Cisco路由器安全扫描器—OCS v0.2
Cisco路由器安全扫描器,用于检测使用默认telnet/enable密码的Cisco设备。
/*
Author: OverIP
Andrea Piscopiello
overip at gmail.com
Source: OCS v 0.2
License: GPL
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
Email: Write me for any problem or suggestion at: overip at gmail.com
Date: 01/10/13
Read me: Just compile it with:
gcc ocs.c -o ocs -lpthread
Then run it with: ./OCS xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy
xxx.xxx.xxx.xxx=range start IP
yyy.yyy.yyy.yyy=range end IP
PAY ATTENTION: This source is coded for only personal use on
your own router Cisco. Don't hack around.
Special thanks to:
Khlero with your patience this code is out there :*
Shen139, without you I can't live
people that helped betatesting this code
Alex Kah and his Cisco Router
I love U all :*
*/
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/ioctl.h>
#include <fcntl.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <unistd.h>
#include <string.h>
#include <signal.h>
int i=0;
int j=0;
int k=0;
int l=0;
char buffer_a[700];
char buffer_b[700];
char buffer_c[700];
char tmpIP[16];
pthread_t threadname;
void callScan() // scanning
{
scanna(tmpIP);
pthread_exit(0);
}
static void funcAlarm() //alarm
{
pthread_exit(0);
}
int setnonblock(int sock) //setta socket non bloccanti
{
struct timeval timeout;
timeout.tv_sec = 10;
timeout.tv_usec = 0;
if (setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO,(char*) &timeout, sizeof(timeout)))
return 0;
return 1;
}
void init(struct sockaddr_in *address,int port,int IP)
{
address->sin_family=AF_INET;
address->sin_port=htons((u_short)port);
address->sin_addr.s_addr=IP;
}
int scanna(char*rangeIP) //scanning
{
int error;
int sd;
struct sockaddr_in server;
close(sd);
server.sin_family=AF_INET;
server.sin_port=htons(23);
server.sin_addr.s_addr=inet_addr(rangeIP);
sd=socket(AF_INET,SOCK_STREAM,0);
if(sd==-1)
{
printf("Socket Error(%s)\n",rangeIP);
close(sd);
pthread_exit(0);
}
// setnonblock(sd);
signal(SIGALRM,funcAlarm);
alarm(7);
fflush(stdout);
error=connect(sd,(struct sockaddr*)&server,sizeof(server));
if(error==0)
{
printf("\n\n-%s\n",rangeIP);
fflush(stdout);
memset(buffer_c, '\0',700);
recv(sd,buffer_c,700,0);
printf(" |Logging... %s\n",rangeIP);
fflush(stdout);
memset(buffer_a, '\0',700);
memset(buffer_b, '\0',700);
send(sd,"cisco\r",6,0);
sleep(1);
recv(sd,buffer_a,700,0);
if(strstr(buffer_a,"#"))
printf(" |Default Enable Passwords found! Vulnerable Router IP: %s\n\n\n", rangeIP);
else
if(strstr(buffer_a,">"))
{
printf(" |Default Telnet password found. %s\n",rangeIP);
fflush(stdout);
send(sd,"enable\r",7,0);
sleep(1);
send(sd,"cisco\r",6,0);
sleep(1);
recv(sd,buffer_b,700,0);
//printf(" Sto cercando di loggarmi in enable mode\n");
//fflush(stdout);
}
if(strstr(buffer_b,"#"))
printf(" |Default Telnet and Enable Passwords found! Vulnerable Router IP: %s\n\n\n", rangeIP);
else
printf(" |Router not vulnerable. \n");
fflush(stdout);
}
else
{
printf("\n\n(%s) Filtered Ports\n",rangeIP);
close(sd);
alarm(0);
signal(SIGALRM,NULL);
pthread_exit(0);
}
close(sd);
fflush(stdout);
alarm(0);
signal(SIGALRM,NULL);
pthread_exit(0);
}
char *getByte(char *IP,int index);
int function1(char* IP, char* IP2)
{
char rangeIP[16];
pid_t pid;
i=atoi(getByte(IP,1));
j=atoi(getByte(IP,2));
k=atoi(getByte(IP,3));
l=atoi(getByte(IP,4));
while(1)
{
sprintf(rangeIP,"%d.%d.%d.%d",i,j,k,l);
strcpy(tmpIP,rangeIP);
if(pthread_create(&threadname, NULL,callScan,NULL)!=0)
{
printf("+ Thread error:\n");
perror(" - pthread_create() ");
exit(0);
}
fflush(stdout);
pthread_join(threadname, NULL);
fflush(stdout);
l++;
if (l==256)
{
l=0;
k++;
if (k==256)
&n
补充:综合编程 , 安全编程 ,
