|
-
June 12th, 2002, 04:46 PM
#1
Search Engine submission 'exploit'
I guess, considering Mr. Miyagi and all those reds to dump to get 'balanced', now isn't a good time to post a tutorial. Oh well - maybe this proves I wasn't just in it for the greenies 
Outline
This is an exploit, if you want to call it that, to submit your site to multiple search engines. I'm not convinced that I should call it an exploit however, because though it uses a web site in a way it was not designed for, it is in no way meant to be malicious (other wise I wouldn't be posting it ).
I am certainly not condoning /anyone/ to write a batch url insert program. Each of these steps could have been performed with a web browser, and I am simply demonstrating that they could have also been done with a script. This script only submits /one/ site at a time, and in practice requires that you go to the site manually to find where you want to post your site anyway.
/Every/ site on the internet is succeptible to such benign 'expolits' because every webserver conforms to the relevant RFCs. You can't secure a webserver from this sort of thing without disconnecting it from the wall. I'm using /your/ service as specified - the only difference is I'm using it how /I/ want.
History of the code
This code was adapted from my TCPUtil application, so this is really the continuation of a previous tutorial entitled Scripting Internet Connections Under Window$ in which I explained the basic workings of this code. If you have any questions about how the code works or how to set this up it's all documented there.
If you intend to use this, or re-work your own version, you will either need the sbwinsock.ocx control which is included in the TCPUtil distribution zip file (see below) and which is again documented in the previous article, or you can follow the instructions in the previous article to make your own control.
What it does
This code submits your website to the DMOZ. The DMOZ is the open directory project that provides data for half the search engines on the net including Google, yahoo, lycos, netscape etc. (get the full list here ) To protect themselves from people writing batch software to submit urls the submission requires the base64 value of the IP address of the submitter.
What this script does is:
1...parse the meta content of the website you supplied with the -s option
2...load the page before the submission from the DMOZ and parse out this code
3...submits the whole lot to the DMOZ submission page.
You also have to specify where the link is to be submitted using the -w option (see usage).
Usage
The usage for this script (from the command prompt) is as follows:
Usage: dmoz [--site|-s] Url of site to submit
[--where|-w] dmoz category to add site to
[--email|-e] Optional Email addess
[--Delay|-d] Page Time Out delay (in seconds) Default: 5 Seconds
[--Verbose|-v]
[--debug|-vv]
[--Help|/?]>
The site field is the full url eg. www.whatever.co.uk.
The where field, which selects the category where the link should be inserted should look something like this:
Regional/Europe/United_Kingdom/Business_and_Economy/whatever
The code!
Code:
dim buffer,blncon,blnSkip,postvar,blnext 'Program Vars
DIM port,sdelay,Verbose,debug,where,submitsite,email 'User Vars
Dim oArgs, ArgNum 'Argument vars
Const sckTCPProtocol=0
Const sckUDPProtocol=1
const FlgDebug =1
const flgVerbose =2
const flgEcho =3
WScript.Echo "--Register with DMOZ Utility."
WScript.Echo "--(c)2002"
WScript.Echo "--By ntsa"
GetUserParams
'Create the winsock object and pass the event handler tp wsPop_
out "Getting site information from " & submitsite & "...",flgEcho
'Reset the buffer
buffer = ""
'Create the winsock object and pass the event handler tp wsPop_
on error resume next
Set tcpClient=WScript.CreateObject("sbWinsck.winsock","wsPop_")
if err.number > 0 then
out "Could not create an instance of the SBWinsck control.",flgEcho
out "You need to register SBWinsck.ocx using the regsvr32",flgEcho
out "command. (ie regsvr32 c:\path\sbWinsck.ocx where c:\path",flgEcho
out "is the full path to the ocx file.",flgEcho
end if
tcpClient.Protocol = sckTCPProtocol
tcpClient.RemoteHost = submitsite
tcpClient.RemotePort = port
postvar = "GET / HTTP/1.1" & vbcrlf & "HOST: " & submitsite & vbcrlf & vbcrlf
out postvar,flgDebug
initcon = initConnection
out initcon,flgverbose
set tcpClient = nothing
a = replace(replace(LCASE(replace(buffer,chr(34), "'"))," ","+"),vbcrlf,"+")
out "a-->" & a,flgdebug
b = split(a,"<meta+name='description'+content=")
out "b-->" & a,flgdebug
on error resume next
c = split(b(1),">")
if err.number > 0 then
out "This sites meta content is either missing or incorrect",flgEcho
wscript.quit(0)
end if
description = mid(c(0),2,len(c(0))-2)
out "Page description: " & description,flgVerbose
on error resume next
b = split(a,"<title>")
c = split(b(1),"</title>")
title = c(0)
if err.number>0 then
out "The Meta content is missing or incorect in the page.",flgecho
wscript.quit(1)
end if
out "Page title: " & title,flgVerbose
set tcpClient = nothing
out "Getting the Base64 IP (index) address of this machine from Dmoz...",flgecho
'Reset the buffer
buffer = ""
Set tcpClient=WScript.CreateObject("sbWinsck.winsock","wsPop_")
tcpClient.Protocol = sckTCPProtocol
