snmp.c
上传用户:lewson58
上传日期:2007-01-05
资源大小:7k
文件大小:17k
- /*********** ADMsnmp (c) The ADM Crew ***************/
- /* snmp audit scanner */
- /* venus c faite femme et le grand pan est mort */
- /* without libsnmp (that was hard :) */
- /* i wonder why nobody wrote this one before ? */
- /* action of this scanner */
- /* { */
- /* guess community names's */
- /* from the hostname */
- /* from a list of password */
- /* test if u have writable access to the MIB */
- /* } */
- /* Greets going to: #!ADM,el8.org and ansia my love */
- /* ftp://ADM.isp.at/ADM/ */
- /* we g0t the -1 day'z :)) */
- /****************************************************/
- /* g bien peur que la fin du monde soit bien triste */
- #define VERSION "beta 0.1"
- /** include :> **/
- #include <stdio.h>
- #include <stdlib.h>
- #include <string.h>
- #include <unistd.h>
- #include <ctype.h>
- #include <fcntl.h>
- #include <sys/types.h>
- #include <sys/time.h>
- #include <errno.h>
- #include <sys/stat.h>
- #include <netdb.h>
- #include <netinet/in.h>
- struct snmpchex
- {
- char name[16]; /* name of the community */
- int id; /* id of the request */
- int ret; /* return code of the request */
- u_char rw; /* writable or no ? */
- };
- struct optionz /* option of the program's */
- {
- u_long utimeout;
- u_long uwait;
- u_long host;
- char *wordfile;
- char *outputfile;
- u_char guess;
- int manysend;
- u_long inter;
- }
- opz;
- struct snmpchex sntab[255];
- char oldbanner[1024];
- char *guess[1024];
- int guess_i = 0;
- /** functions used make a list of password's from the hostname **/
- /** eg. www.toto.com will have toto,TOTO01,www.toto,toto.com etc. **/
- void
- addguess (char *str)
- {
- guess[guess_i] = (char *) calloc (1, strlen (str) + 1);
- strcpy (guess[guess_i], str);
- guess_i++;
- }
- int
- guessname (char *namez)
- {
- char *ptrhost[255];
- char *begin;
- char *end;
- char *hostz;
- char *h00st;
- char tmp[255];
- u_char nodot = 2;
- int i;
- int x;
- int a = 0;
- h00st = hostz = namez;
- begin = h00st;
- if (strchr (hostz, (int) '.') == NULL)
- {
- nodot = 1;
- ptrhost[0] = strdup (namez);
- }
- else
- while (1)
- {
- end = NULL;
- end = (char *) strchr (hostz, (int) '.');
- if (end != NULL)
- {
- ptrhost[a] = (char *) calloc (1, 255);
- for (i = 0; begin != end; begin = begin + 1)
- if (*begin != '.')
- ptrhost[a][i++] = *begin;
- a++;
- hostz = begin + 1;
- }
- else if (strlen (begin) > 0)
- {
- ptrhost[a] = (char *) calloc (1, 255);
- strcpy (ptrhost[a], begin + 1);
- break;
- }
- else
- break;
- }
- if (nodot == 2)
- {
- addguess (ptrhost[0]);
- addguess (ptrhost[a - 1]);
- memset (tmp, 0, sizeof (tmp));
- sprintf (tmp, "%s.%s", ptrhost[a - 1], ptrhost[a]);
- addguess (tmp);
- memset (tmp, 0, sizeof (tmp));
- sprintf (tmp, "%s.%s", ptrhost[0], ptrhost[1]);
- addguess (tmp);
- memset (tmp, 0, sizeof (tmp));
- sprintf (tmp, "%s%s", ptrhost[0], ptrhost[1]);
- addguess (tmp);
- memset (tmp, 0, sizeof (tmp));
- sprintf (tmp, "%s%s", ptrhost[a - 1], ptrhost[a]);
- addguess (tmp);
- }
- for (i = 0; i < nodot; i++)
