Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Linux :: Discontinued :: cbind.c

Cdgxn-Bsd Scans machines for the BIND NXT vulnerability. Cdgxn-Secure is a Local Linux Security Auditing tool that scans for a number of different vulnerabilities a variety of ways. It will also help determine if you've been compomrised already.




/* BIND NXT vulnerable SCANNER  - CBIND */

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <wait.h>
#include <netdb.h>
#include <string.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <sys/stat.h>
#include <sys/socket.h>
#include <netinet/in.h>

/* DO NOT EDIT THIS LINE */
#define SCAN_EXE		"./nmap -p 53 "

/* EDIT: directory of NMAP */
#define SCAN_DIR		"/home/lb0gspm/tmp/nmap/"

/* EDIT: directory of CBIND and it's temporary files */
#define CBIND_DIR		"/home/lb0gspm/tmp/cbind/"
#define R1_DIR			"/home/lb0gspm/tmp/cbind/result1.cbind"
#define R2_DIR			"/home/lb0gspm/tmp/cbind/result2.cbind"

int Scan( char *ip );
char *GetSubnet( char *ip );
char *ChangeSubnet( char *ip, char *subnet );
char *itoa( int i );

int main( int argc, char *argv[] )
{
    struct in_addr addr;
    struct hostent *host_entry;
    unsigned short int option[3], i, wait_st;
    unsigned char *name;
    unsigned char *cmd;
    unsigned char *ip, *subnet, *ip_s;
    unsigned char *temp;
    FILE *fp;
    
    printf( "Check BIND v 2.00b \n" );
    printf( "Bind NXT vulnerablity scanner\n\n" );
   
    name = (char *)malloc( 200 );
    ip = (char *)malloc( 16 );
    ip_s = (char *)malloc( 16 );
    subnet = (char *)malloc( 4 );
    cmd = (char *)malloc( 50 );
			
    if( argc == 1 )
    {
	printf( "Options: \n" );
	printf( "   -s                     SUB-NET SCAN ( SLOW BUT HIGH PRECISE )\n" );
	printf( "   -f                     SUB-NET SCAN ( FAST BUT LOW PRECISE / NMAP REQUIRE )\n" );
	printf( "   -i                     PRINT INFOMATION\n\n" );
	printf( "Examples: \n" );
	printf( "   cbind victim.com       ( IT WILL SCAN IF TARGET IS VULNERABLE OR NOT )\n" );
	printf( "   cbind victim.com -s    ( IT WILL SCAN ALL SUB-NETs IN DETAIL )\n" );
	printf( "   cbind -f victim.com    ( IT WILL SCAN SUB-NETs LOW PRECISE )\n\n" );              
	exit(0);
    } else {
	option[0] = 0;
	option[1] = 0;
	option[2] = 0;
	for( i = 1; i < argc; i++ )
	{
	    if( strcmp( argv[i], "-s" ) == 0 )
	    {
		if( option[2] == 1 )
		{
		    printf( "Can not use options -s, -f at the same time.\n" );
		    exit(0);
		}
		if( option[0] == 1 )
		{
		    printf( "Can not use option -s with -i.\n" );
		    exit(0);
		}
		printf( "Sub-net( high precise ) scan mode ACTIVATED.\n" );
		printf( "It can takes long.\n\n" );
    		option[1] = 1;
		continue;
	    }
	    if( strcmp( argv[i], "-f" ) == 0 )
	    {
		if( option[1] == 1 )
		{
		    printf( "Can not use options -s, -f at the same time.\n" );
		    exit(0);
		}
		if( option[0] == 1 )
		{
		    printf( "Can not use options -f with -i.\n" );
		    exit(0);
		}
		printf( "Sub-net( low precise ) scan mode ACTIVATED.\n" );
		printf( "It require NMAP 2.07 or higher version.\n\n" );
		option[2] = 1;
		continue;
	    }
	    if( strcmp( argv[i], "-i" ) == 0 )
	    {
		if( (option[1] == 1) || (option[2] == 1) )
		{
		    printf( "Can not use option -i with -s(or -f).\n" );
		    exit(0);
		}
		option[0] = 1;
		continue;
	    }
	    strcpy( name, argv[i] );
	}
    }
    