tcpClient.RemoteHost = "dmoz.org"
tcpClient.RemotePort = port
postvar = "GET /cgi-bin/add.cgi?where="& where &" HTTP/1.1" & vbcrlf & _
"HOST: dmoz.org" & vbcrlf & vbcrlf
out postvar,flgDebug
initcon = initConnection
out initcon,flgverbose
set tcpClient = nothing
a= split(buffer,"name=index value=")
b= split(a(1),">")
c= mid(b(0),2,len(b(0))-2)
index= c
out index,flgVerbose
set tcpClient = nothing
out "Posting the new submission..." & submitsite,flgEcho
'Reset the buffer
buffer = ""
Set tcpClient=WScript.CreateObject("sbWinsck.winsock","wsPop_")
tcpClient.Protocol = sckTCPProtocol
tcpClient.RemoteHost = "dmoz.org"
tcpClient.RemotePort = port
content = "index="& index & _
"&where="& where &"&lk=&ref=" & _
"&url=http%3A%2F%2F" & submitsite & _
"&title="& title & _
"&description="& description & _
"&email=" & email
postvar = "POST /cgi-bin/add2.cgi HTTP/1.1" & vbCrLf & _
"Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, " & _
"application/vnd.ms-powerpoint, application/vnd.ms-excel, " & _
"application/msword, */*" & vbCrLf & _
"Accept-Language: en-gb" & vbCrLf & _
"Content-Type: application/x-www-form-urlencoded" & vbCrLf & _
"Accept-Encoding: gzip, deflate" & vbCrLf & _
"User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" & vbCrLf & _
"Host: dmoz.org" & vbCrLf & _
"Content-Length: " & cstr(len(content)-1) & vbCrLf & _
"Connection: Keep-Alive" & vbCrLf & vbCrLf & _
content
out postvar,flgDebug
initcon = initConnection
out initcon,flgverbose
set tcpClient = nothing
out buffer,FLGDEBUG
a = split(buffer,"<title>")
b = split(a(1),"</title>")
out b(0),flgecho
function initConnection
out "Connecting to host: " & tcpClient.RemoteHost & " on port: " & _
"tcpClient.RemotePort & "...",flgDebug
tcpClient.Connect
tio = 0
do until blncon = true or blnskip = true or tio = sdelay *10
WSCRIPT.SLEEP 100
'out "Waiting for connection...",FlgDebug
tio = tio + 1
LOOP
'Timed out - Could not connect
if tio = sdelay *2 and blnskip =false then
out "Could not connect to: " & tcpClient.RemoteHost & " on port: " & _
"tcpClient.RemotePort & ".",FlgEcho
wscript.quit(1)
end if
tio = 0
do until blncon = false or tio = sdelay *10
WSCRIPT.SLEEP 100
'out "Waiting for disconnection...",FlgDebug
tio = tio + 1
loop
initConnection = mid(buffer,10,3)
end function
Sub wsPop_DataArrival(Byval b)
dim strdata
out "Data Arrival...",flgDebug
'/* Get the data and add it to the buffer...
'*/
tcpClient.GetData strData,vbstring
buffer = buffer & strdata
end sub
Sub wsPop_Connected()
blncon = true
blnskip = true
out "Connected...",flgDebug
'sending data to the host
out "Sending data...",flgDebug
if blncon = true then
tcpclient.SendData postvar
end if
out "Data sent.",flgDebug
End Sub
function RemoveDel(str)
RemoveDel = replace(str,"/","")
RemoveDel = replace(RemoveDel,"-","")
RemoveDel = replace(RemoveDel,"--","")
end function
function IsEmpty(str)
if str & "" = "" then
isempty = true
else
isempty = false
end if
end function
function iCount(str,del)
icount =0
for i = 1 to len(str)
if mid(str,i,1) = del then
icount = icount +1
end if
next
icount = icount - 1
end function
sub out(str,flg)
select case flg
case flgEcho
wscript.echo str
case flgVerbose
if verbose = true or debug = true then
wscript.echo str
end if
case FlgDebug
if debug = true then
wscript.echo str
end if
end select
end sub
sub GetUserParams
buffset = 0
Set oArgs = WScript.Arguments
ArgNum = 0
While ArgNum < oArgs.Count
Select Case RemoveDel(LCase(oArgs(ArgNum)))
Case "site","s":
ArgNum = ArgNum + 1
submitsite = oArgs(ArgNum)
Case "where","w":
ArgNum = ArgNum + 1
where = replace(oArgs(ArgNum),"!","/")
Case "delay","d":
ArgNum = ArgNum + 1
sdelay = oArgs(ArgNum)
Case "email","e":
ArgNum = ArgNum + 1
email = oArgs(ArgNum)
Case "help","?":
Call DisplayUsage
Case "verbose", "v":
Verbose = true
Case "debug","vv":
debug = true
Case Else:
WScript.Echo "Unknown argument "& oArgs(ArgNum)
Call DisplayUsage
wscrip.quit(1)
End Select
ArgNum = ArgNum + 1
Wend
port = "80"
if isempty(submitsite) then
out "Error - please use the -site switch to specify a URL to submit",flgecho
out "",flgecho
wscript.quit(1)
end if
if isempty(where) then
out "Error - please use the -where switch to specify submission category",flgecho
out "",flgecho
wscript.quit(1)
end if
if isempty(sdelay) then
'Set default as 3 second delay before breaking connection
sdelay = 5
end if
end sub
Sub DisplayUsage
WScript.Echo "Usage: dmoz [--site|-s] Url of site to submit"
WScript.Echo " [--where|-w] dmoz category to add site to"
WScript.Echo " [--email|-e] Optional Email addess"
WScript.Echo " [--Delay|-d] Page Time Out delay" & _
" (in seconds) Default: 5 Seconds"
WScript.Echo " [--Verbose|-v]"
WScript.Echo " [--debug|-vv]"
WScript.Echo " [--Help|/?]>"
WScript.Echo ""
WScript.Quit (1)
End Sub
If you enjoyed this article why not read these others by the same author:
Search Engine submission 'exploit'
Forced shutdown of a remote nt/2k server
Securing an installation of IIS 4. (No, seriously)
Remote DSN Connections, using WinAPIs and the registry
Scripting Internet Connections Under Window$
\"I may not agree with what you say, but I will defend to the death your right to say it.\"
Sir Winston Churchill.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote