Re: Apache Chunk Code Files

• Original Message ----- From: "Muhammad Faisal Rauf Danka" <mfrd@attitudex.com> To: <pen-test@securityfocus.com> Cc: "Asim Shaikh" <wezmaster@hotmail.com> Sent: Friday, April 04, 2003 7:39 PM Subject: Re: Apache Chunk Code Files

> Not sure if apache-scalp exists for windows, or if someone took the time
out to port it for win32 but you could always >try to compile it on Cygwin over WinXP.

They (and apache-chunk.c) all compile fine first time under Cygwin. Once compiled, all you need are the required .dll's, mainly cygwin1.dll, to run it on another host.

> However I'd advice you to use a real linux distribution for this purpose
like Slackware, Redhat, Debian etc.

Why ? It's very rare that I come across a remote exploit that does not compile under Cygwin - most need no tweaking and a few require additions to the include paths, but that's all.

Cheers.

nexus@drizzt ~/Misc Code
$ gcc apache-scalp.c -o foo.exe

nexus@drizzt ~/Misc Code
$ ./foo.exe
Usage: ./foo <target#|base address> <ip[:port]>

  Using targets:        ./apache-scalp 3 127.0.0.1:8080
  Using bruteforce:     ./apache-scalp 0x8f000 127.0.0.1:8080

• --- - Potential targets list - --- ---- Target ID / Target specification 0 / OpenBSD 3.0 x86 / Apache 1.3.20 1 / OpenBSD 3.0 x86 / Apache 1.3.22 2 / OpenBSD 3.0 x86 / Apache 1.3.24 3 / OpenBSD 3.1 x86 / Apache 1.3.20 4 / OpenBSD 3.1 x86 / Apache 1.3.23 5 / OpenBSD 3.1 x86 / Apache 1.3.24 6 / OpenBSD 3.1 x86 / Apache 1.3.24 #2

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

nexus@drizzt ~/Misc Code
$ strings foo.exe | grep .dll
cygwin1.dll
KERNEL32.dll

nexus@drizzt ~/Misc Code
$ uname -a
CYGWIN_NT-5.0 drizzt 1.3.22(0.78/3/2) 2003-03-18 09:20 i686 unknown unknown Cygwin

nexus@drizzt ~/Misc Code

top spam and e-mail risk at the gateway. SurfControl E-mail Filter puts the brakes on spam & viruses and gives you the reports to prove it. See exactly how much junk never even makes it in the door. Free 30-day trial: http://www.securityfocus.com/SurfControl-pen-test Received on Sat Apr 5 12:09:35 2003