568.htm

unix高级编程原吗

    char *  targetIp; <br>
    struct ipoctet  *ipstart, *ipend; <br>

    struct ipocteti  ipstarti, ipendi; <br>
    if ( argc < 5 ) <br>
    { <br>
        fprintf( stderr, "Usage: %s <startIp> <endIp> <rpcServerNumber> <rpc <br>
Serv <br>
erVer> [ <timeout> ]\n", argv[0] ); <br>
        exit( -1 ); <br>
    } <br>
    /* 简单地检查一下命令行参数是否合法 */ <br>
    if ( ( strlen( argv[1] ) > MAX_IP_LEN ) || ( strlen( argv[2] ) > MAX_IP_ <br>
LEN <br>
) ) <br>
    { <br>
        fprintf( stderr, "Usage: %s <startIp> <endIp> <rpcServerNumber> <rpc <br>
Serv <br>
erVer> [ <timeout> ]\n", argv[0] ); <br>
        exit( -1 ); <br>
    } <br>
    /* 初始化 */ <br>
    if ( argc > 5 ) <br>
    { <br>
        timeout = ( unsigned int )strtoul( argv[5], NULL, 10 ); <br>

        if ( timeout == 0 ) <br>
        { <br>
            timeout = DEFAULTTIMEOUT; <br>
        } <br>
    } <br>
    progNumber = strtoul( argv[3], NULL, 10 ); <br>
    progVer    = strtoul( argv[4], NULL, 10 ); <br>
    i          = 0; <br>
    j          = 0; <br>
    ipstart    = ( struct ipoctet * )malloc( sizeof( struct ipoctet ) ); <br>
    ipend      = ( struct ipoctet * )malloc( sizeof( struct ipoctet ) ); <br>
    while ( argv[1][i] != '.' ) <br>
    { <br>
        ipstart->a[ j++ ] = argv[1][ i++ ]; <br>
    } <br>
    ipstart->a[j] = '\0'; <br>
    j = 0; <br>
    i++; <br>
    while ( argv[1][i] != '.' ) <br>
    { <br>
        ipstart->b[ j++ ] = argv[1][ i++ ]; <br>
    } <br>
    } <br>
    ipstart->b[j] = '\0'; <br>
    j = 0; <br>
    i++; <br>
    while ( argv[1][i] != '.' ) <br>
    { <br>
        ipstart->c[ j++ ] = argv[1][ i++ ]; <br>
    } <br>
    ipstart->c[j] = '\0'; <br>
    j = 0; <br>
    i++; <br>
    while ( argv[1][i] != '\0' ) <br>
    { <br>
        ipstart->d[ j++ ] = argv[1][ i++ ]; <br>
    } <br>
    ipstart->d[j] = '\0'; <br>
    i = 0; <br>
    j = 0; <br>
    while ( argv[2][i] != '.' ) <br>
    { <br>
        ipend->a[ j++ ] = argv[2][ i++ ]; <br>
    } <br>
    ipend->a[j] = '\0'; <br>

    j = 0; <br>
    i++; <br>
    while ( argv[2][i] != '.' ) <br>
    { <br>
        ipend->b[ j++ ] = argv[2][ i++ ]; <br>
    } <br>
    ipend->b[j] = '\0'; <br>
    j = 0; <br>
    i++; <br>
    while ( argv[2][i] != '.' ) <br>
    { <br>
        ipend->c[ j++ ] = argv[2][ i++ ]; <br>
    } <br>
    ipend->c[j] = '\0'; <br>
    j = 0; <br>
    i++; <br>
    while ( argv[2][i] != '\0' ) <br>
    { <br>
        ipend->d[ j++ ] = argv[2][ i++ ]; <br>
    } <br>
    ipend->d[j] = '\0'; <br>
    /* Convert to integer values and store in struct */ <br>

    if ( ipstart->a != NULL ) <br>
    { <br>
        ipstarti.a = atoi( ipstart->a ); <br>
    } <br>
    if ( ipstart->b != NULL ) <br>
    { <br>
        ipstarti.b = atoi( ipstart->b ); <br>
    } <br>
    if ( ipstart->c != NULL ) <br>
    { <br>
        ipstarti.c = atoi( ipstart->c ); <br>
    } <br>
    if ( ipstart->d != NULL ) <br>
    { <br>
        ipstarti.d = atoi( ipstart->d ); <br>
    } <br>
    if ( ipend->a != NULL ) <br>
    { <br>
        ipendi.a = atoi( ipend->a ); <br>
    } <br>
    if ( ipend->b != NULL ) <br>
    { <br>
    { <br>
        ipendi.b = atoi( ipend->b ); <br>
    } <br>
    if ( ipend->c != NULL ) <br>
    { <br>
        ipendi.c = atoi( ipend->c ); <br>
    } <br>
    if ( ipend->d != NULL ) <br>
    { <br>
        ipendi.d = atoi( ipend->d ); <br>
    } <br>
    free( ipend ); <br>
    free( ipstart ); <br>
    fprintf( stderr, "[ Scanning from %d.%d.%d.%d --> %d.%d.%d.%d ]\n", <br>
             ipstarti.a, ipstarti.b, ipstarti.c, ipstarti.d, <br>
             ipendi.a, ipendi.b, ipendi.c, ipendi.d ); <br>
    for ( a = ipstarti.a; a <= ipendi.a; a++ ) <br>
    { <br>
        for ( b = ipstarti.b; b <= ipendi.b; b++ ) <br>
        { <br>
            for ( c = ipstarti.c; c <= ipendi.c; c++ ) <br>
            { <br>
                for ( d = ipstarti.d; d <= ipendi.d; d++ ) <br>

