• 热门专题

C++开发Cisco路由器安全扫描器

作者:  发布日期:2013-01-14 11:56:03
Tag标签:Cisco路由器  安全扫描器  
  • Cisco路由器安全扫描器,用于检测使用默认telnet/enable密码的Cisco设备。

    /*
       Author:  OverIP
             Andrea Piscopiello
             overip at gmail.com
       Source:  OCS v 0.2
       License: GPL
                This program is free software; you can redistribute it and/or
                modify it under the terms of the GNU General Public License
                as published by the Free Software Foundation; either version 2
                of the License, or (at your option) any later version.
       Email:   Write me for any problem or suggestion at: overip at gmail.com
       Date:    01/10/13
       Read me: Just compile it with:
    
                gcc ocs.c -o ocs -lpthread
    
                Then run it with: ./OCS xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy
            xxx.xxx.xxx.xxx=range start IP
            yyy.yyy.yyy.yyy=range end IP
    
          PAY ATTENTION: This source is coded for only personal use on
          your own router Cisco. Don't hack around.
    
          Special thanks to:
          Khlero with your patience this code is out there :*
          Shen139, without you I can't live 
          people that helped betatesting this code 
          Alex Kah and his Cisco Router 
          I love U all :*
    */
    
    #include <stdio.h>
    #include <stdlib.h>
    #include <sys/types.h>
    #include <sys/ioctl.h>
    #include <fcntl.h>
    #include <sys/socket.h>
    #include <netinet/in.h>
    #include <unistd.h>
    #include <string.h>
    #include <signal.h>
    
    int i=0;
    int j=0;
    int k=0;
    int l=0;
    
    char buffer_a[700];
    char buffer_b[700];
    char buffer_c[700];
    char tmpIP[16];
    
    pthread_t threadname;
    
    void callScan()        // scanning
    {
      scanna(tmpIP);
      pthread_exit(0);
    }
    
    static void funcAlarm()        //alarm
    {
      pthread_exit(0);
    }
    
    int setnonblock(int sock)  //setta socket non bloccanti
    {
      struct timeval timeout;
    
      timeout.tv_sec = 10;
      timeout.tv_usec = 0;
      if (setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO,(char*) &timeout, sizeof(timeout)))
      return 0;
      return 1;
    }
    
    void init(struct sockaddr_in *address,int port,int IP)
    {
      address->sin_family=AF_INET;
      address->sin_port=htons((u_short)port);
      address->sin_addr.s_addr=IP;
    }
    
    int scanna(char*rangeIP)      //scanning
    {
      int error;
      int sd;
    
      struct sockaddr_in server;
    
      close(sd);
    
      server.sin_family=AF_INET;
            server.sin_port=htons(23);
            server.sin_addr.s_addr=inet_addr(rangeIP);
    
      sd=socket(AF_INET,SOCK_STREAM,0);
      if(sd==-1)
      {
        printf("Socket Error(%s)\n",rangeIP);
        close(sd);
        pthread_exit(0);
      }
    
    //  setnonblock(sd);
      signal(SIGALRM,funcAlarm);
      alarm(7);
      fflush(stdout);
    
       error=connect(sd,(struct sockaddr*)&server,sizeof(server));
       if(error==0)
      {
        printf("\n\n-%s\n",rangeIP);
        fflush(stdout);
        memset(buffer_c, '\0',700);
        recv(sd,buffer_c,700,0);
        printf("  |Logging... %s\n",rangeIP);
        fflush(stdout);
        memset(buffer_a, '\0',700);
        memset(buffer_b, '\0',700);
    
        send(sd,"cisco\r",6,0);
    
        sleep(1);
    
        recv(sd,buffer_a,700,0);
    
        if(strstr(buffer_a,"#"))
          printf("  |Default Enable Passwords found! Vulnerable Router IP: %s\n\n\n", rangeIP);
        else
        if(strstr(buffer_a,">"))
        {
          printf("  |Default Telnet password found. %s\n",rangeIP);
          fflush(stdout);
          send(sd,"enable\r",7,0);
    
          sleep(1);
    
          send(sd,"cisco\r",6,0);
    
          sleep(1);
    
          recv(sd,buffer_b,700,0);
          //printf("  Sto cercando di loggarmi in enable mode\n");
          //fflush(stdout);
        }
        if(strstr(buffer_b,"#"))
        printf("  |Default Telnet and Enable Passwords found! Vulnerable Router IP: %s\n\n\n", rangeIP);
    
