#!/usr/bin/perl # Checks for RDS vulnerable web sites # Written by Max of SecurityApex.com [Max@SecurityApex.com] # www.SecurityApex.com # ----------------------------------------------------------- # # This is a perl script to scan a single host, all hosts in a # file, or a subnet for RDS vulnerable web sites. # (With the option of IDS-evasive mode (URL encoding)) # (With the option of Verbose mode (Show Everything)) # # ----------------------------------------------------------- # # usage: # ./RetaRDS.pl -h [host to check] (always verbose) # ./RetaRDS.pl -f [file with hosts to check] # ./RetaRDS.pl -s [subnet to check] # # examples: # ./RetaRDS.pl -h www.securityapex.com # ./RetaRDS.pl -f hosts.txt # ./RetaRDS.pl -s 123.231.121 # # other options: # ./RetaRDS.pl [variables] -i (for IDS-evasive mode) # ./RetaRDS.pl [variables] -v (for verbose mode) # ./RetaRDS.pl [variables] -i -v (for both ;) # # to log the output to a file, do: # # ./RetaRDS.pl [variables] > RetaRDS_log.txt # # ----------------------------------------------------------- use LWP::UserAgent; use HTTP::Request; use Getopt::Std; getopts("h:f:s:iv", \%args); if((!defined $args{h} && !defined $args{f}) && !defined $args{s}){ &help() } $IDS=defined $args{i}||0; $verbose=defined $args{v}||0; if(defined($args{h})){ if ($args{h} eq ""){ &help() } else { &intro($IDS,1); &singlehostscan($args{h},$IDS,1); } } if(defined($args{f})){ if ($args{f} eq ""){ &help() } else { &intro($IDS,$verbose); &filehostscan($args{f},$IDS,$verbose); } } if(defined($args{s})){ if ($args{s} eq ""){ &help() } else { &intro($IDS,$verbose); &subnetscan($args{s},$IDS,$verbose); } } sub singlehostscan(){ ($host, $enc, $ver) = @_; $ua = LWP::UserAgent->new; if($enc!=0){ $hids = "$host"; $hids=~s/([-a-zA-Z0-9.])/sprintf("%%%x",ord($1))/ge; $request = HTTP::Request->new(GET => "http://".$hids."/"); } else { $request = HTTP::Request->new(GET => "http://$host/"); } $response = $ua->request($request); $server = $response->server; if ($server eq "Microsoft-IIS/4.0") { if($enc!=0){ $hdll = "$host/msadc/msadcs.dll"; $hdll=~s/([-a-zA-Z0-9.])/sprintf("%%%x",ord($1))/ge; $dll = HTTP::Request->new(GET => "http://".$hdll); } else { $dll = HTTP::Request->new(GET => "http://$host/msadc/msadcs.dll"); } $msadc = $ua->request($dll); $xv = $msadc->content; if ($xv =~ /application\/x-varg/) { print "$host is vulnerable to RDS.\n"; } else { if($ver!=0){ print "$host is not vulnerable to RDS.\n"; } } } else { if($ver!=0){ print "$host is not vulnerable to RDS.\n"; } } } sub filehostscan(){ ($file, $enc, $ver) = @_; open(THEFILE, $file) or dienice("Couldnt open the file. Please make sure the file exists..."); @thefile = ; close(THEFILE); foreach $line (@thefile) { chomp($line); &singlehostscan($line,$enc,$ver); } } sub filehostscan(){ ($file, $enc, $ver) = @_; open(THEFILE, $file) or dienice("Couldnt open the file. Please make sure the file exists..."); @thefile = ; close(THEFILE); foreach $line (@thefile) { chomp($line); &singlehostscan($line,$enc,$ver); } } sub subnetscan(){ ($sub, $enc, $ver) = @_; for($i = 0; $i <= 256; $i++) { push(@subnets, $i); } foreach $number (@subnets) { chomp($number); &singlehostscan($sub.".".$number,$enc,$ver); } } sub intro(){ ($enc, $ver) = @_; if ($enc!=0){ if ($ver!=0){ print qq~ [RetaRDS.pl by Max of Security Apex] [ -www.SecurityApex.com- ] [ Using IDS-evasive mode ] [ Using Verbose Mode ] ~; } else { print qq~ [RetaRDS.pl by Max of Security Apex] [ -www.SecurityApex.com- ] [ Using IDS-evasive mode ] ~; } } else { if ($ver!=0){ print qq~ [RetaRDS.pl by Max of Security Apex] [ -www.SecurityApex.com- ] [ Using Verbose Mode ] ~; } else { print qq~ [RetaRDS.pl by Max of Security Apex] [ -www.SecurityApex.com- ] ~; } } } sub dienice() { ($msg) = @_; print "$msg"; exit; } sub help(){ print qq~ [RetaRDS.pl by Max of Security Apex] [ -www.SecurityApex.com- ] -h *scan single host (IP or domain [always verbose]) -f *host list to scan (file) -s *subnet to scan -i IDS-evasive mode (URL encoding) -v Verbose mode ~; exit; } sub dienice() { ($msg) = @_; print "$msg"; exit; } # EOF [Security.Apex]