[9996] in bugtraq
Re: WUftp scanner
daemon@ATHENA.MIT.EDU (Scott Stone)
Fri Mar 26 16:22:36 1999
Date: Fri, 26 Mar 1999 10:05:54 -0700
Reply-To: Scott Stone <sstone@TURBOLINUX.COM>
From: Scott Stone <sstone@TURBOLINUX.COM>
X-To: baku@EXCITE.COM
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <922285760.14964.823@excite.com>
On Wed, 24 Mar 1999 baku@EXCITE.COM wrote:
> Hi, aleph1
> this is a quick and dirty scanner I wrote to look for vulernable wu-ftpd
> servers.
Sorry, but this is kind of dumb. This will check to make sure that you're
using a specific build of wu-ftpd... but what if you rebuilt it yourself?
then the timestamp will be different. The timestamp reflects the
time/date/zone in which this particular server binary was COMPILED. So
basically all this program tells me is if I'm using Redhat's prebuilt
wu-ftpd binary, right? My TurboLinux wu-ftpd RPM is correctly patched,
but it will say that it's 19:19:11 PST 1999 since that's when I built it,
and I built it in California.
> <---------wscan.c------>
> #include <netdb.h>
>
> #define FTPPORT 21
> #define VERBOSE 1
>
> int
> main (int argc, char **argv)
> {
> struct hostent *hp;
> struct in_addr addr;
> struct sockaddr_in s;
> u_char *buf[280];
> int p, i;
>
>
> if (argc == 1)
> {
> printf("WUftpd Buffer overflow scanner.\n");
> printf("Written by 03m0s1s 3/19/1999\n");
> printf ("Usage: %s <hostname>\n",argv[0]);
> exit (1);
> }
>
> hp = gethostbyname (argv[1]);
> if (!hp) exit (1);
>
> bcopy (hp->h_addr, &addr, sizeof (struct in_addr));
> p = socket (s.sin_family = 2, 1, IPPROTO_TCP);
> s.sin_port = htons (FTPPORT);
> s.sin_addr.s_addr = inet_addr (inet_ntoa (addr));
> connect (p, &s, sizeof (s));
> alarm (4); /*Time out after 4 seconds */
> read (p, buf, 255); /* Grab the banner*/
>
> if (strstr (buf, "Version wu-2.4.2-academ[BETA-18](1)"))
> {
> if (strstr (buf, "Mon Jan 18 19:19:31 EST 1999"))
> printf ("%s is patched.\n", inet_ntoa (addr));
> else
> printf ("%s is vulnerable.\n", inet_ntoa (addr));
> /*It must be the "Mon Aug 3 19:17:20 EDT 1998) ready." banner. */
> }
> else
> printf ("%s does not look BETA-18.\n", inet_ntoa (addr));
>
> if (VERBOSE)
> printf ("%s\n\n", buf);
> write (p,"bye\n",4); /*We just want the banner no need to stick around.*/
>
> }
> <------end wuscan.c---------->
> <-------wuss perl script----->
> #!/usr/bin/perl -w
> #Automate class C subnet scan, it doesnt check to see if the host is up
> #could add a ping routine in here.
> #Syntax ./wuss [aaa.bbb.ccc]
>
> $net = $ARGV[0];
> $START=1;
> $END=254;
>
>
> while ($START < $END) {
> $HOST ="$net.$START";
> print `./wuscan $HOST`;
> $START = $START + 1;
> }
> <------wuss--------->
>
>
>
>
> _______________________________________________________
> Get your free, private email at http://mail.excite.com/
>
--------------------------------------------------
Scott M. Stone <sstone@turbolinux.com>
Head of TurboLinux English / Systems Administrator
Pacific HiTech, Inc. (http://www.turbolinux.com)
