记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

Cisco路由器安全扫描器—OCS v0.2

2013-01-14 13:10

Cisco路由器安全扫描器,用于检测使用默认telnet/enable密码的Cisco设备

/*   Author:  OverIP         Andrea Piscopiello         overip at gmail.com   Source:  OCS v 0.2   License: GPL            This program is free software; you can redistribute it and/or            modify it under the terms of the GNU General Public License            as published by the Free Software Foundation; either version 2            of the License, or (at your option) any later version.   Email:   Write me for any problem or suggestion at: overip at gmail.com   Date:    01/10/13   Read me: Just compile it with:            gcc ocs.c -o ocs -lpthread            Then run it with: ./OCS xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy        xxx.xxx.xxx.xxx=range start IP        yyy.yyy.yyy.yyy=range end IP      PAY ATTENTION: This source is coded for only personal use on      your own router Cisco. Don't hack around.      Special thanks to:      Khlero with your patience this code is out there :*      Shen139, without you I can't live :D      people that helped betatesting this code :)      Alex Kah and his Cisco Router :)      I love U all :**/#include <stdio.h>#include <stdlib.h>#include <sys/types.h>#include <sys/ioctl.h>#include <fcntl.h>#include <sys/socket.h>#include <netinet/in.h>#include <unistd.h>#include <string.h>#include <signal.h>int i=0;int j=0;int k=0;int l=0;char buffer_a[700];char buffer_b[700];char buffer_c[700];char tmpIP[16];pthread_t threadname;void callScan()        // scanning{  scanna(tmpIP);  pthread_exit(0);}static void funcAlarm()        //alarm{  pthread_exit(0);}int setnonblock(int sock)  //setta socket non bloccanti{  struct timeval timeout;  timeout.tv_sec = 10;  timeout.tv_usec = 0;  if (setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO,(char*) &timeout, sizeof(timeout)))  return 0;  return 1;}void init(struct sockaddr_in *address,int port,int IP){  address->sin_family=AF_INET;  address->sin_port=htons((u_short)port);  address->sin_addr.s_addr=IP;}int scanna(char*rangeIP)      //scanning{  int error;  int sd;  struct sockaddr_in server;  close(sd);  server.sin_family=AF_INET;        server.sin_port=htons(23);        server.sin_addr.s_addr=inet_addr(rangeIP);  sd=socket(AF_INET,SOCK_STREAM,0);  if(sd==-1)  {    printf("Socket Error(%s)\n",rangeIP);    close(sd);    pthread_exit(0);  }//  setnonblock(sd);  signal(SIGALRM,funcAlarm);  alarm(7);  fflush(stdout);   error=connect(sd,(struct sockaddr*)&server,sizeof(server));   if(error==0)  {    printf("\n\n-%s\n",rangeIP);    fflush(stdout);    memset(buffer_c, '\0',700);    recv(sd,buffer_c,700,0);    printf("  |Logging... %s\n",rangeIP);    fflush(stdout);    memset(buffer_a, '\0',700);    memset(buffer_b, '\0',700);    send(sd,"cisco\r",6,0);    sleep(1);    recv(sd,buffer_a,700,0);    if(strstr(buffer_a,"#"))      printf("  |Default Enable Passwords found! Vulnerable Router IP: %s\n\n\n", rangeIP);    else    if(strstr(buffer_a,">"))    {      printf("  |Default Telnet password found. %s\n",rangeIP);      fflush(stdout);      send(sd,"enable\r",7,0);      sleep(1);      send(sd,"cisco\r",6,0);      sleep(1);      recv(sd,buffer_b,700,0);      //printf("  Sto cercando di loggarmi in enable mode\n");      //fflush(stdout);    }    if(strstr(buffer_b,"#"))    printf("  |Default Telnet and Enable Passwords found! Vulnerable Router IP: %s\n\n\n", rangeIP);    else    printf("  |Router not vulnerable. \n");    fflush(stdout);  }  else  {    printf("\n\n(%s) Filtered Ports\n",rangeIP);    close(sd);    alarm(0);    signal(SIGALRM,NULL);    pthread_exit(0);  }  close(sd);  fflush(stdout);  alarm(0);  signal(SIGALRM,NULL);  pthread_exit(0);}char *getByte(char *IP,int index);int function1(char* IP, char* IP2){  char rangeIP[16];  pid_t pid;  i=atoi(getByte(IP,1));  j=atoi(getByte(IP,2));  k=atoi(getByte(IP,3));  l=atoi(getByte(IP,4));  while(1)  {    sprintf(rangeIP,"%d.