ummmm.c v2.1 is a URL obfuscation tool which converts something like /cgi-bin/some.cgi into %2f%63%67%69%2d%62%69%6e%2f%73%6f%6d%65%2e%63%67%69. It might be used in cgi scanners which require an input file with cgi requests.
4968493ed605717ad8e51ff70428152b2255e6ab112c2e87c121f76b07e16000/*
* ummmm.c (version 2.1)
* -------
* Will convert strings like "blah" to "<char(s)>62<char(s)>6c<char(s)>61<char(s)>68" for wrinting stuff in
* shellcode, http ascii code, .....
*
* Respect to Tessa, demongirl, Mr Magnet1c, vorlon, hmm.. Well, the entire Securax crew,
* and so many others we left out.
*
* originaly by Incubus
* <incubus@securax.org>
* http://www.securax.org/incubus
*
* changed by R00T-dude
* <ilja@securax.org>
* http://www.securax.org/htwx
*
*/
#include <stdio.h>
#include <string.h> /* needed for void bzero() */
int main(int argc, char *argv[])
{
FILE *input;
FILE *output;
char getit[5];
char cgi[10000];
int i, b;
if (argc != 3)
{
printf("\nummmm.c v2.1 - translates normal txt to shellcode");
printf("\noriginaly incubus <incubus@securax.org>, changed by R00T-dude <ilja@securax.org>\n");
printf("\nusage %s <filename to read from> <filename to write to>\n\n", argv[0]);
return 0;
}
printf("********************************************\n");
printf("* ummmm v2.1 *\n");
printf("*originaly by incubus, changed by R00T-dude*\n");
printf("* translates normal txt *\n");
printf("* to <char(s)><ascii code> *\n");
printf("********************************************\n");
input = fopen(argv[1],"r");
if (input == NULL)
{
printf("I/O Error. could not open %s\n\n", argv[1]);
return -1;
}
output = fopen(argv[2], "a");
if (output == NULL)
{
printf("I/O Error, could not open %s\n\n", argv[2]);
return -1;
}
printf("give in the character(s) you want before the ascii code [max : 5 chars]: ");
fgets(getit, sizeof(getit), stdin);
for(b=0; b <= sizeof(getit); b++)
{
if(getit[b] == '\n') /* taking off the nextline character !!! */
{
bzero(&getit[b], 1) ;
}
}
while (!feof(input))
{
i=0;
if (fscanf(input, "%c", &cgi[i]))
{
if (cgi[i] != '\n')
{
fprintf(output, "%s%x", getit, cgi[i]);
}
else
fprintf (output, "\n");
}
i++;
}
fclose(input); /* close file properly ! */
fclose(output);/* close file properly ! */
return 0;
}
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed