TUCoPS :: Linux :: Discontinued
:: cbind.c
Cdgxn-Bsd
Scans machines for the BIND NXT vulnerability.
Cdgxn-Secure is a Local Linux Security Auditing tool that
scans for a number of different vulnerabilities a variety
of ways. It will also help determine if you've been
compomrised already.
|
/* BIND NXT vulnerable SCANNER - CBIND */
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <wait.h>
#include <netdb.h>
#include <string.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <sys/stat.h>
#include <sys/socket.h>
#include <netinet/in.h>
/* DO NOT EDIT THIS LINE */
#define SCAN_EXE "./nmap -p 53 "
/* EDIT: directory of NMAP */
#define SCAN_DIR "/home/lb0gspm/tmp/nmap/"
/* EDIT: directory of CBIND and it's temporary files */
#define CBIND_DIR "/home/lb0gspm/tmp/cbind/"
#define R1_DIR "/home/lb0gspm/tmp/cbind/result1.cbind"
#define R2_DIR "/home/lb0gspm/tmp/cbind/result2.cbind"
int Scan( char *ip );
char *GetSubnet( char *ip );
char *ChangeSubnet( char *ip, char *subnet );
char *itoa( int i );
int main( int argc, char *argv[] )
{
struct in_addr addr;
struct hostent *host_entry;
unsigned short int option[3], i, wait_st;
unsigned char *name;
unsigned char *cmd;
unsigned char *ip, *subnet, *ip_s;
unsigned char *temp;
FILE *fp;
printf( "Check BIND v 2.00b \n" );
printf( "Bind NXT vulnerablity scanner\n\n" );
name = (char *)malloc( 200 );
ip = (char *)malloc( 16 );
ip_s = (char *)malloc( 16 );
subnet = (char *)malloc( 4 );
cmd = (char *)malloc( 50 );
if( argc == 1 )
{
printf( "Options: \n" );
printf( " -s SUB-NET SCAN ( SLOW BUT HIGH PRECISE )\n" );
printf( " -f SUB-NET SCAN ( FAST BUT LOW PRECISE / NMAP REQUIRE )\n" );
printf( " -i PRINT INFOMATION\n\n" );
printf( "Examples: \n" );
printf( " cbind victim.com ( IT WILL SCAN IF TARGET IS VULNERABLE OR NOT )\n" );
printf( " cbind victim.com -s ( IT WILL SCAN ALL SUB-NETs IN DETAIL )\n" );
printf( " cbind -f victim.com ( IT WILL SCAN SUB-NETs LOW PRECISE )\n\n" );
exit(0);
} else {
option[0] = 0;
option[1] = 0;
option[2] = 0;
for( i = 1; i < argc; i++ )
{
if( strcmp( argv[i], "-s" ) == 0 )
{
if( option[2] == 1 )
{
printf( "Can not use options -s, -f at the same time.\n" );
exit(0);
}
if( option[0] == 1 )
{
printf( "Can not use option -s with -i.\n" );
exit(0);
}
printf( "Sub-net( high precise ) scan mode ACTIVATED.\n" );
printf( "It can takes long.\n\n" );
option[1] = 1;
continue;
}
if( strcmp( argv[i], "-f" ) == 0 )
{
if( option[1] == 1 )
{
printf( "Can not use options -s, -f at the same time.\n" );
exit(0);
}
if( option[0] == 1 )
{
printf( "Can not use options -f with -i.\n" );
exit(0);
}
printf( "Sub-net( low precise ) scan mode ACTIVATED.\n" );
printf( "It require NMAP 2.07 or higher version.\n\n" );
option[2] = 1;
continue;
}
if( strcmp( argv[i], "-i" ) == 0 )
{
if( (option[1] == 1) || (option[2] == 1) )
{
printf( "Can not use option -i with -s(or -f).\n" );
exit(0);
}
option[0] = 1;
continue;
}
strcpy( name, argv[i] );
}
}
if( geteuid() != 0 )
{
printf( "Error! You are not ROOT!\n" );
exit(0);
}
if( (name[0] <= '0') || (name[0] >= '9') )
{
host_entry = gethostbyname( name );
if( host_entry == NULL )
{
if( option[0] != 1 ) {
printf( "Can not scan %s.\n", name );
exit(0);
}
}
if( option[0] != 1 ) {
addr = *((struct in_addr *)host_entry->h_addr);
ip = (unsigned char *)inet_ntoa( addr );
subnet = GetSubnet( ip );
}
}
if( (name[0] >= '0') && (name[0] <= '9') )
{
host_entry = gethostbyaddr( name, strlen(name), AF_INET );
if( host_entry == NULL )
{
if( option[0] != 1 ) {
printf( "Can not scan %s.\n", name );
exit(0);
}
}
if( option[0] != 1 ) {
addr = *((struct in_addr *)host_entry->h_addr);
ip = (unsigned char *)inet_ntoa( addr );
subnet = GetSubnet( ip );
}
}
if( (option[1] == 0) && (option[2] == 0) && (option[0] != 1) )
{
Scan( ip );
printf( "Scanning Done.\n" );
remove( R1_DIR );
remove( R2_DIR );
exit(0);
}
if( option[1] == 1 )
{
for( i = 0; i < 256; i++ )
{