    if( geteuid() != 0 )
    {
	printf( "Error! You are not ROOT!\n" );
	exit(0);
    }
    
    if( (name[0] <= '0') || (name[0] >= '9') )
    {
	host_entry = gethostbyname( name );
	if( host_entry == NULL )
	{
	    if( option[0] != 1 ) {
	    printf( "Can not scan %s.\n", name );
	    exit(0);
	    }
	}
	if( option[0] != 1 ) {
	addr = *((struct in_addr *)host_entry->h_addr);
	ip = (unsigned char *)inet_ntoa( addr );
	subnet = GetSubnet( ip );
	}
    }
    if( (name[0] >= '0') && (name[0] <= '9') )
    {
	host_entry = gethostbyaddr( name, strlen(name), AF_INET );
	if( host_entry == NULL )
	{
	    if( option[0] != 1 ) {
	    printf( "Can not scan %s.\n", name );
	    exit(0);
	    }
	}
	if( option[0] != 1 ) {
	addr = *((struct in_addr *)host_entry->h_addr);
	ip = (unsigned char *)inet_ntoa( addr );
	subnet = GetSubnet( ip );
	}
    }
    
    if( (option[1] == 0) && (option[2] == 0) && (option[0] != 1) )
    {
	Scan( ip );
        printf( "Scanning Done.\n" );
	remove( R1_DIR );
	remove( R2_DIR );
        exit(0);
    }
    if( option[1] == 1 )
    {
	for( i = 0; i < 256; i++ )
	{
	    if( fork() == 0 )
	    {
	    	strcpy( subnet, itoa( i ) ); 
	    	ip_s = ChangeSubnet( ip, subnet );
	    	Scan( ip_s );
		remove( R1_DIR );
		remove( R2_DIR );
		exit(0);
	    } else {
		wait( NULL );
	    }
	    continue;
	}
	printf( "Scanning Done.\n" );
	exit(0);
    }
    if( option[2] == 1 )
    {
        strcpy( cmd, SCAN_EXE );
	strcat( cmd, name );
	strcat( cmd, "/24" );
	strcat( cmd, " > " );
	strcat( cmd, R1_DIR );
	chdir( SCAN_DIR );
	system( cmd );
	
	strcpy( cmd, "grep \"Interesting\" " );
	strcat( cmd, R1_DIR );
	strcat( cmd, " > " );
	strcat( cmd, R2_DIR );
	system( cmd );
	
	if( ( fp = fopen( R2_DIR, "r" ) ) < 0 )
	{
	    printf( "File Open Error!\n" );
	    exit(0);
	}
	
	while( 1 )
	{
	    bzero( name, 200 );
	    temp = (char *)malloc( 200 );
	    strcpy( temp, "                                                          " );
	    temp = fgets( temp, 100, fp );
	    if( temp == NULL ) break;
	    if( temp[21] == ' ' )
	    {
	    	for( i = 0; i < 16; i++ )
		{
		    if( (temp[i+23] != ' ') && (temp[i+23] != ')') )
		    {
			if( (temp[i+23] >= '0') && (temp[i+23] <= '9') )
			{
			name[i] = temp[i+23];
			} else {
			if( temp[i+23] == '.' )
			    name[i] = temp[i+23];
			}
		    }
		}
	    }
	    if( temp[21] != ' ' )
	    {
		for( i = 0; i < 50; i++ )
		{
		    if( temp[i+21] != ' ' ) name[i] = temp[i+21];
		}
	    }

    	    Scan( name );
	    free(temp);
	    
	}	    
	remove( R1_DIR );
	remove( R2_DIR );
    }
    if( option[0] == 1 )
    {
	printf( "Creator  : Laks Bluesky\n" );
	printf( "E-mail   : lb0gspm@hanmail.net\n\n" );
	printf( "Version  : 2.00 beta\n\n" );
	printf( "2000.06.19\n" );
	exit(0);
    }
}

char *itoa( int i )
{
    char *ret;
    char c;
    int count;
    
    ret = (char *)malloc( 4 );
    
    count = 1;
    if( i > 9 ) count = 2;
    if( i > 99 ) count = 3;
    
