Search Engine submission 'exploit'

[ntsa]

I guess, considering Mr. Miyagi and all those reds to dump to get 'balanced', now isn't a good time to post a tutorial. Oh well - maybe this proves I wasn't just in it for the greenies

Outline

This is an exploit, if you want to call it that, to submit your site to multiple search engines. I'm not convinced that I should call it an exploit however, because though it uses a web site in a way it was not designed for, it is in no way meant to be malicious (other wise I wouldn't be posting it ).

I am certainly not condoning /anyone/ to write a batch url insert program. Each of these steps could have been performed with a web browser, and I am simply demonstrating that they could have also been done with a script. This script only submits /one/ site at a time, and in practice requires that you go to the site manually to find where you want to post your site anyway.

/Every/ site on the internet is succeptible to such benign 'expolits' because every webserver conforms to the relevant RFCs. You can't secure a webserver from this sort of thing without disconnecting it from the wall. I'm using /your/ service as specified - the only difference is I'm using it how /I/ want.

History of the code
This code was adapted from my TCPUtil application, so this is really the continuation of a previous tutorial entitled Scripting Internet Connections Under Window$ in which I explained the basic workings of this code. If you have any questions about how the code works or how to set this up it's all documented there.

If you intend to use this, or re-work your own version, you will either need the sbwinsock.ocx control which is included in the TCPUtil distribution zip file (see below) and which is again documented in the previous article, or you can follow the instructions in the previous article to make your own control.

What it does

This code submits your website to the DMOZ. The DMOZ is the open directory project that provides data for half the search engines on the net including Google, yahoo, lycos, netscape etc. (get the full list here ) To protect themselves from people writing batch software to submit urls the submission requires the base64 value of the IP address of the submitter.

What this script does is:
1...parse the meta content of the website you supplied with the -s option
2...load the page before the submission from the DMOZ and parse out this code
3...submits the whole lot to the DMOZ submission page.

You also have to specify where the link is to be submitted using the -w option (see usage).

Usage

The usage for this script (from the command prompt) is as follows:

Usage: dmoz [--site|-s] Url of site to submit
[--where|-w] dmoz category to add site to
[--email|-e] Optional Email addess
[--Delay|-d] Page Time Out delay (in seconds) Default: 5 Seconds
[--Verbose|-v]
[--debug|-vv]
[--Help|/?]>

The site field is the full url eg. www.whatever.co.uk.
The where field, which selects the category where the link should be inserted should look something like this:

Regional/Europe/United_Kingdom/Business_and_Economy/whatever

The code!

Code:

dim buffer,blncon,blnSkip,postvar,blnext 'Program Vars
DIM port,sdelay,Verbose,debug,where,submitsite,email 'User Vars
Dim oArgs, ArgNum 'Argument vars

Const sckTCPProtocol=0 
Const sckUDPProtocol=1

const FlgDebug =1
const flgVerbose =2
const flgEcho =3

WScript.Echo "--Register with DMOZ Utility."
WScript.Echo "--(c)2002"
WScript.Echo "--By ntsa"

GetUserParams

'Create the winsock object and pass the event handler tp wsPop_

	out "Getting site information from " & submitsite & "...",flgEcho 
	'Reset the buffer
	buffer = ""

	'Create the winsock object and pass the event handler tp wsPop_
	on error resume next
	Set tcpClient=WScript.CreateObject("sbWinsck.winsock","wsPop_")
	if err.number > 0 then 
		out "Could not create an instance of the SBWinsck control.",flgEcho
		out "You need to register SBWinsck.ocx using the regsvr32",flgEcho
		out "command. (ie regsvr32 c:\path\sbWinsck.ocx where c:\path",flgEcho
		out "is the full path to the ocx file.",flgEcho
	end if
		
	tcpClient.Protocol = sckTCPProtocol
	tcpClient.RemoteHost = submitsite
	tcpClient.RemotePort =  port

	postvar = "GET / HTTP/1.1" & vbcrlf & "HOST: " & submitsite & vbcrlf & vbcrlf
	out postvar,flgDebug
	initcon = initConnection 
	out initcon,flgverbose
	set tcpClient = nothing

	a = replace(replace(LCASE(replace(buffer,chr(34), "'"))," ","+"),vbcrlf,"+")
	out "a-->" & a,flgdebug
	b = split(a,"<meta+name='description'+content=")
	out "b-->" & a,flgdebug
	on error resume next
	c = split(b(1),">")
	if err.number > 0 then
		out "This sites meta content is either missing or incorrect",flgEcho
		wscript.quit(0)
	end if

	description = mid(c(0),2,len(c(0))-2)

	out "Page description: " & description,flgVerbose

	on error resume next
	b = split(a,"<title>")
	c = split(b(1),"</title>")
	title = c(0)
	if err.number>0 then 
		out "The Meta content is missing or incorect in the page.",flgecho
		wscript.quit(1)
	end if

	out "Page title: " & title,flgVerbose

	set tcpClient = nothing

	
	out "Getting the Base64 IP (index) address of this machine from Dmoz...",flgecho
	'Reset the buffer
	buffer = ""