- for (x = 95; x < 100; x++)
- {
- memset (tmp, 0, sizeof (tmp));
- sprintf (tmp, "%s%i", ptrhost[i], x);
- addguess (tmp);
- }
- for (i = 0; i < nodot; i++)
- for (x = 0; x < 11; x++)
- {
- memset (tmp, 0, sizeof (tmp));
- sprintf (tmp, "%s%i", ptrhost[i], x);
- addguess (tmp);
- }
- for (i = 0; i < nodot; i++)
- for (x = 0; x < 11; x++)
- {
- memset (tmp, 0, sizeof (tmp));
- sprintf (tmp, "%s%02i", ptrhost[i], x);
- addguess (tmp);
- }
- a = guess_i;
- for (x = 0; x != a; x++)
- {
- memset (tmp, 0, sizeof (tmp));
- strcpy (tmp, guess[x]);
- for (i = 0; i < strlen (tmp); i++)
- tmp[i] = (char) toupper ((int) tmp[i]);
- addguess (tmp);
- }
- return (0);
- }
- /** resolve a hostname to an ip **/
- unsigned long
- host2ip (char *serv)
- {
- struct sockaddr_in sinn;
- struct hostent *hent;
- hent = gethostbyname (serv);
- if (hent == NULL)
- return 0;
- bzero ((char *) &sinn, sizeof (sinn));
- memcpy ((char *) &sinn.sin_addr, hent->h_addr, hent->h_length);
- return sinn.sin_addr.s_addr;
- }
- /** look into the snmpd packet and get the return code the ID and the **/
- /** community name and return an offset to the end return code of the paket **/
- /** in ASN.1 language 0x4 [sizeof the string] = string
- 0x2 [sizeof of the interger] = integer
- **/
-
- int
- getret (u_char * buf, int size, struct snmpchex *sn)
- {
- int i;
- for (i = 0; i < size; i++)
- if (buf[i] == 'x04')
- {
- /** Search the comunity name **/
-
- memset ((char *) &sn->name, 0, sizeof (sn->name));
- if (buf[i + 1] < (sizeof (sn->name) - 1))
- memcpy ((char *) &sn->name, (char *) &buf[i + 2], buf[i + 1]);
- else
- return (-1);
- i = i + (buf[i + 1] + 1);
- for (; i < size && i + 2 < size; i++)
- if (buf[i] == 0xa2)
- {
- /** ok we enter into the PDU **/
- for (; i < size && i + 2 < size; i++)
- if (buf[i] == 'x02')
- {
- /** get the ID **/
- sn->id = buf[i + 2];
- for (i = i + (buf[i + 1] + 2); i < size && i + 2 < size; i++)
- if (buf[i] == 'x02')
- if (buf[i + 1] == 'x01')
- {
- /** return code **/
- sn->ret = buf[i + 2];
- return (i + 2);
- }
- else
- return (-1);
- }
- }
- }
- return (-1);
- }
- /** here we make a GERREQ and SETREQ paket */
- /** read a good book about snmp protocol or rfc for the meaning :) */
- int
- getreq (u_char * buf, char *name, int longid, u_char id, int set_req)
- {
- int i = 0;
- buf[0] = 0x30;
- buf[1] = 0x82;
- buf[2] = 0x00;
- buf[3] = 16 + longid + strlen (name);
- /* printf ("buf[1]=%in", 19 + longid + strlen (name)); */
- buf[4] = 0x02;
- buf[5] = 0x01;
- buf[6] = 0x00;
- buf[7] = 0x04; /* we copy the community name */
- buf[8] = strlen (name);
- strcpy ((buf + 9), name);
- i = 9 + strlen (name);
- if (set_req == 0)
- buf[i++] = 0xa0; /* a0 = getreq a3 = setreq */
- else
- buf[i++] = 0xa3;
- /** get req **/
- /* printf ("buf[%i]=%in", i, 12 + longid); */
- buf[i++] = 9 + longid;
- buf[i++] = 0x02;
- buf[i++] = 0x1;
- buf[i++] = (u_char) id;
- buf[i++] = 0x02;
- buf[i++] = 0x01;
- buf[i++] = 0x00;
- buf[i++] = 0x02;
- buf[i++] = 0x01;
- buf[i++] = 0x00;
- return (20 + strlen (name));
- }
