hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
Full Version: Stwan
GovernmentSecurity.org > The Archives > Public Downloads
starsky32
May 22 2004, 01:03 PM
hello, here's another little tool I made for me, to retrieve the wan ip of a computer (local & mac adress too).

CODE

                              = StWan =

*Description:
-------------

StWan is a small tool to retrieve lan / wan or mac IP adress on a computer.

Usage:   StWAN [options]

/l     resolve local ip address
/p     resolve public/wan ip address
/m     resolve mac address
/b     output only the ip


Exemple: stwan /p /b
       
        outputs the public/wan ip adresses without the little notice.
        /b is usefull in a batch if you have to redirect output for more
        than one computer (stwan /p /b >> ip.txt),  and don't want to
        read "StWan - lan/wan/mac IP retriever by Starsky32"
        at each line;-)
       

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~


Hope you find it useful.

Starsky32.

*** Edited : fixed a **Stupid** bug, thanx to MxMx ;-) . The new version now display always correctly the wan ip.
dmg
May 22 2004, 02:22 PM
Thanx for the tool mate.

McAfee finds W32/Cult.worm.gen in it though. sad.gif
starsky32
May 22 2004, 03:02 PM
QUOTE (dmg @ May 22 2004, 02:22 PM)
McAfee finds W32/Cult.worm.gen in it though. sad.gif

? ? ? Are you sure ? Is it because it's compressed with fsg ? Well It is my OWN code and I checked it, there's no worm in the exe.

Information about Cult.worm.gen:
http://www.trendmicro.com/vinfo/virusencyc...ame=WORM_CULT.A

Well although you can notice the tool have to access the web to retrieve the wan ip(no other ways to do it) it drops no backdoor nor modify your registry or something else. I'm very surprised to see Mcaffe detecting it as a worm, do they decided to mark as a worm everything packed with an exe compressor ? I don't know... well, you can try to unpack it with fsgdecompressor (it's not crypted in any way) and see if Mcaffe detect it again ? Please tell me, I'm curious about that, as NOD32 & KAV don't say anything about it.

thx by advance.

Starsky32.

MxMx
May 22 2004, 03:44 PM
great tool ..
but it doesnt show me the whole IP address

if my stro ip is 66.66.66.10

the file says 66.66.66.1

maybe you should change something?

lol

ltr
starsky32
May 22 2004, 04:07 PM
Thx MxMx, I haven't noticed that. It was a stupid bug, believe me -lol-...
Now it's fixed, re-download and tell me if it works correctly on your stro now ;-)

Starsky32
illwill
May 22 2004, 06:39 PM
http://eternam.netfirms.com/cgi-bin/rip.cgi u get the external wan ip from the html
CODE
<h2>68.9.159.9</h2>
i used this method for my simple tool

http://www.illmob.org/0day/illmob_apps/wanIP.exe it pops up the wanip in a msgbox

i had mine check http://checkip.dyndns.org/ and http://www.illmob.org/wan/ from my site just in case either one was down it would still get a good reading.. sometimes netfirms is flaky when you connect to their sites and they says the site cannot be reach try again in a few minutes.. so your code will fail then
vnet576
May 22 2004, 06:57 PM
Here is the way that I grab the ip from whatismyip.com. I posted it in codlinx awhile ago:

CODE
#include <stdio.h>
#include <windows.h>
#include <wininet.h>
#pragma comment(lib, "wininet")

int main()
{  
  HINTERNET httpopen, openurl;
char buffer[1024], ip[16];
DWORD read;
char *check;

if((httpopen = InternetOpen(NULL, INTERNET_OPEN_TYPE_DIRECT, NULL, NULL, 0)) == NULL)
{
printf("InternetOpen(): %d", GetLastError());
return 0;
}

if((openurl = InternetOpenUrl(httpopen, "http://www.whatismyip.com", NULL, NULL, INTERNET_FLAG_RELOAD | INTERNET_FLAG_NO_CACHE_WRITE, NULL)) == NULL)
{
printf("InternetOpenUrl(): %d", GetLastError());
return 0;
}

if(InternetReadFile(openurl, buffer, sizeof(buffer), &read) == FALSE)
{
printf("InternetReadFile(): %d", GetLastError());
return 0;
}
else
{
if((check = strstr(buffer, "<h1>Your IP is")) != NULL)
{
 sscanf(check, "<h1>Your IP is %s", ip);
 printf("%s", ip);
}
}

  return 0;
}
hidden
May 22 2004, 07:06 PM
try this tool it retrieve ur wan and lan ip simply
illwill
May 22 2004, 07:39 PM
yea hidden that tools is one of robin keir's tools www.keir.net if someone doesnt like hidden's french version tongue.gif yea vnet c++ code is so much easier to parse html etc.. asm was a bitch ... nice clean code you have though wink.gif
MxMx
May 22 2004, 09:01 PM
noy yet working correctly ..
it doesnt show me the last 3 digits of my IP

sad.gif

hope U can fix that laugh.gif
starsky32
May 22 2004, 11:05 PM
I'm sorry MxMx sad.gif , but I didn't success to find the bug yet, I tried some IP, seems to work ok. (?) What is the form of the ip who failed ? (how many digits, for example something like that xxx.yy.zzz.w or something else...). If I find the bug be sure I will fix it... Anybody else got this problem with my tool ?

* illwill : thx for pointing out the fact that sometimes netfirms are unreachable, I didn't noticed it yet as I just opened this account for this tool (the only free host with cgi I found, but maybe I didn't searched enough...), so I will try to use another url for an other version.
I didn't know that you already used this method for one of your tools, in fact I find it myself (but took me a lot of time to find this simple technique LOOL) and originally did it for my own usage. As I thought it could be usefull and didn't know the existence of your tool I posted this one... Although I found this one myself, this give me the occasion to thank you for all the great tools you made and for the inspiration you give to us.

Starsky32
MxMx
May 23 2004, 06:50 AM
hehe ..
OK, ill try to help you out ..
Ive tried this stwan prog on my own pc ..
my IP structure is xxx.yyy.zzz.www
12 digits .. I think there is the dug in the code .. not sure of course laugh.gif
STWAn btw shows me only xxx.yyy.zzz.w the last 2 digits are not there as you see.
maybe my OS has something to do with it .. im running win98SE..

hope this is enough info to find the bug? laugh.gif

Thanks
illwill
May 23 2004, 05:06 PM
thanx starsky
btw maybe the bug in the code is the way you parse the html for the ip... are you relying on the ip to be a certain length or are you grabbing whats in between < h2>
if you are just grabbing what inbetween make sure your buffer length is enough (16)

starsky32
May 24 2004, 10:14 PM
Well I ckeck the tool on some NT boxes and all seems ok. Yes illwill, I'm grabbing whats in between < h2> in the page, and the buffer length seems to be enough, thx for the advice ;-) . So I really don't know what's the problem... MxMx, did you try it only on your win98 or on some NT boxes ? It seems the tool is ok for NT but maybe there's a problem with non NT OS, but as I program only on linux or NT, I really don't know what it could be...Well, I will try to have access to a win98 OS to see what can be wrong in my code, be sure I will post an other version as soon as I will found the problem.
If someone else have this bug (or something else), thanx by advance to tell me.

Starsky32.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.