Twenty Year Anniversary

OCS Cisco Scanner 0.2

OCS Cisco Scanner 0.2
Posted Jan 11, 2013
Authored by OverIP | Site hacklab.tk

Compact mass scanner for Cisco routers with default telnet/enable passwords.

Changes: Various updates and bug fixes.
tags | tool, scanner
systems | cisco, unix
MD5 | 6543def16345b13b7cbc69e08d1d3a8c

OCS Cisco Scanner 0.2

Change Mirror Download
/*
Author: OverIP
Andrea Piscopiello
overip at gmail.com
Source: OCS v 0.2
License: GPL
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
Email: Write me for any problem or suggestion at: overip at gmail.com
Date: 01/10/13
Read me: Just compile it with:

gcc ocs.c -o ocs -lpthread

Then run it with: ./OCS xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy
xxx.xxx.xxx.xxx=range start IP
yyy.yyy.yyy.yyy=range end IP

PAY ATTENTION: This source is coded for only personal use on
your own router Cisco. Don't hack around.

Special thanks to:
Khlero with your patience this code is out there :*
Shen139, without you I can't live :D
people that helped betatesting this code :)
Alex Kah and his Cisco Router :)
I love U all :*
*/


#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/ioctl.h>
#include <fcntl.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <unistd.h>
#include <string.h>
#include <signal.h>


int i=0;
int j=0;
int k=0;
int l=0;


char buffer_a[700];
char buffer_b[700];
char buffer_c[700];
char tmpIP[16];

pthread_t threadname;


void callScan() // scanning
{
scanna(tmpIP);
pthread_exit(0);
}


static void funcAlarm() //alarm
{
pthread_exit(0);
}


int setnonblock(int sock) //setta socket non bloccanti
{
struct timeval timeout;

timeout.tv_sec = 10;
timeout.tv_usec = 0;
if (setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO,(char*) &timeout, sizeof(timeout)))
return 0;
return 1;
}


void init(struct sockaddr_in *address,int port,int IP)
{
address->sin_family=AF_INET;
address->sin_port=htons((u_short)port);
address->sin_addr.s_addr=IP;
}


int scanna(char*rangeIP) //scanning
{
int error;
int sd;

struct sockaddr_in server;

close(sd);

server.sin_family=AF_INET;
server.sin_port=htons(23);
server.sin_addr.s_addr=inet_addr(rangeIP);

sd=socket(AF_INET,SOCK_STREAM,0);
if(sd==-1)
{
printf("Socket Error(%s)\n",rangeIP);
close(sd);
pthread_exit(0);
}

// setnonblock(sd);
signal(SIGALRM,funcAlarm);
alarm(7);
fflush(stdout);

error=connect(sd,(struct sockaddr*)&server,sizeof(server));
if(error==0)
{
printf("\n\n-%s\n",rangeIP);
fflush(stdout);
memset(buffer_c, '\0',700);
recv(sd,buffer_c,700,0);
printf(" |Logging... %s\n",rangeIP);
fflush(stdout);
memset(buffer_a, '\0',700);
memset(buffer_b, '\0',700);

send(sd,"cisco\r",6,0);

sleep(1);

recv(sd,buffer_a,700,0);

if(strstr(buffer_a,"#"))
printf(" |Default Enable Passwords found! Vulnerable Router IP: %s\n\n\n", rangeIP);
else
if(strstr(buffer_a,">"))
{
printf(" |Default Telnet password found. %s\n",rangeIP);
fflush(stdout);
send(sd,"enable\r",7,0);

sleep(1);

send(sd,"cisco\r",6,0);

sleep(1);

recv(sd,buffer_b,700,0);
//printf(" Sto cercando di loggarmi in enable mode\n");
//fflush(stdout);
}
if(strstr(buffer_b,"#"))
printf(" |Default Telnet and Enable Passwords found! Vulnerable Router IP: %s\n\n\n", rangeIP);

else

printf(" |Router not vulnerable. \n");
fflush(stdout);
}
else
{
printf("\n\n(%s) Filtered Ports\n",rangeIP);
close(sd);
alarm(0);
signal(SIGALRM,NULL);
pthread_exit(0);
}

