Re: WUftp scanner

[sstone () TURBOLINUX COM (Scott Stone)]

On Wed, 24 Mar 1999 baku () EXCITE COM wrote:

> Hi, aleph1
> this is a quick and dirty scanner I wrote to look for vulernable wu-ftpd
> servers.

Sorry, but this is kind of dumb.  This will check to make sure that you're
using a specific build of wu-ftpd... but what if you rebuilt it yourself?
then the timestamp will be different.  The timestamp reflects the
time/date/zone in which this particular server binary was COMPILED.  So
basically all this program tells me is if I'm using Redhat's prebuilt
wu-ftpd binary, right?  My TurboLinux wu-ftpd RPM is correctly patched,
but it will say that it's 19:19:11 PST 1999 since that's when I built it,
and I built it in California.

> <---------wscan.c------>
> #include <netdb.h>
>
> #define FTPPORT 21
> #define VERBOSE 1
>
> int
> main (int argc, char **argv)
> {
>   struct hostent *hp;
>   struct in_addr addr;
>   struct sockaddr_in s;
>   u_char *buf[280];
>   int p, i;
>
>
>   if (argc == 1)
>     {
>       printf("WUftpd Buffer overflow scanner.\n");
>       printf("Written by 03m0s1s 3/19/1999\n");
>       printf ("Usage: %s <hostname>\n",argv[0]);
>       exit (1);
>     }
>
>   hp = gethostbyname (argv[1]);
>   if (!hp) exit (1);
>
>   bcopy (hp->h_addr, &addr, sizeof (struct in_addr));
>   p = socket (s.sin_family = 2, 1, IPPROTO_TCP);
>   s.sin_port = htons (FTPPORT);
>   s.sin_addr.s_addr = inet_addr (inet_ntoa (addr));
>   connect (p, &s, sizeof (s));
>   alarm (4);                  /*Time out after 4 seconds */
>   read (p, buf, 255); /* Grab the banner*/
>
>   if (strstr (buf, "Version wu-2.4.2-academ[BETA-18](1)"))
>     {
>       if (strstr (buf, "Mon Jan 18 19:19:31 EST 1999"))
>       printf ("%s is patched.\n", inet_ntoa (addr));
>       else
>       printf ("%s is vulnerable.\n", inet_ntoa (addr));
> /*It must be the "Mon Aug 3 19:17:20 EDT 1998) ready." banner. */
>     }
>   else
>     printf ("%s does not look BETA-18.\n", inet_ntoa (addr));
>
>   if (VERBOSE)
>     printf ("%s\n\n", buf);
>   write (p,"bye\n",4); /*We just want the banner no need to stick around.*/
>
> }
> <------end wuscan.c---------->
> <-------wuss perl script----->
> #!/usr/bin/perl -w
> #Automate class C subnet scan, it doesnt check to see if the host is up
> #could add a ping routine in here.
> #Syntax  ./wuss [aaa.bbb.ccc]
>
> $net = $ARGV[0];
> $START=1;
> $END=254;
>
>
> while ($START < $END) {
>   $HOST ="$net.$START";
>   print `./wuscan $HOST`;
>   $START = $START + 1;
> }
> <------wuss--------->
>
>
>
>
> _______________________________________________________
> Get your free, private email at http://mail.excite.com/

--------------------------------------------------
Scott M. Stone <sstone () turbolinux com>
Head of TurboLinux English / Systems Administrator
Pacific HiTech, Inc. (http://www.turbolinux.com)