[9970] in bugtraq
WUftp scanner
daemon@ATHENA.MIT.EDU (baku@EXCITE.COM)
Thu Mar 25 22:24:12 1999
Date: Wed, 24 Mar 1999 06:29:20 PST
Reply-To: baku@EXCITE.COM
From: baku@EXCITE.COM
To: BUGTRAQ@NETSPACE.ORG
Hi, aleph1
this is a quick and dirty scanner I wrote to look for vulernable wu-ftpd
servers.
<---------wscan.c------>
#include <netdb.h>
#define FTPPORT 21
#define VERBOSE 1
int
main (int argc, char **argv)
{
struct hostent *hp;
struct in_addr addr;
struct sockaddr_in s;
u_char *buf[280];
int p, i;
if (argc == 1)
{
printf("WUftpd Buffer overflow scanner.\n");
printf("Written by 03m0s1s 3/19/1999\n");
printf ("Usage: %s <hostname>\n",argv[0]);
exit (1);
}
hp = gethostbyname (argv[1]);
if (!hp) exit (1);
bcopy (hp->h_addr, &addr, sizeof (struct in_addr));
p = socket (s.sin_family = 2, 1, IPPROTO_TCP);
s.sin_port = htons (FTPPORT);
s.sin_addr.s_addr = inet_addr (inet_ntoa (addr));
connect (p, &s, sizeof (s));
alarm (4); /*Time out after 4 seconds */
read (p, buf, 255); /* Grab the banner*/
if (strstr (buf, "Version wu-2.4.2-academ[BETA-18](1)"))
{
if (strstr (buf, "Mon Jan 18 19:19:31 EST 1999"))
printf ("%s is patched.\n", inet_ntoa (addr));
else
printf ("%s is vulnerable.\n", inet_ntoa (addr));
/*It must be the "Mon Aug 3 19:17:20 EDT 1998) ready." banner. */
}
else
printf ("%s does not look BETA-18.\n", inet_ntoa (addr));
if (VERBOSE)
printf ("%s\n\n", buf);
write (p,"bye\n",4); /*We just want the banner no need to stick around.*/
}
<------end wuscan.c---------->
<-------wuss perl script----->
#!/usr/bin/perl -w
#Automate class C subnet scan, it doesnt check to see if the host is up
#could add a ping routine in here.
#Syntax ./wuss [aaa.bbb.ccc]
$net = $ARGV[0];
$START=1;
$END=254;
while ($START < $END) {
$HOST ="$net.$START";
print `./wuscan $HOST`;
$START = $START + 1;
}
<------wuss--------->
_______________________________________________________
Get your free, private email at http://mail.excite.com/