if( fork() == 0 )
{
strcpy( subnet, itoa( i ) );
ip_s = ChangeSubnet( ip, subnet );
Scan( ip_s );
remove( R1_DIR );
remove( R2_DIR );
exit(0);
} else {
wait( NULL );
}
continue;
}
printf( "Scanning Done.\n" );
exit(0);
}
if( option[2] == 1 )
{
strcpy( cmd, SCAN_EXE );
strcat( cmd, name );
strcat( cmd, "/24" );
strcat( cmd, " > " );
strcat( cmd, R1_DIR );
chdir( SCAN_DIR );
system( cmd );
strcpy( cmd, "grep \"Interesting\" " );
strcat( cmd, R1_DIR );
strcat( cmd, " > " );
strcat( cmd, R2_DIR );
system( cmd );
if( ( fp = fopen( R2_DIR, "r" ) ) < 0 )
{
printf( "File Open Error!\n" );
exit(0);
}
while( 1 )
{
bzero( name, 200 );
temp = (char *)malloc( 200 );
strcpy( temp, " " );
temp = fgets( temp, 100, fp );
if( temp == NULL ) break;
if( temp[21] == ' ' )
{
for( i = 0; i < 16; i++ )
{
if( (temp[i+23] != ' ') && (temp[i+23] != ')') )
{
if( (temp[i+23] >= '0') && (temp[i+23] <= '9') )
{
name[i] = temp[i+23];
} else {
if( temp[i+23] == '.' )
name[i] = temp[i+23];
}
}
}
}
if( temp[21] != ' ' )
{
for( i = 0; i < 50; i++ )
{
if( temp[i+21] != ' ' ) name[i] = temp[i+21];
}
}
Scan( name );
free(temp);
}
remove( R1_DIR );
remove( R2_DIR );
}
if( option[0] == 1 )
{
printf( "Creator : Laks Bluesky\n" );
printf( "E-mail : lb0gspm@hanmail.net\n\n" );
printf( "Version : 2.00 beta\n\n" );
printf( "2000.06.19\n" );
exit(0);
}
}
char *itoa( int i )
{
char *ret;
char c;
int count;
ret = (char *)malloc( 4 );
count = 1;
if( i > 9 ) count = 2;
if( i > 99 ) count = 3;
if( count == 1 )
{
c = i+48;
ret[0] = c;
ret[1] = '\0';
return ret;
}
if( count == 2 )
{
c = i / 10;
i = i - (c*10);
ret[0] = c+48;
ret[1] = i+48;
ret[2] = '\0';
return ret;
}
if( count == 3 )
{
c = i / 100;
i = i - (c*100);
ret[0] = c+48;
c = i / 10;
i = i - (c*10);
ret[1] = c+48;
ret[2] = i+48;
ret[3] = '\0';
return ret;
}
}
char *ChangeSubnet( char *ip, char *subnet )
{
char *ip_s;
int count = 0, i = 0;
ip_s = (char *)malloc( 16 );
strcpy( ip_s, ip );
for( count = 0; count != 3; count = count )
{
if( ip_s[i] == '.' )
{
count++;
i++;
continue;
}
i++;
}
ip_s[i++] = subnet[0];
ip_s[i++] = subnet[1];
ip_s[i++] = subnet[2];
ip_s[i++] = subnet[3];
return ip_s;
}
char *GetSubnet( char *ip )
{
char *ret;
int count = 0, i = 0;
ret = (char *)malloc( 4 );
for( count = 0; count != 3; count = count )
{
if( ip[i] == '.' )
{
count++;
i++;
continue;
}
i++;
}
ret[0] = ip[i++];
ret[1] = ip[i++];
ret[2] = ip[i++];
ret[3] = ip[i++];
return ret;
}
int Scan( char *ip )
{
unsigned short int i;
unsigned char c;
unsigned char *cmd;
unsigned char *version;
FILE *fp;
struct stat result;
cmd = (char *)malloc( 200 );
version = (char *)malloc( 9 );
printf( "Scanning... %s\n", ip );
strcpy( cmd, "dig @" );
strcat( cmd, ip );
strcat( cmd, " version.bind chaos txt > " );
strcat( cmd, R1_DIR );
strcat( cmd, " 2> /dev/null" );
system( cmd );
strcpy( cmd, "grep \"VERSION.BIND.\" " );
strcat( cmd, R1_DIR );
strcat( cmd, " > " );
strcat( cmd, R2_DIR );
system( cmd );
stat( R2_DIR, &result );
if( result.st_size < 30 )
{
chdir( CBIND_DIR );
return 0;
}
if( ( fp = fopen( R2_DIR, "r" ) ) >= 0 )
{
for( i = 0; i < 29; i++ )
{
c = fgetc( fp );
}
for( i = 0; i < 9; i++ )
{
c = fgetc( fp );
if( c == '"' )
{
version[i] = '\0';
break;
}
version[i] = c;
}
} else {
chdir( CBIND_DIR );
return 0;
}
if( strcmp( version, "8.2" ) == 0 )
{
printf( "%s: IT IS VULNERABLE! ", ip );
printf( "Try it. :)\n" );
chdir( CBIND_DIR );
return 0;
}
if( strcmp( version, "8.2.1" ) == 0 )
{
printf( "%s: IT IS VULNERABLE! ", ip );
printf( "Try it. :)\n" );
chdir( CBIND_DIR );
return 0;
}
if( strcmp( version, "8.2.2" ) == 0 )
{
printf( "%s: IT IS VULNERABLE! ", ip );
printf( "Try it. :)\n" );
chdir( CBIND_DIR );
return 0;
}
if( strcmp( version, "8.2.2-P5" ) == 0 )
{
chdir( CBIND_DIR );
return 0;
}
if( strcmp( version, "8.1.2" ) == 0 )
{
chdir( CBIND_DIR );
return 0;
}
chdir( CBIND_DIR );
return 0;
}
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
