编写Wu-ftp漏洞扫描器

来源:本站
导读:目前正在解读《编写Wu-ftp漏洞扫描器》的相关信息,《编写Wu-ftp漏洞扫描器》是由用户自行发布的知识型内容!下面请观看由(电工技术网 - www.9ddd.net)用户发布《编写Wu-ftp漏洞扫描器》的详细说明。
简介:大家好。朋友们可能都知道wu-ftp的格式化漏洞吧,呵呵,网络上的破坏程序多的是。有了破坏程序,可是怎么找目标一试身手呢。

因为我的工作平台是linux,所以扫描程序丰富程度比起windows下的逊多了。看着那些简单操作的软件,口水都流下来了(太夸张了!@~!#@!#)。所以,我只好自己动手写了一个扫描匿名ftp服务器的扫描器,是一个多线程的程序(不过扫描部分是从书上copy来的,可还是费了我不少工夫,总算学会了多线程编程)。可惜,它很傻,不能分辨是微软的ftp还是unix的ftp。哎,我现在比较忙,先写出来用了在说,等以后有时间我在加些像流光那样的ftp简单探测功能吧。以下是源程序。参数s是开始的ip,参数e是结束的ip,参数o是扫描结果存放的文件,假如不加的话,默认的文件名是host。因为比较懒,所以没有写ip的转换函数,也就是大家只能写数字ip了。不过大家有源码,可以自己加吗。顺便附加一个在www.hack.co.za上找到的wu-ftp的exploit程序。针对linux(版本<=6.2)和freebsd的。

eg. #./scanftp -s 127.0.0.1 -e 127.0.65.255 -o host1

#include<pthread.h>

#include<sys/time.h>

#include<sys/types.h>

#include<sys/socket.h>

#include<netinet/in.h>

#include<arpa/inet.h>

#include<unistd.h>

#include<fcntl.h>

#include<string.h>

#include<errno.h>

#include<stdio.h>

#include<stdlib.h>

#include<string.h>

#define BUF_LEN 255

#define THREADNUM 100 /*你想开的线程数,我的猫是56k的,memory是64,cpu比较惨超频的赛扬450,我开*/ /*100个线程时,cpu已全力运行,memory还有的剩,假如大家的机器比较爽,带宽*/ /* 较大,那就可以多开了。视你自己的情况而定了。*/

#define NORM "33[0m"

#define GREEN "33[32m"

#define RED "33[31m"

#define BLUE "33[34m"

#define BROWN "33[33m"

#define time 10

extern int errno;

uint32_t startip,endip,k;

pthread_t thread[THREADNUM];

pthread_mutex_t mut=PTHREAD_MUTEX_INITIALIZER;

pthread_mutex_t file=PTHREAD_MUTEX_INITIALIZER;

char *filename="host";

void usage(char *progname)

{

printf(BLUE " Scananonymousftp is beta 1.0nn"

RED " 2001 by Tang Jing biao and cpunn"

GREEN "usage: " NORM "%s [-s startip] [-e endip] [-o filename] [-h help]nn",

progname

);

exit(-1);

}

void filewrite(char *name,char *ip)

{

char *p1,*p2,*p3;

FILE *fd;

int len1,len2;

p1=name;

p2=ip;

p3="n";

printf("Ip is written!n");

if((fd=fopen(p1,"r+t"))==NULL)

{

printf("Reading file was failed!n");

exit(0);

}

fseek(fd,0L,SEEK_END);

len1=strlen(p2);

len2=strlen(p3);

fwrite(p2,sizeof(char),len1,fd);

fwrite(p3,sizeof(char),len2,fd);

if(fclose(fd))

printf("The file is not closed!n");

}

void *scanhost()

{

struct sockaddr_in saddr;

int sockfd,flags,len,error,status,temp;

char buf[BUF_LEN],*hostip;

struct timeval timeout={time,0};

fd_set wmask,rmask;

saddr.sin_port=htons(21);

saddr.sin_family=AF_INET;

pthread_mutex_lock(&mut);

while(k<=endip)

{

saddr.sin_addr.s_addr=htonl((uint32_t)k);

pthread_mutex_unlock(&mut);

if((sockfd=socket(AF_INET,SOCK_STREAM,0))<0)

{

printf("Socket error!n");

exit(-1);

}

printf("scanthread%d is scanning...%s at %dn",pthread_self(),inet_ntoa(saddr.sin_addr),sockfd);

fflush(stdout);