	Set tcpClient=WScript.CreateObject("sbWinsck.winsock","wsPop_")
	tcpClient.Protocol = sckTCPProtocol
	tcpClient.RemoteHost = "dmoz.org"
	tcpClient.RemotePort =  port

	postvar = "GET /cgi-bin/add.cgi?where="& where &" HTTP/1.1" & vbcrlf & _
	"HOST: dmoz.org" &  vbcrlf & vbcrlf
	
	out postvar,flgDebug
	initcon = initConnection 
	out initcon,flgverbose
	set tcpClient = nothing

	a= split(buffer,"name=index value=")
	b= split(a(1),">")
	c= mid(b(0),2,len(b(0))-2)
	index= c

	out index,flgVerbose

	set tcpClient = nothing

	out "Posting the new submission..." & submitsite,flgEcho
	'Reset the buffer
	buffer = ""

	Set tcpClient=WScript.CreateObject("sbWinsck.winsock","wsPop_")
	tcpClient.Protocol = sckTCPProtocol
	tcpClient.RemoteHost = "dmoz.org"
	tcpClient.RemotePort =  port

	content = "index="& index & _
	  "&where="& where &"&lk=&ref=" & _ 
	  "&url=http%3A%2F%2F" & submitsite & _
	  "&title="& title & _ 
	  "&description="& description & _
	  "&email=" & email 

	postvar = "POST /cgi-bin/add2.cgi HTTP/1.1" & vbCrLf & _
	  "Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, " & _ 
	  "application/vnd.ms-powerpoint, application/vnd.ms-excel, " & _ 
	  "application/msword, */*" & vbCrLf & _
	  "Accept-Language: en-gb" & vbCrLf & _
	  "Content-Type: application/x-www-form-urlencoded" & vbCrLf & _
	  "Accept-Encoding: gzip, deflate" & vbCrLf & _
	  "User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" & vbCrLf & _
	  "Host: dmoz.org" & vbCrLf & _
	  "Content-Length: " & cstr(len(content)-1) & vbCrLf & _
	  "Connection: Keep-Alive" & vbCrLf & vbCrLf & _
	  content 
	
	out postvar,flgDebug

	initcon = initConnection 
	out initcon,flgverbose
	set tcpClient = nothing

	out buffer,FLGDEBUG

	a = split(buffer,"<title>")
	b = split(a(1),"</title>")
	out b(0),flgecho
	

function initConnection

	out "Connecting to host: " & tcpClient.RemoteHost & " on port: " & _
	"tcpClient.RemotePort & "...",flgDebug

	tcpClient.Connect

	tio = 0
	do until blncon = true or blnskip = true or tio = sdelay *10
		WSCRIPT.SLEEP 100
		'out "Waiting for connection...",FlgDebug
		tio = tio + 1
	LOOP

	'Timed out - Could not connect
	if tio = sdelay *2 and blnskip =false then 
		out "Could not connect to: " & tcpClient.RemoteHost & " on port: " & _
		"tcpClient.RemotePort & ".",FlgEcho
		wscript.quit(1)
	end if

	tio = 0
	do until blncon = false or tio = sdelay *10
		WSCRIPT.SLEEP 100
		'out "Waiting for disconnection...",FlgDebug
		tio = tio + 1
	loop

	initConnection = mid(buffer,10,3)

end function

Sub wsPop_DataArrival(Byval b)

  dim strdata
  out "Data Arrival...",flgDebug
  '/* Get the data and add it to the buffer...
  '*/
  tcpClient.GetData strData,vbstring
  
  buffer = buffer & strdata

end sub

Sub wsPop_Connected()

	blncon = true
	blnskip = true
	out "Connected...",flgDebug
	'sending data to the host
	out "Sending data...",flgDebug
	
	if blncon = true then
		tcpclient.SendData postvar
	end if

	out "Data sent.",flgDebug

End Sub


function RemoveDel(str)
	
