exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

ftpdse.c

ftpdse.c
Posted Jul 27, 2000
Authored by venomous | Site rdcrew.com.ar

Ftpdse scans a list of IP addresses for FTP servers, logs the version, and can optionally see if site exec accepts format strings.

tags | tool, scanner
systems | unix
SHA-256 | 2203a1227b7895400cdfbf6ab6e306613fc5af3eea72148088c3760eb25d6eaf

ftpdse.c

Change Mirror Download
/* 
* ftpdse 0.1b - by vENOMOUS of rdC - 25/jul/00 - http://www.rdcrew.com.ar
*
* This will open a specific file [-f file], get the IPs from it,
* then, check if FTP port [ -p 21 ] is open and log the version.
* If you specify the [ -s ] flag it will try log into the FTP
* and execute the command 'site exec %p' for see if is vulnerable,
* you can specific -o flag to execute that command only in wuftpd2.6.0
*
* Greets: elbruj0 / den0 / ka0z / meengo / #rdC / #flatline
*
*/

#include <stdio.h>
#include <netdb.h>
#include <netinet/in.h>
#include <unistd.h>
#include <signal.h>

char rdcopenfile(char g0d[257]);
void usage(char *damn);
void RDCconnect2(char host[1000], int puerto);
void sigh();
int ftp_command(int sox, char comando[1024]);
int checkresponse(char comando[1024], char respuesta[1024]);

FILE *file;

char ipsfile[256],
bleh[10000][200],
homer[256];

int sockfd,
leen2=0,
login=0,
only2600=0,
guia=0,
heh=0,
xx=0;

int main(int argc, char **argv)
{
char arg;

int p0rt=21;

if ( argc < 3 )
usage(argv[0]);

while ((arg = getopt(argc, argv, "f:p:os")) != EOF)
{
switch(arg)
{
case 'f':
strncpy(ipsfile,optarg,128);
break;
case 'p':
p0rt = atoi (optarg);
break;
case 's':
login = 1;
break;
case 'o':
only2600 = 1;
break;
default:
usage(argv[0]);
break;

}
}
if (only2600 && !login)
usage(argv[0]);

fprintf(stdout,"starting scan... \n");
fflush(stdout);

rdcopenfile(ipsfile);
for (xx = 0 ; xx < leen2 ; xx++)
RDCconnect2(bleh[xx], p0rt);
fprintf(stdout,"---------------------------------------------------------<[ end of scan\n");
}

char rdcopenfile(char g0d[257])
{
int x;

if ((file=fopen(g0d,"r")) == NULL)
{
printf("\nftpdse 0.1b by vENOMOUS of rdC - venomous@rdcrew.com.ar - 25/jul/00\n");
printf("\nCannot open file %s for reading\n\n", g0d);
exit(1);
}
for ( ; fgets(bleh[leen2], 190, file) != NULL ; leen2++);
fclose(file);
}

void RDCconnect2(char host[1000], int puerto)
{
char versi0n[5000];
int nmb;
struct sockaddr_in beb;
struct hostent *d0h;
// struct timeval timev;
beb.sin_family = AF_INET;
beb.sin_port = htons(puerto);
d0h = gethostbyname(host);
if (!d0h)
{
if ( (beb.sin_addr.s_addr = inet_addr(host)) == INADDR_NONE)
{
printf("\nftpdse 0.1b by vENOMOUS of rdC - venomous@rdcrew.com.ar - 25/jul/00\n");
printf("\nPut a correct address\n\n");
exit(0);
}
} else
{
bcopy( d0h->h_addr, (struct in_addr *) &beb.sin_addr, d0h->h_length);
}

strcpy(homer,"unable to connect: connection refused");
sockfd = socket(AF_INET, SOCK_STREAM,0);
fprintf(stdout,"\n---------------------------------------------------------<[ ip %s",host);
fflush(stdout);
signal(SIGALRM, sigh);
alarm(10);
if(connect(sockfd, (struct sockaddr *)&beb, sizeof(struct sockaddr)) < 0)
{
fprintf(stdout,"%s\n\n",homer);
fflush(stdout);
return;
}

alarm(0);
bzero(versi0n, sizeof(versi0n));

if ((nmb = recv(sockfd, versi0n, 5000, 0)) == -1)
{
fprintf(stdout,"Connection reset by peer?\n\n");
fflush(stdout);
return;
}

if (strlen(versi0n) == 0)
{
close(sockfd);
return;
}

if ((heh=checkresponse("versioncheck",versi0n)) != 1) return;

fprintf(stdout,"server's banner...\n%s\n",versi0n);
fflush(stdout);

if (only2600) // si es 1
{
if (strstr(versi0n,"2.6.0"))
login=1;
else login=0;
}

if (login)
{
int n;

fprintf(stdout,"login as ftp\n");
if ((n=ftp_command(sockfd,"USER ftp\n")) != 1) return;

fprintf(stdout,"sending password\n");
if ((n=ftp_command(sockfd, "PASS windows@2000.com\n")) != 1) return;

fprintf(stdout,"executing site exec...\n");
ftp_command(sockfd, "site exec %p\n");

fprintf(stdout,"disconnecting\n");
ftp_command(sockfd, "quit\n");
}
close(sockfd);
}

int ftp_command(int sox, char comando[1024])
{
char answer[5012]="";

send(sox,comando,strlen(comando),0);
sleep(1);
read(sox,answer,sizeof(answer));
fprintf(stdout,"response: \n%s\n", answer);
guia = checkresponse(comando,answer);
return guia;
}

int checkresponse(char com[1024], char respuesta[1024])
{
char *not_anon[128]= { "denied", "unknown", "not found", "USER anonymous" };
char *pass[128] = { "Can't set" };
char *version[128] = { "Microsoft", "WinSock", "NetWare", "Proxy Server" };
int x=0,
m=0;

if (strstr(com,"USER"))
{
for (x=0 ; x < sizeof(not_anon) ; x++)
{
if (not_anon[x] == NULL)
break;
}
for (m=0 ; m < x ; m++)
{
if (strstr(respuesta,not_anon[m]))
{
fprintf(stdout,"\nanonymous access not allowed in this host.\n\n");
close(sockfd);
return 0;
}
}
return 1;
}

if (strstr(com,"PASS"))
{
for (x=0 ; x < sizeof(pass) ; x++)
{
if (pass[x] == NULL)
break;
}
for (m=0 ; m < x ; m++)
{
if (strstr(respuesta,pass[m]))
{
fprintf(stdout,"\nincorrect password\n\n");
close(sockfd);
return 0;
}
}
return 1;
}

if (strstr(com,"versioncheck"))
{
for (x=0 ; x < sizeof(version) ; x++)
{
if (version[x] == NULL)
break;
}
for (m=0 ; m < x ; m++)
{
if (strstr(respuesta,version[m]))
{
fprintf(stdout,"skipping host cuz is running %s\n\n",version[m]);
close(sockfd);
return 0;
}
}
return 1;
}
}

void sigh()
{
strcpy(homer,"unable to connect: timeout");
close(sockfd);
}

void usage(char *damn)
{
printf("\n<[( ftpse 0.1b by vENOMOUS of rdC - venomous@rdcrew.com.ar - 25/jul/00 )]>\n");
printf("<[( usage:\n");
printf("<[( %s -f file [-p port] [-o] [-s] \n\n",damn);
printf("<[( -f file: file is the IPs file.\n");
printf("<[( -p port: port to connect to, default 21.\n");
printf("<[( -s: login and check site exec command\n");
printf("<[( -o: Only check siteexec command on wuftpd2.6.0\n");
exit(0);
}
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close