Is everyone using someone else's tools to invade, I am, but after learning, I always want to write some procedures yourself, then use it to invade, here is how to achieve your dreams. Today, what is going to demonstrate today, the recent SunOS_TELNET's wind fire. 1. Scan an IP segment, so you have to write an IP scanner 2.Telnet Banner Check, see the Telnet's reaction, so you have to write a System OS Check de Pneet OP. Telnet. 3. Test it with SunOS_Telnet, SUNOS_TELNET.EXE has downloaded. The first step: / * Simple TCP portscan * / / * only scan for an IP * / #include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define START_PORT 1 #define STOP_PORT 1024 struct sockaddr_in addr; / * struct sockaddr_in structure to define addr * / struct hostent * host; struct servent * reply; int sock, i; int start_port; / * start port * / int stop_port; / * End port * / int usage (char * pro) / * Help * / {Printf ("Simple TCP Scanner / N"); Printf ("Usage:% s
/ n ", pro); exit (1);} int Scan / * scan () scan * / {f ((SOCK = Socket (AF_INET, SOCK_STREAM, 0) <0) {/ * Establish Socket Descriptor * / printf ("scan errno -> socket / n"); exit (1);} addr.sin_family = AF_INET; addr.sin_port = HTONS (port); addr.sin_addr = * (Struct in_addr *) Host- > h_addr; if ((Sock, Sock, (Struct SockAddr *) & addr, sizeof (addr)) == 0) / * Establish a connection, judgment port * / return 0; / * success * / else return 1; / * Failure * /} int main (int Argc, char * argv []) / * main program * / {char * service; if (argc! = 4) USAGE (Argv [0]); start_port = atoi (argv [2] ); / * Convert Argv [2] into an integer * / stop_port = ATOI (Argv [3]); / * Convert Argv [3] into an integer * / if (strCMP (Argv [2], "-") = = 0 && Strcmp (Argv [3], "-") == 0) {/ * Contrast Argv [2] Argv [3] and "-" symbol * / start_port = start_port; / * If it is "-", The start port is equal to 1 * / stop_port = stop_port; / * If it is "-", the end port is equal to 1 * /} if (start_port> stop_port) {/ * If the start port is greater than the end port * / printf ("START Port Can not get tour./n "); usage (argv [0]); exit (1);} if ((Host = gethostByname) == null) {/ * with gethostbyname () Come getting the other party * / printf ("CAN't Get Host Info% S / N ", Argv [1]); Exit (1);} Printf (" scanning host% s from% D to% d ................. ..... / n ", argv [1], start_port, stop_port); for (i = start_port; i <= stop_port; i ) / * Connect each port using the for statement * / {IF (SCAN i) == 0) {reply = getServByport (Htons (i), "tcp"); / * Get port information with GetServbyport * / if (reply == null) / * Unable to get port information * / service = "UKNOWN" Else service = reply-> s_name; / * reply-> s_name is port service * / printf ("Port% 5D is open. / tservice <% s> / n", i, service);} close (SOCK);
} / ************************************************************************** ***************************** / understand the code above? If you don't understand, or write unsuccessful, use superscan, superscan scan results: * 209.249.191.73 | ___ 23 telnet | ___ ............ * 209.249.191.74 | ___ 23 Telnet * 209.249.191.75 | ___ 23 Telnet | ___ ...... # .. '* 209.249.191.76 | ___ 23 telnet | ___ ...... # ..' * 209.249 .191.77 | ___ 23 Telnet * 209.249.191.78 | ___ 23 Telnet | ___ ...... # .. '* 209.249.202.166 | ___ 23 telnet | ___ ...... # ..' * 209.249.202.167 | ___ 23 Telnet | ___ ...... # .. '* 209.249.202.168 | ___ 23 Telnet | ___ ...... # ..' * 209.249.242.3 | ___ 23 Telnet | ___ ............ * 209.249.242.14 | ___ 23 telnet | ___ .............. User Access Verification ... .Password: * 209.249.249.171 | ___ 23 Telnet | ___ ........ # .. '.. $ * 209.249.249.172 | ___ 23 Telnet | ___ ........ #. . '. $ Is not very annoying * and | ___ 23 telnet | ___ ........ # ..' .. All west, then write a program to get it, / *** ********************* SUPERSCAN CLEAR.C ********************************* / #includemain (int Argc, char * argv []) {file * in; / * inputfile definition * / file * out; / * OutputFile definition * / char buf [1024]; / * buffer * / in T i, j; if (argc <3) {printf ("USAGE:% s