    if( count == 1 )
    {
	c = i+48;
        ret[0] = c;
        ret[1] = '\0';
        return ret;
    }
    
    if( count == 2 )
    {
	c = i / 10;
	i = i - (c*10);
	
	ret[0] = c+48;
	ret[1] = i+48;
	ret[2] = '\0';
	return ret;
    }
    
    if( count == 3 )
    {
	c = i / 100;
	i = i - (c*100);
	
	ret[0] = c+48;
	
	c = i / 10;
	i = i - (c*10);
	
	ret[1] = c+48;
	ret[2] = i+48;
	ret[3] = '\0';
	return ret;
    }
}

char *ChangeSubnet( char *ip, char *subnet )
{
    char *ip_s;
    int count = 0, i = 0;
    
    ip_s = (char *)malloc( 16 );
    
    strcpy( ip_s, ip );
    
    for( count = 0; count != 3; count = count )
    {
	if( ip_s[i] == '.' )
	{
	    count++;
	    i++;
	    continue;
	}
	i++;
    }
    
    ip_s[i++] = subnet[0];
    ip_s[i++] = subnet[1];
    ip_s[i++] = subnet[2];
    ip_s[i++] = subnet[3];
    
    return ip_s;
}    
    
char *GetSubnet( char *ip )
{
    char *ret;
    int count = 0, i = 0;
    
    ret = (char *)malloc( 4 );
    
    for( count = 0; count != 3; count = count )
    {
	if( ip[i] == '.' )
	{
	    count++;
	    i++;
	    continue;
	}
	i++;
    }
    
    ret[0] = ip[i++];
    ret[1] = ip[i++];
    ret[2] = ip[i++];
    ret[3] = ip[i++];
    
    return ret;
}
   
int Scan( char *ip )
{
    unsigned short int	i;
    unsigned char c;
    unsigned char *cmd;
    unsigned char *version;
    FILE *fp;
    struct stat result;
    
    cmd = (char *)malloc( 200 );
    version = (char *)malloc( 9 );
    
    printf( "Scanning... %s\n", ip ); 
    
    strcpy( cmd, "dig @" );
    strcat( cmd, ip );
    strcat( cmd, " version.bind chaos txt > " );
    strcat( cmd, R1_DIR );
    strcat( cmd, " 2> /dev/null" );
    system( cmd );
    
    strcpy( cmd, "grep \"VERSION.BIND.\" " );
    strcat( cmd, R1_DIR );
    strcat( cmd, " > " );
    strcat( cmd, R2_DIR );
    system( cmd );
    
    stat( R2_DIR, &result );
    
    if( result.st_size < 30 )
    {
	chdir( CBIND_DIR );
	return 0;
    }
    
    if( ( fp = fopen( R2_DIR, "r" ) ) >= 0 )
    {
	for( i = 0; i < 29; i++ )
	{
	    c = fgetc( fp );
	}
	
	for( i = 0; i < 9; i++ )
	{
	    c = fgetc( fp );
            
	    if( c == '"' )
	    {
		version[i] = '\0';
		break;
	    }
	    
	    version[i] = c;
	}
    } else {
	chdir( CBIND_DIR );
	return 0;
    }

    if( strcmp( version, "8.2" ) == 0 )
    {
	printf( "%s: IT IS VULNERABLE! ", ip );
	printf( "Try it. :)\n" );
        chdir( CBIND_DIR );
	return 0;
    }
    
    if( strcmp( version, "8.2.1" ) == 0 )
    {
	printf( "%s: IT IS VULNERABLE! ", ip );
	printf( "Try it. :)\n" );
        chdir( CBIND_DIR );
	return 0;
    }
    
    if( strcmp( version, "8.2.2" ) == 0 )
    {
	printf( "%s: IT IS VULNERABLE! ", ip );
	printf( "Try it. :)\n" );
        chdir( CBIND_DIR );
	return 0;
    }
    
    if( strcmp( version, "8.2.2-P5" ) == 0 )
    {
        chdir( CBIND_DIR );
	return 0;
    }
 
    if( strcmp( version, "8.1.2" ) == 0 )
    {
        chdir( CBIND_DIR );
	return 0;
    }
    
    chdir( CBIND_DIR );
    return 0;
}


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH