大家是不是大都使用别人的工具来搞入侵呢, 我也是, 不过从学了编程以后, 老是想自己写点程序, 然后用它来入侵,这里就是教你如何实现自己的的梦想。
今天所要演示的是telnet的入侵, 近来的sunos_telnet搞的风风火火.
1.扫描一个IP段, 所以要写个IP扫描器
2.Telnet banner check, 看telnet的反应, 所以要写个system os check depent op telnet.
3.用sunos_telnet来测试, sunos_telnet.exe网上有下载.
第一步:
/* simple tcp portscan /
/ 只对一个IP的扫描 */
#include
1<stdio.h>
2#include <stdlib.h>
3#include <string.h>
4#include <sys socket.h="">
5#include <sys types.h="">
6#include <netinet ip.h="">
7#include <netinet tcp.h="">
8#include <netinet in.h="">
9#include <arpa inet.h="">
10#include <unistd.h>
11#include <netdb.h>
12#define START_PORT 1
13#define STOP_PORT 1024
14struct sockaddr_in addr; /* 以struct sockaddr_in 结构定义 addr */
15struct hostent *host;
16struct servent *reply;
17int sock, i;
18int start_port; /* 起始端口 */
19int stop_port; /* 结束端口 */
20int usage(char *pro) /* 帮助 */
21{
22printf(" simple TCP scanner\n");
23printf("usage: %s <remote-host> <start port=""> <end port="">\n",pro);
24exit(1);
25}
26int scan(int port) /* scan() 扫描 */
27{
28if((sock = socket(AF_INET,SOCK_STREAM,0)) < 0) { /* 建立socket描述符 */
29printf("scan errno -> socket\n");
30exit(1);
31}
32addr.sin_family = AF_INET;
33addr.sin_port = htons(port);
34addr.sin_addr = *(struct in_addr *)host->h_addr;
35if((connect(sock,(struct sockaddr *)&addr,sizeof(addr))) == 0) /*
36建立连接,判断端口 */
37return 0; /* 成功 */
38else
39return 1; /* 失败 */
40}
41int main(int argc,char *argv[]) /* 主程序 */
42{
43char *service;
44if(argc != 4)
45usage(argv[0]);
46start_port = atoi(argv[2]); /* 将argv[2]转换成整数*/
47stop_port = atoi(argv[3]); /* 将argv[3]转换成整数*/
48if(strcmp(argv[2],"-")== 0 && strcmp(argv[3],"-")== 0) { /* 对比 argv[2] argv[
493] 和 "-"符号 */
50start_port = START_PORT; /* 如果是 "-" 的话,起始端口等于1 */
51stop_port = STOP_PORT; /* 如果是 "-" 的话,结束端口等于1 */
52}
53if(start_port > stop_port) { /* 如果起始端口大于结束端口 */
54printf(" start port can not greater than stop port.\n");
55usage(argv[0]);
56exit(1);
57}
58if((host = gethostbyname(argv[1])) == NULL) { /* 用gethostbyname()
59来得到对方的信息 */
60printf("can't get host info %s \n",argv[1]);
61exit(1);
62}
63printf("Scanning host %s from %d to %d ......................\n",argv[1],
64start_port,stop_port);
65for(i=start_port;i<=stop_port;i++) /* 使用for语句对每个端口进行连接 */
66{
67if(scan(i) == 0) {
68reply = getservbyport(htons(i),"tcp"); /* 用getservbyport得到端口信息 */
69if(reply == NULL) /* 无法得到端口信息 */
70service = "Uknown";
71else
72service = reply->s_name; /* reply->s_name 是端口服务 */
73printf("Port %5d is open. \tservice <%s>\n",i,service);
74}
75close(sock);
76}
77}
78/*****************************************************************************/
79看懂上面的代码吗? 如果你看不懂的话, 或编写不成功, 就用superscan吧,
80superscan扫描结果:
81* + 209.249.191.73
82|___ 23 Telnet
83|___ ............
84* + 209.249.191.74
85|___ 23 Telnet
86* + 209.249.191.75
87|___ 23 Telnet
88|___ ..... ..#..'
89* + 209.249.191.76
90|___ 23 Telnet
91|___ ..... ..#..'
92* + 209.249.191.77
93|___ 23 Telnet
94* + 209.249.191.78
95|___ 23 Telnet
96|___ ..... ..#..'
97* + 209.249.202.166
98|___ 23 Telnet
99|___ ..... ..#..'
100* + 209.249.202.167
101|___ 23 Telnet
102|___ ..... ..#..'
103* + 209.249.202.168
104|___ 23 Telnet
105|___ ..... ..#..'
106* + 209.249.242.3
107|___ 23 Telnet
108|___ ............
109* + 209.249.242.14
110|___ 23 Telnet
111|___ ................User Access Verification....Password:
112* + 209.249.249.171
113|___ 23 Telnet
114|___ ........#..'..$
115* + 209.249.249.172
116|___ 23 Telnet
117|___ ........#..'..$
118
119是不是很讨厌前面的 * + 和 |___ 23 Telnet |___ ........#..'..$ 东西呢, 那再写个程序搞定它,
120/*************************superscan clear.c************************/
121#include <stdio.h>
122
123main(int argc,char *argv[</stdio.h></end></start></remote-host></netdb.h></unistd.h></arpa></netinet></netinet></netinet></sys></sys></string.h></stdlib.h></stdio.h>