", argv [0]); exit ();} in = fopen (argv [1]," r "); / * read file and error * / if (in == null) PUTS (" File Open Error ") OUT = FOPEN (Argv [2], "W"); / * Write the file and check the error * / if (out == null) PUTS ("File Write Error"); While (Fgets (Buf, 21, IN) ! = Null) / * Input string * / {for (i = 0; i <18; i ) {if (buf [i] == '*') / * string replace * / {for (j = 0 ; J <17; J ) {BUF [i j] = BUF [i 4 j];} BUF [i 17] = '/ n'; FPUTS (BUF, OUT); / * Writing * / }}} fclose (in); fclose (out);} / ****************************************** ************************************** / with TC to edit, you can achieve the best effect Use: c: /> Clear InputFile.txt OutputFile.txt InputFile is the SUPERSCAN Scan Result file OutputFile is the file to be generated after processing, and after generating the IP file step 2 returns Banner to the Telnet to determine the reverse system type. For example, C: /> Telnet 209.249.249.171 Sunos 5.8 login: thus judge the contrary system type. / *********************************** **************************************************************** / # include # include # Include
#include
#include
#include
#include
#include
#define port 23 / * Define port * / #define max 1024 / * buf length * / file * output; / * Define OutputFile * / Main (int Argc, char * argv []) {file * input; / * Definition InputFile * / char scan_ip [1024]; if (argc <4) {usage (argv [0]); exit (1);} if (argc == 4) {IF ((output = fopen (argv [2], "w")))) == null) {/ * created and written to file * / printf ("could not create the outputfile / n"); exit (2);} fputs ("/ n", output); if ("/ n", Output); if (Input = FOPEN (Argv [1], "R")) == NULL) {/ * read file * / printf ("could not read the inputfile / n"); exit (2);}} while (fscanf INPUT, "% s", & scan_ip)! = EOF) / * Read IP * / {Telnet_banner (Scan_IP, Argv [3]); / * Telnet_banner () Judgment System Type * /} EXIT (1);} int usage (Char * Pro) / * Help * / {Printf ("System OS Detector V0.1 / N"); Printf ("Welcome to www.9836.com / n"); Printf ("Usage:% s
/ N ", pro); Printf (" System OS 1. SUNOS 2. redhat 3. FreeBSD / N ");} Telnet_banner (char * ip, char * OS) {struct sockaddr_in addr; u_char buf [max]; int SOCK , Size, I; IF ((SOCK = Socket, Sock_Stream, Ipproto_TCP) == -1) {Printf ("Socket Failt"); exit (1);} addr.sin_family = AF_INET; addr.sin_port = htons (Port); addr.sin_addr.s_addr = inet_addr (ip); if (connect (STRUCK, STRUCKADDR *) & addr, sizeof (addr)) == -1) {Printf ("Connect Failt"); Exit (1 );} while (1) {/ * receives Banner's loop * / Memset (buf, 0, sizeof (buf)); / * BUF content is 0 * / if ((size = read (Sock, BUF, 1 )) <= 0) / * Read the first word from the SOCK buffer * / BREAK; / * Wait for reception * / if (* buf == (unsigned int) 255) {/ * how to empty, Read 2 words * / read (SOCK, (BUF 1), 2); if (* (BUF 1) == (Unsigned int) 253 &&! (U_char) * (BUF 2)); Else IF ((U_CHAR) * (BUF 1) == (unsigned int) 253) {/ * If the content of BUF [1] is 253, set BUF [1] to 252, write SOCK buffer * / * (buf 1) = 252; Write (SOCK, BUF, 3);}} else {if (* buf! = 0) {BZERO (BUF, SIZEOF (BUF)); Read (Sock, BUF, SIZEOF (BUF)); Close (SOCK); IF (* OS == 49) / * System OS is 1 * / IF (strstr (buf, "sunos")! = 0) {fprintf (Output, "* scanhost% s", IP); buf [12] = BUF [14]; FPRINTF (Output, "/ TOS:% S", (BUF 3)); / * Write file * /} if (* OS == 50) / * SYSTEM OS 2 * / IF (strstr (BUF, "Red Hat")! = 0) {FPRINTF (Output, "* ScanHost% S", IP); BUF [39] = '; fprintf (Output, "/ TOS:% S", (BUF 1));} If (* OS == 51) / * System OS is 3 * / if (strstr (buf, "freebsd")! = 0) {FPRINTF (Output, "* scanhost% s", IP); BUF [20] = BUF [27]; fprintf (Output, "
/ TOS:% S / N ", (BUF 1));}}}}} / ************************************** ******************************************************* / Usage Method $ ./Detector usage: ./dtectopsystemos: 1. Sunos 2. Red Hat 3. Freebsd ./detector 1.txt 2.txt 1 1.txt is the processed SuperScan scan file. 2.Txt is the file used with Detector. 1 Detects to find SunOS, 2 means redhat, 3 means FreeBSD processing * ScanHost 209.249.249.171 OS: SunOS 5.8 * ScanHost 209.249.249.172 OS: SunOS 5.8 is at a glance.