                { <br>
                    targetIp = ( char * )malloc( 17 ); <br>
                    sprintf( targetIp, "%d.%d.%d.%d", a, b, c, d ); <br>
                    fprintf( stderr, "." ); <br>
                    if ( ( progPort = rpcServerQuery( targetIp, progNumber, <br>
prog <br>
Ver ) ) ) <br>
                    { <br>
                        fprintf( stderr, "\n[ %s : %u found ]\n", targetIp, <br>
prog <br>
Port ); <br>
                    } <br>
                    free( targetIp ); <br>
                } <br>
            } <br>
        } <br>
    } <br>
    fprintf( stderr, "\n[ Scan finished ]\n" ); <br>
    return( 0 ); <br>
}  /* end of main */ <br>
[scz@ /home/scz/src/rpc]> ./rpcscan 192.168.67.100 192.168.67.125 100003 2 3 <br>
  <br>
  <br>
[ Scanning from 192.168.67.100 --> 192.168.67.125 ] <br>
........ <br>
[ 192.168.67.107 : 2049 found ] <br>
. <br>
[ 192.168.67.108 : 2049 found ] <br>
................. <br>
[ Scan finished ] <br>
[scz@ /home/scz/src/rpc]> <br>
下面是进行rpc.cmsd的扫描结果之一，本身并不说明什么，我也没有告诉你 <br>
什么，仅仅是演示一下刚才给出的程序的效果。不要闲得没事了用这个程序瞎 <br>
扫描，确定自己能进行有效攻击才去扫描特定的rpc server，否则有什么意义。 <br>
不是教你攻击，而是教你网络编程，你攻击失败不要问我技术问题，我可不是 <br>
黑客，也不是系统管理员/网络管理员，仅仅是个小小Unix程序员，do u see。 <br>
[scz@ /home/scz/src/rpc]> ./rpcscan *.*.*.1 *.*.*.254 100068 3 5 <br>
[ Scanning from *.*.*.1 --> *.*.*.254 ] <br>
............................................................................ <br>
.... <br>
................................................... <br>
[ *.*.*.131 : 56614 found ] <br>
.. <br>
[ *.*.*.133 : 32780 found ] <br>
. <br>
. <br>
[ *.*.*.134 : 43580 found ] <br>
...... <br>
[ *.*.*.140 : 32794 found ] <br>
.. <br>
[ *.*.*.142 : 32778 found ] <br>
.................. <br>
[ *.*.*.160 : 32778 found ] <br>
...... <br>
[ *.*.*.166 : 35934 found ] <br>
............................................................................ <br>
.... <br>
........ <br>
[ Scan finished ] <br>
[scz@ /home/scz/src/rpc]> rpcinfo -p *.*.*.131 <br>
   program vers proto   port <br>
    100000    4   tcp    111  rpcbind <br>
    ... ... <br>
    100232   10   udp  32772  sadmind <br>
    100011    1   udp  32773  rquotad <br>
    ... ... <br>
    100002    3   tcp  32771  rusersd <br>
    100012    1   udp  32775  sprayd <br>

    100008    1   udp  32776  walld <br>
    ... ... <br>
    100001    4   udp  32777  rstatd <br>
    100083    1   tcp  32772 <br>
    100221    1   tcp  32773 <br>
    100235    1   tcp  32774 <br>
    100068    2   udp  32778 <br>
    100068    3   udp  32778 <br>
    100068    4   udp  32778 <br>
    100068    5   udp  32778 <br>
    300326    4   tcp  32775 <br>
    ... ... <br>
    100021    4   tcp   4045  nlockmgr <br>
    100024    1   udp  32789  status <br>
    100024    1   tcp  32778  status <br>
    100133    1   udp  32789 <br>
    100133    1   tcp  32778 <br>
    300598    1   udp  32795 <br>
    300598    1   tcp  32779 <br>
 805306368    1   udp  32795 <br>
 805306368    1   tcp  32779 <br>
    100249    1   udp  32796 <br>

    100249    1   tcp  32780 <br>
1289637086    4   tcp  32786 <br>
    ... ... <br>
    100068    2   tcp  56614 <br>
    100068    3   tcp  56614 <br>
    100068    4   tcp  56614 <br>
    100068    5   tcp  56614 <br>
[scz@ /home/scz/src/rpc]> <br>
这台主机比较酷，什么服务都敢开，不要命了。注意到不同底层支持和不同版本的 <br>
rpc.cmsd很多。 <br>
后记： <br>
    这个版本可能是目前为止比较实用的一个rpc scan程序了。个人用了一下觉得效果 <br>
  <br>
    还不错，有什么建议欢迎到木棉站socket编程特区讨论。 <br>
scz < mailto: cloudsky@263.net > <br>
2000.02.24 16:32 (待续) <br>
-- <br>
            我问飘逝的风：来迟了？ <br>
            风感慨：是的，他们已经宣战。 <br>
            我问苏醒的大地：还有希望么？ <br>
            大地揉了揉眼睛：还有，还有无数代的少年。 <br>
            我问长空中的英魂：你们相信？ <br>

            英魂带着笑意离去：相信，希望还在。 <br>
※ 来源:．武汉白云黄鹤站 bbs.whnet.edu.cn．[FROM: 203.207.226.124] <br>
  <br>
</small><hr>
<p align="center">[<a href="index.htm">回到开始</a>][<a href="15.htm">上一层</a>][<a href="569.htm">下一篇</a>]
<p align="center"><a href="http://cterm.163.net">欢迎访问Cterm主页</a></p>
</table>
</body>
</html>