close(sd);
fflush(stdout);
alarm(0);
signal(SIGALRM,NULL);
pthread_exit(0);
}


char *getByte(char *IP,int index);

int function1(char* IP, char* IP2)
{

char rangeIP[16];

pid_t pid;
i=atoi(getByte(IP,1));
j=atoi(getByte(IP,2));
k=atoi(getByte(IP,3));
l=atoi(getByte(IP,4));

while(1)
{

sprintf(rangeIP,"%d.%d.%d.%d",i,j,k,l);
strcpy(tmpIP,rangeIP);
if(pthread_create(&threadname, NULL,callScan,NULL)!=0)
{
printf("+ Thread error:\n");
perror(" - pthread_create() ");
exit(0);
}
fflush(stdout);
pthread_join(threadname, NULL);
fflush(stdout);
l++;
if (l==256)
{
l=0;
k++;
if (k==256)
{
k=0;
j++;
if (j==256)
{
j=0;
i++;
}
}
}

if(i==atoi(getByte(IP2,1)) && j==atoi(getByte(IP2,2)) && k==atoi(getByte(IP2,3)) && l==atoi(getByte(IP2,4)))
{
break;
}

}

sprintf(rangeIP,"%d.%d.%d.%d",i,j,k,l);
strcpy(tmpIP,rangeIP);
fflush(stdout);
if(pthread_create(&threadname, NULL,callScan,NULL)!=0)
{
printf("+ Thread error:\n");
perror(" - pthread_create() ");
exit(0);
}
pthread_join(threadname, NULL);

fflush(stdout);
}


int main(int argc,char *argv[])
{

int w;

printf("********************************* OCS v 0.2 **********************************\n");
printf("**** ****\n");
printf("**** coded by OverIP ****\n");
printf("**** overip at gmail.com ****\n");
printf("**** under GPL License ****\n");
printf("**** ****\n");
printf("**** usage: ./ocs xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy ****\n");
printf("**** ****\n");
printf("**** xxx.xxx.xxx.xxx = range start IP ****\n");
printf("**** yyy.yyy.yyy.yyy = range end IP ****\n");
printf("**** ****\n");
printf("******************************************************************************\n");

if(argc!=3)

{
printf("use: %s IP IP\n",argv[0]);
exit(-1);
}

for(w=1;w<=5;w++)
if(atoi(getByte(argv[1],w))>255 || atoi(getByte(argv[2],w))>255)
{
printf("use: ./OCS IP IP\n");
exit (-1);
}


for(w=1;w<=5;w++)
if(atoi(getByte(argv[1],w))<atoi(getByte(argv[2],w)))
{
function1(argv[1],argv[2]);
return 0;
}

else if(atoi(getByte(argv[1],w))>atoi(getByte(argv[2],w)))
{
printf("use: %s IP IP\n",argv[0]);
return 0;
}


printf("Same IPs \n");
fflush(stdout);
scanna(argv[1]);
return 0;
}


char *getByte(char *IP,int index)
{

int i=0;
int separator=0;
static char byte[3];

for(i=0;i<4;i++)
byte[i]='\0';
memset(byte,0,sizeof(byte));

for(i=0;i<strlen(IP);i++)
{

if((IP[i]=='.') && (separator==index-1))

{
return byte;
}

else
if(IP[i]=='.')

{
separator++;
}

else
if (separator==index-1)

{
strncat(byte,&IP[i],1);
}

}

return byte;
}


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

November 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    10 Files
  • 2
    Nov 2nd
    15 Files
  • 3
    Nov 3rd
    2 Files
  • 4
    Nov 4th
    2 Files
  • 5
    Nov 5th
    32 Files
  • 6
    Nov 6th
    27 Files
  • 7
    Nov 7th
    8 Files
  • 8
    Nov 8th
    9 Files
  • 9
    Nov 9th
    17 Files
  • 10
    Nov 10th
    2 Files
  • 11
    Nov 11th
    2 Files
  • 12
    Nov 12th
    33 Files
  • 13
    Nov 13th
    29 Files
  • 14
    Nov 14th
    23 Files
  • 15
    Nov 15th
    45 Files
  • 16
    Nov 16th
    11 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close