Do most people use other people's tools for intrusion? I am, too. But after learning programming, I always want to write some programs on my own and then use them to intrude into the system, here we will teach you how to realize your dream.
What we want to demonstrate today is the Telnet intrusion. The recent sunos_telnet attack is booming.
1. Scan an IP segment, so you need to write an IP scanner.
2. telnet banner check to check the Telnet response. Therefore, you need to write a system OS check depent op Telnet command.
3. Use sunos_telnet for testing. sunos_telnet.exe has been downloaded online.
Step 1:
/* Simple TCP portscan */
/* Scan only one IP Address */
# Include
# Include
# Include
# Include
# Include
# Include
# Include
# Include
# Include
# Include
# Include
# Define start_port 1
# Define stop_port 1024
Struct sockaddr_in ADDR;/* define ADDR In the struct sockaddr_in structure */
Struct hostent * Host;
Struct servent * reply;
Int Sock, I;
Int start_port;/* Start port */
Int stop_port;/* end port */
Int usage (char * pro)/* help */
{
Printf ("simple TCP established/N ");
Printf ("Usage: % s /N ", Pro );
Exit (1 );
}
Int scan (INT port)/* scan () scan */
{
If (sock = socket (af_inet, sock_stream, 0) socket/N ");
Exit (1 );
}
ADDR. sin_family = af_inet;
ADDR. sin_port = htons (port );
ADDR. sin_addr = * (struct in_addr *) Host-> h_addr;
If (connect (sock, (struct sockaddr *) & ADDR, sizeof (ADDR) = 0 )/*
Establish a connection and determine the port */
Return 0;/* succeeded */
Else
Return 1;/* failed */
}
Int main (INT argc, char * argv [])/* Main Program */
{
Char * service;
If (argc! = 4)
Usage (argv [0]);
Start_port = atoi (argv [2]);/* convert argv [2] to an integer */
Stop_port = atoi (argv [3]);/* convert argv [3] to an integer */
If (strcmp (argv [2], "-") = 0 & strcmp (argv [3], "-") = 0) {/* compare argv [2] argv [
3] and "-" symbols */
Start_port = start_port;/* if it is "-", the starting port is equal to 1 */
Stop_port = stop_port;/* if it is "-", the end port is equal to 1 */
}
If (start_port> stop_port) {/* If the starting port is greater than the ending port */
Printf ("Start port can not greater than Stop port./N ");
Usage (argv [0]);
Exit (1 );
}
If (host = gethostbyname (argv [1]) = NULL) {/* use gethostbyname ()
To obtain the peer information */
Printf ("can't get host info % s/n", argv [1]);
Exit (1 );
}
Printf ("scanning host % s from % d to % d ...................... /n ", argv [1],
Start_port, stop_port );
For (I = start_port; is_name;/* reply-> s_name is a port service */
Printf ("port % 5d is open./tservice/N", I, Service );
}
Close (sock );
}
}
/*************************************** **************************************/
Do you understand the above Code? If you can't understand it, or you cannot write it, use superscan,
Superscan scan results:
* + 209.249.191.73
| ___ 23 Telnet
| ___............
* + 209.249.191.74
| ___ 23 Telnet
* + 209.249.191.75
| ___ 23 Telnet
| ___.......#..'
* + 209.249.191.76
| ___ 23 Telnet
| ___.......#..'
* + 209.249.191.77
| ___ 23 Telnet
* + 209.249.191.78
| ___ 23 Telnet
| ___.......#..'
* + 209.249.202.166
| ___ 23 Telnet
| ___.......#..'
* + 209.249.202.167
| ___ 23 Telnet
| ___.......#..'
* + 209.249.202.168
| ___ 23 Telnet
| ___.......#..'
* + 209.249.242.3
| ___ 23 Telnet
| ___............
* + 209.249.242.14
| ___ 23 Telnet
| ___ ...... User access verification ...... password:
* + 209.249.249.171
| ___ 23 Telnet
| ___... #... '... $
* + 209.249.249.172
| ___ 23 Telnet
| ___... #... '... $
Do you really hate the previous * + and | ___ 23 Telnet | ___... #... '... $ stuff? Write another program to fix it,
/************************* Superscan clear. c ************************/
# Include
Main (INT argc, char * argv [])
{
File * In;/* inputfile definition */
File * out;/* outputfile definition */
Char Buf [1024];/* buffer */
Int I, J;
If (argc ", Argv [0]);
Exit ();
}
In = fopen (argv [1], "R");/* An error occurred while reading the file */
If (in = NULL)
Puts ("file open error ");
Out = fopen (argv [2], "W");/* write the file and check the error */
If (out = NULL)
Puts ("file write error ");
While (fgets (BUF, 21, in )! = NULL)/* input string */
{
For (I = 0; I clear inputfile.txt outputfile.txt
Inputfile is the superscan scan result file.
Outputfile is the file to be generated after processing. It is an IP file after being generated.
Step 2
Return banner via Telnet to determine the anti-system type. For example:
C:/> Telnet 209.249.249.171
Sunoperating 5.8
Login:
To determine the type of the reverse system.
/*************************************** ***********************************/
# Include
# Include
# Include
# Include
# Include
# Include
# Include
# Define port 23/* Define Port */
# Define Max 1024/* Buf length */
File * output;/* define outputfile */
Main (INT argc, char * argv [])
{
File * input;/* define inputfile */
Char scan_ip [1024];
If (argc /N ", Pro );
Printf ("system OS 1. SunOS 2. RedHat 3. FreeBSD/N ");
}
Telnet_banner (char * IP, char * OS)
{
Struct sockaddr_in ADDR;
U_char Buf [Max];
Int sock, size, I;
If (sock = socket (af_inet, sock_stream, ipproto_tcp) =-1 ){
Printf ("socket failt ");
Exit (1 );
}
ADDR. sin_family = af_inet;
ADDR. sin_port = htons (port );
ADDR. sin_addr.s_addr = inet_addr (IP );
If (connect (sock, (struct sockaddr *) & ADDR, sizeof (ADDR) =-1 ){
Printf ("Connect failt ");
Exit (1 );
}
While (1) {/* receive the banner loop */
Memset (BUF, 0, sizeof (BUF);/* Set Buf content to 0 */
If (size = read (sock, Buf, 1 ))
Systemos: 1. SunOS 2. Red Hat 3. FreeBSD
./Detector 1.txt 2.txt 1
1. txt is the processed superscan scan file.
2. txt is the file used for detector.
1 indicates SunOS, 2 indicates RedHat, and 3 indicates FreeBSD
After processing
* Scanhost 209.249.249.171 OS: SunOS 5.8
* Scanhost 209.249.249.172 OS: SunOS 5.8
Clear at a glance.