	RemoveDel = replace(str,"/","")
	RemoveDel = replace(RemoveDel,"-","")
	RemoveDel = replace(RemoveDel,"--","")

end function

function IsEmpty(str)

	if str & "" = "" then 
		isempty = true
	else
		isempty = false
	end if

end function

function iCount(str,del)

	icount =0

	for i = 1 to len(str)
		if mid(str,i,1) = del then
			icount = icount +1
		end if
	next

	icount = icount - 1

end function

sub out(str,flg)

	select case flg
		case flgEcho
			wscript.echo str
		case flgVerbose
			if verbose = true or debug = true then
				wscript.echo str
			end if
		case FlgDebug
			if debug = true then
				wscript.echo str
			end if
	end select
end sub

sub GetUserParams

buffset = 0

Set oArgs = WScript.Arguments
ArgNum = 0
While ArgNum < oArgs.Count

Select Case RemoveDel(LCase(oArgs(ArgNum)))
	Case "site","s":
		ArgNum = ArgNum + 1
		submitsite = oArgs(ArgNum)
	Case "where","w":
		ArgNum = ArgNum + 1
		where = replace(oArgs(ArgNum),"!","/")
	Case "delay","d":
		ArgNum = ArgNum + 1
		sdelay = oArgs(ArgNum)
	Case "email","e":
		ArgNum = ArgNum + 1
		email = oArgs(ArgNum)
	Case "help","?":
		Call DisplayUsage
	Case "verbose", "v":
		Verbose = true
	Case "debug","vv":
		debug = true
	Case Else:
		WScript.Echo "Unknown argument "& oArgs(ArgNum)
		Call DisplayUsage
		wscrip.quit(1)
End Select	

ArgNum = ArgNum + 1
Wend

port = "80"

if isempty(submitsite) then
	out "Error - please use the -site switch to specify a URL to submit",flgecho
	out "",flgecho
	wscript.quit(1)
end if

if isempty(where) then
	out "Error - please use the -where switch to specify submission category",flgecho
	out "",flgecho
	wscript.quit(1)
end if

if isempty(sdelay) then
	'Set default as 3 second delay before breaking connection
	sdelay = 5
end if

end sub

Sub DisplayUsage

WScript.Echo "Usage: dmoz [--site|-s] Url of site to submit"
WScript.Echo "        [--where|-w] dmoz category to add site to"	
WScript.Echo "        [--email|-e] Optional Email addess"
WScript.Echo "        [--Delay|-d] Page Time Out delay" & _ 
		   " (in seconds) Default: 5 Seconds"
WScript.Echo "        [--Verbose|-v]"
WScript.Echo "        [--debug|-vv]"
WScript.Echo "        [--Help|/?]>"
WScript.Echo ""
WScript.Quit (1)	

End Sub

If you enjoyed this article why not read these others by the same author:
Search Engine submission 'exploit'
Forced shutdown of a remote nt/2k server
Securing an installation of IIS 4. (No, seriously)
Remote DSN Connections, using WinAPIs and the registry
Scripting Internet Connections Under Window$

[ntsa]

Best viewed at 1024 * 768 - sorry - I did my best to format the code, but this is as good as it gets without mangling the code.

[huntx7]

Thanks for the read. Did you write that yourself? Or did you copy it? I am just curious.

[ntsa]

Both the code and the documentation are 100% my own. Otherwise I would have quoted sources.

Read this by negative. I certainly wouldn't want to argue with him

[ntsa]

If you have problems cutting and pasting the code from above (as someone said they had) you can download the zipped DMOZ script from below.

REMEMBER to read this FIRST:
Scripting Internet Connections Under Window$

You will need to register the sbwinsock control with regsrv32 as described in this document.

[5150]

That was a very interesting read.

[ntsa]

Originally posted here by ntsa
If you have problems cutting and pasting the code from above (as someone said they had) you can download the zipped DMOZ script from below.

REMEMBER to read this FIRST:
Scripting Internet Connections Under Window$

You will need to register the sbwinsock control with regsrv32 as described in this document.

The guy who was having the problem with the code just came back to me and confirmed that I have mangled the code shown in the article trying to get it formatted ok.

If you want to try to set this up for yourself download the dmoz zip file from my post above.

[Tedob1]

this (WSH) really makes a windows box a mean machine.

i am so dammed impressed with the things your doing with WSH, im studing all you code like scripture. i WANT this under my belt.

thanks again

[ntsa]

Wow! Thanks

[rcgreen]

I'm not quite clear on this. Does it make your site have a
higher priority in a search, or is it that you wouldn't be found
unless you submitted your URL by this method?