FD_ZERO(&wmask);

FD_SET(sockfd,&wmask);

rmask=wmask;

timeout.tv_sec=time;

timeout.tv_usec=0;

status=fcntl(sockfd,F_GETFL);

fcntl(sockfd,F_SETFL,status|O_NONBLOCK);

temp=connect(sockfd,(struct sockaddr *)&saddr,sizeof(saddr));

if(temp<0)

{

flags=select(sockfd+1,&rmask,&wmask,(fd_set *)NULL,&timeout);

if(flags<=0)

{

close(sockfd);

pthread_mutex_lock(&mut);

k++;

continue;

}

if(FD_ISSET(sockfd,&rmask)||FD_ISSET(sockfd,&wmask))

{

if(FD_ISSET(sockfd,&rmask)&&FD_ISSET(sockfd,&wmask))

{

len=sizeof(error);

temp=getsockopt(sockfd,SOL_SOCKET,SO_ERROR,&error,&len);

if((temp!=0)||(error!=0))

{

close(sockfd);

pthread_mutex_lock(&mut);

k++;

continue;

}

}

}

}

bzero(buf,BUF_LEN);

fcntl(sockfd,F_SETFL,status);

if((len=read(sockfd,buf,BUF_LEN))>=0)

{

if(strncmp(buf,"220",3)==0)

{

write(sockfd,"user anonymousn",15);

if((len=read(sockfd,buf,BUF_LEN))>=0)

{

if(strncmp(buf,"331",3)==0)

{

write(sockfd,"pass shit@n",11);

if((len=read(sockfd,buf,BUF_LEN))>=0)

{

if(strncmp(buf,"230",3)==0)

{

printf("%d HaHa! find ! Ip is %sn",pthread_self(),inet_ntoa(saddr.sin_addr));

hostip=inet_ntoa(saddr.sin_addr);

pthread_mutex_lock(&file);

filewrite(filename,hostip);

pthread_mutex_unlock(&file);

fflush(stdout);

close(sockfd);

}

}

}

}

}

}

close(sockfd);

pthread_mutex_lock(&mut);

k++;

}

pthread_mutex_unlock(&mut);

pthread_exit(NULL);

}

int create_thread()

{

int i=0,temp;

for(i=0;i<THREADNUM;i++)

{

pthread_mutex_lock(&mut);

if(k>endip)

{

pthread_mutex_unlock(&mut);

break;

}

pthread_mutex_unlock(&mut);

pthread_create(&thread[i],NULL,scanhost,NULL);

pthread_mutex_lock(&mut);

k++;

pthrea d_mutex_unlock(&mut);

}

temp=i;

for(i=0;i<temp;i++)

{

pthread_join(thread[i],NULL);

printf("scanthread %d is closed!n",i);

}

return i;

}

int main(int argc,char *argv[])

{

char c ;

FILE *fdmain;

int thnum;

if(argc<2)

{

printf("Please input parameter! Type -hn");

exit(0);

}

while ((c = getopt(argc, argv, "s:e:o:h")) != EOF)

{

switch (c)

{

case 's':

startip=ntohl(inet_addr(optarg));

break;

case 'e':

endip=ntohl(inet_addr(optarg));

break;

case 'o':

filename = optarg;

break;

case 'h':

usage(argv[0]);

break;

default:

break;

}

}

if(startip>endip)

{

k=startip;

startip=endip;

endip=k;

}

k=startip;

if((fdmain=fopen(filename,"w+t"))==NULL)

{

printf("The file was not opened!!!!!n");

exit(0);

}

fclose(fdmain);

printf("The main process created %d thread n",THREADNUM);

pthread_mutex_init(&mut,NULL);

pthread_mutex_init(&file,NULL);

thnum=create_thread();

printf("The main process is closed.n");

}

提醒:《编写Wu-ftp漏洞扫描器》最后刷新时间 2024-03-14 01:03:16,本站为公益型个人网站,仅供个人学习和记录信息,不进行任何商业性质的盈利。如果内容、图片资源失效或内容涉及侵权,请反馈至,我们会及时处理。本站只保证内容的可读性,无法保证真实性,《编写Wu-ftp漏洞扫描器》该内容的真实性请自行鉴别。

上一篇Linux下的多进程编程初步

下一篇Linux系统下烧录单片机

相关内容