Code:
dim buffer,blncon,blnSkip,wtresp,secwait,blnLastcmdnull 'Program Vars
DIM blnbuff,blnifile,lang,sdelay,Verbose,debug,iFile,Ofile,str,Target,exploitfile,proxyfile 'User Vars
Dim oArgs, ArgNum 'Argument vars
Const sckTCPProtocol=0
Const sckUDPProtocol=1
const FlgDebug =1
const flgVerbose =2
const flgEcho =3
Const ForReading = 1
const ForWriting = 2
WScript.Echo "--Cloaked Traversal Scanner."
WScript.Echo "--July 2002 by NTSA."
WScript.Echo "--www.ntsa.org.uk"
WScript.Echo ""
'Create a FSO for file I/O operations
Set fso = CreateObject("Scripting.FileSystemObject")
'Create the winsock object and pass the event handler tp wsPop_
on error resume next
Set tcpClient=WScript.CreateObject("sbWinsck.winsock","wsPop_")
if err.number > 0 then
out "Could not create an instance of the SBWinsck control.",flgEcho
out "You need to register SBWinsck.ocx using the regsvr32",flgEcho
out "command. (ie regsvr32 c:\path\sbWinsck.ocx where c:\path",flgEcho
out "is the full path to the ocx file.",flgEcho
end if
GetUserParams
sp = split (proxylist,"|")
proxycount = cint(sp(0))
proxy = split(sp(1),",")
ex = split (ExploitList,"|")
Exploitcount = cint(ex(0))
Exploit = split(ex(1),",")
px = 0
for n = 0 to Exploitcount -1
sp = split(proxy(px),":")
host = sp(0)
port = sp(1)
str = "HEAD " & lcase("http://" & target & exploit(n)) & " HTTP/1.0"
out "exploit: " & STR,flgecho
out "Proxy: " & host,flgecho
out "Port: " & port,flgecho
tcpClient.Protocol = sckTCPProtocol
tcpClient.RemoteHost = host
tcpClient.RemotePort = port
tcpClient.Connect
tio = 0
do until blncon = true or blnskip = true or tio = sdelay *2
WSCRIPT.SLEEP 250
out "Waiting for connection...",FlgDebug
tio = tio + 1
LOOP
fail = false
'Timed out - Could not connect
if tio = sdelay *2 and blnskip =false then
out "Could not connect to: " & tcpClient.RemoteHost &_
" on port: " & tcpClient.RemotePort & ".",FlgEcho
fail = true
end if
if fail = false then
tio = 0
do until blncon = false or tio = sdelay *2
WSCRIPT.SLEEP 500
out "Waiting for disconnection...",FlgDebug
tio = tio + 1
loop
'Output buffer to screen
out "Server Response> " & mid(buffer,10,3), Flgecho
end if
blncon = false
blnskip = false
buffer = ""
tcpclient.disconnect
px = px + 1
if px > proxycount -1 then px = 0
Set tcpClient=nothing
Set tcpClient=WScript.CreateObject("sbWinsck.winsock","wsPop_")
next
function ProxyList
dim cnt
cnt = 0
Set livehosts = fso.OpenTextFile(proxyfile, ForReading)
do while trim(host) <> "."
host = livehosts.ReadLine
if len(trim(host)) > 0 and trim(host) <> "." then
proxylist = proxylist & trim(host) & ","
cnt = cnt + 1
end if
loop
proxylist = cstr(cnt) & "|" & left(proxylist,len(proxylist)-1)
end function
function ExploitList
dim cnt
cnt = 0
Set file = fso.OpenTextFile(exploitfile, ForReading)
do while trim(host) <> "."
host = file.ReadLine
if len(trim(host)) > 0 and trim(host) <> "." then
ExploitList = ExploitList & trim(host) & ","
cnt = cnt + 1
end if
loop
ExploitList = cstr(cnt) & "|" & left(ExploitList,len(ExploitList)-1)
end function
Sub wsPop_DataArrival(Byval b)
dim strdata
out "Data Arrival...",flgverbose
'/* Get the data and add it to the buffer...