- /** make the paket snmp :> */
- int
- makepktsnmp (int sock, u_char * sysdec, int sizeofsysdec, char *buf, int sizeofbuf, char *namez, int id, struct sockaddr_in *sin, int set_req)
- {
- int i;
- int GETREQ_SYSDEC;
- GETREQ_SYSDEC = sizeofsysdec - 1;
- memset (buf, 0, sizeofbuf);
- i = getreq (buf, namez, GETREQ_SYSDEC, id, set_req);
- memcpy ((buf + i), sysdec, GETREQ_SYSDEC);
- return (sendto (sock, buf, i + GETREQ_SYSDEC, 0, sin, sizeof (struct sockaddr_in)));
- }
- /** getreq paket **/
- int
- req_makepktsnmp (int sock, char *buf, int sizeofbuf, char *namez, int id, struct sockaddr_in *sin)
- {
- /** system.sysName.0 :> **/
- u_char sysdec[] = "x30x10x30x82x0x0cx06x08x2bx06x01x02x01x01x05x00x05x00";
- return (makepktsnmp (sock, (u_char *) & sysdec, sizeof (sysdec), buf, sizeofbuf, namez, id, sin, 0));
- }
- /** setreq paket **/
- int
- set_makepktsnmp (int sock, char *buf, int sizeofbuf, char *name,
- char *namez, int id, struct sockaddr_in *sin)
- {
- int i;
- u_char *save;
- u_char sysdec[] = "x30x10x30x82x0x09x06x08x2bx06x01x02x01x01x05x00";
- save = (u_char *) calloc (1, sizeof (sysdec) + strlen (namez) + 2);
- i = sizeof (sysdec);
- memcpy (save, (u_char *) & sysdec, i);
- i--;
- save[i++] = 'x04';
- save[i++] = strlen (namez);
- memcpy ((save + i), namez, strlen (namez));
- i = strlen (namez) + 3;
- save[1] = save[1] + strlen (namez);
- save[5] = save[5] + i;
- i--;
- return (makepktsnmp (sock, save, sizeof (sysdec) + i, buf, sizeofbuf, name, id, sin, 1));
- }
- /** keep in memory good community name **/
- /** return -2 if we have an Writable access **/
- /** return 0 for any good community name **/
- /** return -1 for error or any else **/
- int
- snadd (struct snmpchex *sn, int taboff)
- {
- int i;
- if (sn->id > 127)
- for (i = 0; i < 255; i++)
- if (strcmp ((char *) &sntab[i].name, sn->name) == 0)
- {
- sntab[i].rw = 2;
- return (-2);
- }
- for (i = 0; i < 255; i++)
- if (sntab[i].id == sn->id)
- {
- return (-1);
- }
- else if (strcmp ((char *) &sntab[i].name, sn->name) == 0)
- return (-1);
- strncpy ((char *) &sntab[taboff].name, (char *) &sn->name, 16);
- sntab[taboff].id = sn->id;
- sntab[taboff].ret = sn->ret;
- return (0);
- }
- /** main function **/
- int
- snmpcheck (u_long ip, FILE * f)
- {
- struct snmpchex sn;
- struct sockaddr_in sin;
- int sock;
- int i = 0, x;
- u_char buf[255];
- char namez[24];
-
- int the_id = 10;
- int nd;
- int sntab_off = 0;
- int manysend = 0;
- struct timeval tv2, tv3;
- sin.sin_family = AF_INET;
- sin.sin_port = htons (161);
- sin.sin_addr.s_addr = ip;
- sock = socket (AF_INET, SOCK_DGRAM, IPPROTO_UDP); /* gimme a socket */
- fcntl (sock, F_SETFL, O_NONBLOCK);
- the_id = 1;
- memset ((u_char *) & buf, 0, sizeof (buf));
- while (1)
- {
- if (the_id > 127)
- the_id = 0;
- if (!feof (f)) /** get community name to test from the wordfile **/
- {
- memset ((char *) &namez, 0, sizeof (namez));
- fgets ((char *) &namez, sizeof (namez), f);
- if (strlen (namez) > 0 && namez [0] != 'n')
- {
- namez[strlen (namez) - 1] = ' ';
- the_id++;
- printf ("