof(server_addr)); signal(SIGALRM,(void *)timeout); alarm(5); read(s,buffer,sizeof(buffer)); if(strstr(buffer,VULN_VER1)) { wri(VULN_VER1); return 1; } if(strstr(buffer,VULN_VER2)) { wri(VULN_VER2); return 1; } if(strstr(buffer,VULN_VER3)) { wri(VULN_VER3); return 1; } return 0; } unsigned long int res(char *p) { struct hostent *h; unsigned long int rv; h=gethostbyname(p); if(h!=NULL) memcpy(&rv,h->h_addr,h->h_length); else rv=inet_addr(p); return rv; } void timeout(int sig) { printf("Timeout! referee...\n"); return 0; } void wri(char *ver) { FILE *aut; char *version=ver; if((aut=fopen(tobeowned,"a")) != NULL) { fputs(version,aut); fclose(aut); } } void scan(char *i) { FILE *iff, *of; char buf[512]; char w0w[]={" It seems vuln...search for a writeable dir!\n"}; if((iff=fopen(i,"r")) == NULL) perror("In English"); while(fgets(buf,512,iff) != NULL) { if(buf[strlen(buf)-1]=='\n') buf[(strlen(buf)-1)]=0; if(ftp(buf) && (of=fopen(tobeowned,"a")) != NULL) { buf[strlen(buf)+1]=0; buf[strlen(buf)]='\n'; fputs(w0w,of); fputs(buf,of); fclose(of); } } fclose(iff); }