        else
    
        printf("  |Router not vulnerable. \n");
        fflush(stdout);
      }
      else
      {
        printf("\n\n(%s) Filtered Ports\n",rangeIP);
        close(sd);
        alarm(0);
        signal(SIGALRM,NULL);
        pthread_exit(0);
      }
    
      close(sd);
      fflush(stdout);
      alarm(0);
      signal(SIGALRM,NULL);
      pthread_exit(0);
    }
    
    char *getByte(char *IP,int index);
    
    int function1(char* IP, char* IP2)
    {
    
      char rangeIP[16];
    
      pid_t pid;
      i=atoi(getByte(IP,1));
      j=atoi(getByte(IP,2));
      k=atoi(getByte(IP,3));
      l=atoi(getByte(IP,4));
    
      while(1)
      {
    
        sprintf(rangeIP,"%d.%d.%d.%d",i,j,k,l);
        strcpy(tmpIP,rangeIP);
         if(pthread_create(&threadname, NULL,callScan,NULL)!=0)
        {
          printf("+    Thread error:\n");
          perror(" -    pthread_create() ");
          exit(0);
        }
        fflush(stdout);
        pthread_join(threadname, NULL);
        fflush(stdout);
        l++;
        if (l==256)
          {
            l=0;
            k++;
            if (k==256)
            {
              k=0;
              j++;
              if (j==256)
              {
                j=0;
                i++;
              }
            }
          }
    
        if(i==atoi(getByte(IP2,1)) && j==atoi(getByte(IP2,2)) && k==atoi(getByte(IP2,3)) && l==atoi(getByte(IP2,4)))
        {
          break;
        }
    
      }
    
        sprintf(rangeIP,"%d.%d.%d.%d",i,j,k,l);
        strcpy(tmpIP,rangeIP);
        fflush(stdout);
         if(pthread_create(&threadname, NULL,callScan,NULL)!=0)
        {
          printf("+    Thread error:\n");
          perror(" -    pthread_create() ");
          exit(0);
        }
        pthread_join(threadname, NULL);
    
      fflush(stdout);
    }
    
    int main(int argc,char *argv[])
    {
    
      int w;
    
       printf("********************************* OCS v 0.2 **********************************\n");
       printf("****                                                                      ****\n");
       printf("****                           coded by OverIP                            ****\n");
       printf("****                           overip at gmail.com                        ****\n");
       printf("****                           under GPL License                          ****\n");
       printf("****                                                                      ****\n");
       printf("****             usage: ./ocs xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy             ****\n");
       printf("****                                                                      ****\n");
       printf("****                   xxx.xxx.xxx.xxx = range start IP                   ****\n");
       printf("****                    yyy.yyy.yyy.yyy = range end IP                    ****\n");
       printf("****                                                                      ****\n");
       printf("******************************************************************************\n");
    
      if(argc!=3)
    
      {
        printf("use: %s IP IP\n",argv[0]);
        exit(-1);
      }
    
      for(w=1;w<=5;w++)
      if(atoi(getByte(argv[1],w))>255 || atoi(getByte(argv[2],w))>255)
      {
        printf("use: ./OCS IP IP\n");
        exit (-1);
      }
    
      for(w=1;w<=5;w++)
      if(atoi(getByte(argv[1],w))<atoi(getByte(argv[2],w)))
      {
        function1(argv[1],argv[2]);
        return 0;
      }
    
      else if(atoi(getByte(argv[1],w))>atoi(getByte(argv[2],w)))
      {
        printf("use: %s IP IP\n",argv[0]);
        return 0;
      }
    
      printf("Same IPs \n");
      fflush(stdout);
      scanna(argv[1]);
      return 0;
    }
    
    char *getByte(char *IP,int index)
    {
    
      int i=0;
      int separator=0;
      static char byte[3];
    
      for(i=0;i<4;i++)
      byte[i]='\0';
      memset(byte,0,sizeof(byte));
    
      for(i=0;i<strlen(IP);i++)
      {
    
        if((IP[i]=='.') && (separator==index-1))
    
        {
          return byte;
        }
    
        else
        if(IP[i]=='.')
    
        {
        separator++;
        }
    
        else
        if (separator==index-1)
    
        {
          strncat(byte,&IP[i],1);
        }
    
      }
    
      return byte;
    }

     

延伸阅读:

About IT165 - 广告服务 - 隐私声明 - 版权申明 - 免责条款 - 网站地图 - 网友投稿 - 联系方式
本站内容来自于互联网,仅供用于网络技术学习,学习中请遵循相关法律法规