%d.%d.%d",i,j,k,l);    strcpy(tmpIP,rangeIP);     if(pthread_create(&threadname, NULL,callScan,NULL)!=0)    {      printf("+    Thread error:\n");      perror(" -    pthread_create() ");      exit(0);    }    fflush(stdout);    pthread_join(threadname, NULL);    fflush(stdout);    l++;    if (l==256)      {        l=0;        k++;        if (k==256)        {          k=0;          j++;          if (j==256)          {            j=0;            i++;          }        }      }    if(i==atoi(getByte(IP2,1)) && j==atoi(getByte(IP2,2)) && k==atoi(getByte(IP2,3)) && l==atoi(getByte(IP2,4)))    {      break;    }  }    sprintf(rangeIP,"%d.%d.%d.%d",i,j,k,l);    strcpy(tmpIP,rangeIP);    fflush(stdout);     if(pthread_create(&threadname, NULL,callScan,NULL)!=0)    {      printf("+    Thread error:\n");      perror(" -    pthread_create() ");      exit(0);    }    pthread_join(threadname, NULL);  fflush(stdout);}int main(int argc,char *argv[]){  int w;   printf("********************************* OCS v 0.2 **********************************\n");   printf("****                                                                      ****\n");   printf("****                           coded by OverIP                            ****\n");   printf("****                           overip at gmail.com                        ****\n");   printf("****                           under GPL License                          ****\n");   printf("****                                                                      ****\n");   printf("****             usage: ./ocs xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy             ****\n");   printf("****                                                                      ****\n");   printf("****                   xxx.xxx.xxx.xxx = range start IP                   ****\n");   printf("****                    yyy.yyy.yyy.yyy = range end IP                    ****\n");   printf("****                                                                      ****\n");   printf("******************************************************************************\n");  if(argc!=3)  {    printf("use: %s IP IP\n",argv[0]);    exit(-1);  }  for(w=1;w<=5;w++)  if(atoi(getByte(argv[1],w))>255 || atoi(getByte(argv[2],w))>255)  {    printf("use: ./OCS IP IP\n");    exit (-1);  }  for(w=1;w<=5;w++)  if(atoi(getByte(argv[1],w))<atoi(getByte(argv[2],w)))  {    function1(argv[1],argv[2]);    return 0;  }  else if(atoi(getByte(argv[1],w))>atoi(getByte(argv[2],w)))  {    printf("use: %s IP IP\n",argv[0]);    return 0;  }  printf("Same IPs \n");  fflush(stdout);  scanna(argv[1]);  return 0;}char *getByte(char *IP,int index){  int i=0;  int separator=0;  static char byte[3];  for(i=0;i<4;i++)  byte[i]='\0';  memset(byte,0,sizeof(byte));  for(i=0;i<strlen(IP);i++)  {    if((IP[i]=='.') && (separator==index-1))    {      return byte;    }    else    if(IP[i]=='.')    {    separator++;    }    else    if (separator==index-1)    {      strncat(byte,&IP[i],1);    }  }  return byte;}
知识来源: www.freebuf.com/tools/6836.html

阅读:133600 | 评论:0 | 标签:工具

想收藏或者和大家分享这篇好文章→复制链接地址

“Cisco路由器安全扫描器—OCS v0.2”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

九层之台,起于累土;黑客之术,始于阅读

推广

工具

标签云