Welcome to HBH! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

Creating CGI-Bin Exploit Scanner

  1. Home
  2. Forum
  3. Programming
  4. Creating CGI-Bin Exploit Scanner

ghost's Avatar

ghost

0 0

hey guys. i wanna make my own cgi exploit scanner from the exploits in my article i wrote. how can i do this in VB? first of all i want them to imput a domain name in a textbox and then have it add on the exploit so that it would be site.com/exploit or w/e. Then display in a box whether it displays a 404, 403, or EXPLOIT FOUND. Any ideas where to start?

thanks

BlackACe227


ghost's Avatar

ghost

0 0

Well step 1, figure out what programming language u want to do this in… ill write u up 2 easy examples in VB, C++.

I am not to good with sockets in C++ seeing as my C++ is becoming rather sluggish after not practicing but ill show u how to add 2 strings together..

VB: Make a textbox and the button and everything and add this to the button. also have a webbrowser control somewhere on the form.

Dim a as string
Dim b as string
Dim c as string
b = "/exploit"
a = text1.text
c = a+b
WebBrowser1.Navigate c

that will just get whatever the user typed in the textbox and add the exploit specified in the variable b and then navigate to it.

C++:

#include <iostream.h>

using namespace std;

int main()
{
char a[256];
char* b[256];
char* c[256];
b = "/exploit";
cout<<"Please enter the URL to be exploited (e.g. www.google.com): ";
cin.getline(a, 256, '\n');
c = a + b;
cout<<"[!] Beggining exploit against "<<a<<"\n";

// Winsck navigation code here

return 0;
}

ghost's Avatar

ghost

0 0

i use VB6. i got all that you said. now i got a new question. like lets say i put in www.hellboundhackers.org. the first thing it does is add an /admin to the domain name. so it would be www.hellboundhackers.org/admin and it would popup and u would get a 404. the first textbox is for the domain name. the second box is for the displaying of attempting the exploit. i also have a webbrowser control. i also have a 3rd textbox so that it will display saying 404 instead of page not desplayed. so the program will open the link, see if its a real page, and then say in the third page 404,403,EXPLOIT found. i also wish to string them all together so i push a button and 200 exploits are loaded up and run one after another. any ideas on any of this?


ghost's Avatar

ghost

0 0

Here is php:```markup<?php

if(isset($_POST['domain'])) { $domain = $_POST; }

if(isset($domain)) {

//do the exploits

} else { ?><html><body><form action="thispage.php" method="post">Domain: <input type="text" name="domain" size="50" /><br /><input type="submit" value="go" /></form></body></html> <?php } ?>```


ghost's Avatar

ghost

0 0

i need VB lol.