Everhart, Glenn
From:	baku@EXCITE.COM
Sent:	Wednesday, March 24, 1999 9:29 AM
To:	BUGTRAQ@NETSPACE.ORG
Subject:	WUftp scanner
Hi, aleph1
this is a quick and dirty scanner I wrote to look for vulernable wu-ftpd
servers.
<---------wscan.c------>
#include <netdb.h>

#define FTPPORT 21
#define VERBOSE 1

int
main (int argc, char **argv)
{
  struct hostent *hp;
  struct in_addr addr;
  struct sockaddr_in s;
  u_char *buf[280];
  int p, i;


  if (argc == 1)
    {
      printf("WUftpd Buffer overflow scanner.\n");
      printf("Written by 03m0s1s 3/19/1999\n");
      printf ("Usage: %s <hostname>\n",argv[0]);
      exit (1);
    }

  hp = gethostbyname (argv[1]);
  if (!hp) exit (1);

  bcopy (hp->h_addr, &addr, sizeof (struct in_addr));
  p = socket (s.sin_family = 2, 1, IPPROTO_TCP);
  s.sin_port = htons (FTPPORT);
  s.sin_addr.s_addr = inet_addr (inet_ntoa (addr));
  connect (p, &s, sizeof (s));
  alarm (4);			/*Time out after 4 seconds */
  read (p, buf, 255); /* Grab the banner*/

  if (strstr (buf, "Version wu-2.4.2-academ[BETA-18](1)"))
    {
      if (strstr (buf, "Mon Jan 18 19:19:31 EST 1999"))
	printf ("%s is patched.\n", inet_ntoa (addr));
      else
	printf ("%s is vulnerable.\n", inet_ntoa (addr));
/*It must be the "Mon Aug 3 19:17:20 EDT 1998) ready." banner. */
    }
  else
    printf ("%s does not look BETA-18.\n", inet_ntoa (addr));

  if (VERBOSE)
    printf ("%s\n\n", buf);
  write (p,"bye\n",4); /*We just want the banner no need to stick around.*/

}
<------end wuscan.c---------->
<-------wuss perl script----->
#!/usr/bin/perl -w
#Automate class C subnet scan, it doesnt check to see if the host is up
#could add a ping routine in here.
#Syntax  ./wuss [aaa.bbb.ccc]

$net = $ARGV[0];
$START=1;
$END=254;


while ($START < $END) {
  $HOST ="$net.$START";
  print `./wuscan $HOST`;
  $START = $START + 1;
}
<------wuss--------->




_______________________________________________________
Get your free, private email at http://mail.excite.com/