rpc.ttdbserver scanner (adapted from statd scanner by BiT), it uses a file containing the list of ip's to scan. BFiSN98 (December 98). Linux - c source. Courtesy of soft project digital security for y2k
05145d5b163d2e69ed1cfd957250b9a0f75515bc8b529e83c010a091cee75de9
/* Questo e' un rpc.ttdbserver scanner, visto che la modifica dello statd
scanner in questo caso mi e' costata qualke secondo non me ne prendo il
merito... trovo assurdo che su rootshell vengano messi scanner di questo
tipo. L'originale e' lo statd di BiT! In questo scanner ho messo una
costante di nome RPC_NAME adattando questa a un determinato servizio rpc
potete creare quanti scanner x rpc volete ...
pIGpEN */
#include <stdio.h>
#include <netdb.h>
#include <stdlib.h>
#include <signal.h>
#include <rpc/rpc.h>
#include <arpa/inet.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <rpc/pmap_prot.h>
#include <rpc/pmap_clnt.h>
#define ERROR -1
#define RPC_NAME "ttdbserver"
void woopy(int s);
void usage(char *s);
void scan(char *i, char *o);
int statd(char *host);
unsigned long int res(char *p);
void usage(char *s)
{
printf("rpc.ttdbserver scanner\n");
printf("Usage: %s <inputfile> <outputfile>\n",s);
exit(ERROR);
}
void main(int argc, char **argv)
{
if(argc < 3) usage(argv[0]);
scan(argv[1], argv[2]);
}
void scan(char *i, char *o)
{
FILE *iff, *of;
char buf[512];
if((iff=fopen(i,"r")) == NULL)
return;
while(fgets(buf,512,iff) != NULL)
{
if(buf[strlen(buf)-1]=='\n')
buf[strlen(buf)-1]=0;
printf("\n%s",buf); /* Modifica per vedere l'host corrente */
if(statd(buf) && (of=fopen(o,"a")) != NULL) {
buf[strlen(buf)+1]=0;
buf[strlen(buf)]='\n';
fputs(buf,of);
fclose(of);
}
}
fclose(iff);
}
void woopy(int s)
{
return;
}
int statd(char *host)
{
struct sockaddr_in server_addr;
struct pmaplist *head = NULL;
int sockett = RPC_ANYSOCK;
struct timeval minutetimeout;
register CLIENT *client;
struct rpcent *rpc;
server_addr.sin_addr.s_addr=res(host);
server_addr.sin_family=AF_INET;
server_addr.sin_port = htons(PMAPPORT);
minutetimeout.tv_sec = 15;
minutetimeout.tv_usec = 0;
signal(SIGALRM,woopy);
alarm(15);
if ((client = clnttcp_create(&server_addr, PMAPPROG,
PMAPVERS, &sockett, 50, 500)) == NULL) {
alarm(0);
signal(SIGALRM,SIG_DFL);
return 0;
}
alarm(0);
signal(SIGALRM,SIG_DFL);
if (clnt_call(client, PMAPPROC_DUMP, (xdrproc_t) xdr_void, NULL,
(xdrproc_t) xdr_pmaplist, &head, minutetimeout) != RPC_SUCCESS)
return 0;
if (head != NULL)
for (; head != NULL; head = head->pml_next)
if((rpc = getrpcbynumber(head->pml_map.pm_prog)))
if(strcmp(rpc->r_name,RPC_NAME) == 0)
return 1;
return 0;
}
unsigned long int res(char *p)
{
struct hostent *h;
unsigned long int rv;
h=gethostbyname(p);
if(h!=NULL)
memcpy(&rv,h->h_addr,h->h_length);
else
rv=inet_addr(p);
return rv;
}