'*/
tcpClient.GetData strData,vbstring
if blnbuff = true then
buffer = buffer & strdata
else
out strdata,Flgverbose
end if
'Data has just arrived - wait some
'more to see if anything further comes
secwait = 100
blnskip = true
end sub
Sub wsPop_Connected()
blncon = true
blnskip = true
out "Connected...",flgverbose
'sending data to the host
out "Sending data...",flgverbose
sendandlog str & vbcrlf
out "Data sent.",flgverbose
End Sub
sub sendandlog(data)
tcpclient.SendData data & vbCrLf
LogDataSend(data)
end sub
sub LogDataSend(poststr)
if port = 80 then
out "Sending:> " & poststr,Flgverbose
else
'out "Sending:> " & poststr,FlgEcho
end if
end sub
Sub wsPop_Close()
blncon = false
out "Disconnected...",flgverbose
End Sub
function RemoveDel(str)
RemoveDel = replace(str,"/","")
RemoveDel = replace(RemoveDel,"-","")
RemoveDel = replace(RemoveDel,"--","")
end function
function IsEmpty(str)
if str & "" = "" then
isempty = true
else
isempty = false
end if
end function
function iCount(str,del)
icount =0
for i = 1 to len(str)
if mid(str,i,1) = del then
icount = icount +1
end if
next
icount = icount - 1
end function
function input(quest)
WScript.StdOut.Write(quest & ":>")
input = WScript.StdIn.ReadLine()
end function
sub out(str,flg)
select case flg
case flgEcho
wscript.echo str
case flgVerbose
if verbose = true or debug = true then
wscript.echo str
end if
case FlgDebug
if debug = true then
wscript.echo str
end if
end select
end sub
sub GetUserParams
buffset = 0
Set oArgs = WScript.Arguments
ArgNum = 0
While ArgNum < oArgs.Count
Select Case RemoveDel(LCase(oArgs(ArgNum)))
Case "explotfile","e":
ArgNum = ArgNum + 1
If (fso.FileExists(oArgs(ArgNum))) Then
exploitfile = oArgs(ArgNum)
else
out "Error! The file " & oArgs(ArgNum) & _
" was not found.",FlgEcho
out "",FlgEcho
displayusage
wscript.quit(1)
end if
Case "proxyfile","p":
ArgNum = ArgNum + 1
If (fso.FileExists(oArgs(ArgNum))) Then
proxyfile = oArgs(ArgNum)
else
out "Error! The file " & oArgs(ArgNum) & _
" was not found.",FlgEcho
out "",FlgEcho
displayusage
wscript.quit(1)
end if
Case "target","t":
ArgNum = ArgNum + 1
Target = oArgs(ArgNum)
Case "delay","d":
ArgNum = ArgNum + 1
sdelay = oArgs(ArgNum)
Case "help","?":
Call DisplayUsage
Case "verbose", "v":
Verbose = true
Case "debug","vv":
debug = true
Case Else:
WScript.Echo "Unknown argument "& oArgs(ArgNum)
Call DisplayUsage
wscrip.quit(1)
End Select
ArgNum = ArgNum + 1
Wend
blnbuff = true
buffset = 1
if isempty(sdelay) then
'Set default as 1 second delay before breaking connection
sdelay = 1
end if
if isempty(target) or isempty(exploitfile) or isempty(proxyfile) then
'Set default as 3 second delay before breaking connection
out "A target host, a proxy file and exploit file are required.",flgecho
DisplayUsage
wscript.quit(1)
else
out "target> " & target,flgdebug
out "exploitfile> " & exploitfile,flgdebug
out "proxyfile> " & proxyfile,flgdebug
end if
end sub
Sub DisplayUsage
WScript.Echo "Usage: scan.vbs [--Target|-t]"
WScript.Echo " [--exploitfile|-e] file name to read exploit list from"
WScript.Echo " [--proxyfile|-p] file name to read live proxies list from"
WScript.Echo " [--Delay|-d] Page Time Out delay " & _
"(in seconds) Default: 1 Seconds"
WScript.Echo " [--Verbose|-v]"
WScript.Echo " [--debug|-vv]"
WScript.Echo " [--Help|/?]>"
WScript.Echo ""
WScript.Quit (1)
End Sub
If you enjoyed this thread you may enjoy these others: