Wu-ftpd 2.6.0 mass scanner.
aa2dc9d24e9555a64b9794199e3fb1801e88083d39017b468c5588cbcd4b3c41/*
* WUFTPD 2.6.0 VULNERABILITY SCANNER
* by rasch [Adr017 crew]
* adr017@inorbit.com
*
* This program will check for the presence of wu-ftpd 2.6.0 on
* a single host or a number of hosts listed in a file. If the
* -f [get_ips_from_file] option is given it will dump the ips
* of the hosts running wu-ftpd 2.6.0 to the output file you've
* specified. Otherwise if -s [ for single host scan ] is given
* it will print the result of the scan on the screen.
*
*
* BTW a remote root exploit for Wuftpd 2.6.0 is available by tf8
* so you may find this scanner very useful.
*
* Greetz go to my crew!
* <-nj0y!
*/
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#define PORT 21
#define MAXDATASIZE 1200
#define LIGHT_BLUE "\033[36m"
#define NORMAL "\033[0m"
char opt;
void usage (char *progname)
{
printf("\n\t\twu-ftpd-2.6.0 scan by rasch / "LIGHT_BLUE"Adr017"NORMAL"(c)rew");
printf("\n Usage: \n");
printf(" %s -s 192.168.5.1 [single host scan] \n", progname);
printf(" %s -f infile outfile [get the IPs from a file] \n\n", progname);
exit(1);
}
int if_vuln(char *host)
{
int sockfd,reccnt;
char buffer[MAXDATASIZE];
struct sockaddr_in address;
struct hostent *he;
if ((he=gethostbyname(host)) == NULL) {
if (opt == 's') {
printf("\nHost name lookup failure\n\n");
exit(1);
}
return 0;
}
sockfd = socket(AF_INET, SOCK_STREAM, 0);
if(sockfd < 0) {
printf("\nSocket error\n\n");
exit(1);
}
address.sin_family = AF_INET;
address.sin_addr = *((struct in_addr *)he->h_addr);
address.sin_port = htons(PORT);
bzero(&(address.sin_zero), 8);
if(connect(sockfd, (struct sockaddr *)&address, sizeof(address)) == -1)
{
if (opt == 's') {
printf(" \nError connecting to host or service not available\n\n");
exit(1);
}
close(sockfd);
return 0;
}
reccnt=recv(sockfd, buffer, MAXDATASIZE, 0);
buffer[reccnt] = '\0';
close(sockfd);
if(strstr(buffer, "wu-2.6.0"))
return 1;
else
return 0;
}
void read_n_write(char *infile, char *outfile)
{
FILE *iff, *of;
char linebuf[512];
if((iff=fopen(infile,"r")) == NULL)
return;
while(fgets(linebuf,512,iff) != NULL) {
if(linebuf[strlen(linebuf)-1]=='\n')
linebuf[strlen(linebuf)-1]=0;
if(if_vuln(linebuf) == 1 && (of=fopen(outfile,"a")) != NULL) {
linebuf[strlen(linebuf)+1]=0;
linebuf[strlen(linebuf)]='\n';
fputs(linebuf,of);
fclose(of);
}
}
fclose(iff);
}
int main(int argc, char *argv[])
{
if (argc < 3)
usage(argv[0]);
if (argv[1][0] != '-') {
printf("\nPlease pass an argument preceded with a - \n\n");
exit(1);
}
opt = argv[1][1];
if (opt != 's' && opt != 'f') {
printf("\nUnknown option!\n\n");
exit(1);
}
if (opt == 's')
{
if (if_vuln(argv[2]) == 1)
{
printf("\nHost "LIGHT_BLUE"VULNERABLE"NORMAL" .. enJoy!\n");
printf(" ^^^^^^^^^^\n");
exit(0);
}
else
{
printf("\nHost NOT vulnerable .. sorry \n\n");
exit(0);
}
}
if (opt == 'f')
{
read_n_write(argv[2],argv[3]);
return 1;
}
}
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed