Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Hacking Techniques :: pbs.c

Proxy Bounce Scanner Bounce a portscan off a web proxy server, a la 'FTP bounce attack'




/*
**  pbs.c     : Proxy Bounce Scanner - Bounce a portscan off an  
**              web proxy server, a la 'FTP bounce attack'
**  Gus '98 
**
**  hi-5s to  : Mr Darkcyde for his original idea.
**            : #phuk, Ao12M, DM, DAC.
**
..
..  Problem   : WWW Proxy servers may be an unrecognised source of
..            : hostile traffic.
..
..  Solution  : Ensure that only authorised users may connect to the
..            : proxy server port.
..
**
**
**
*/


#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <netdb.h>
#include <netinet/in.h>
#include <errno.h>
#include <string.h>
#include <signal.h>

int proxy_scan(char *,char *,int ,int ,int);
int openhost(struct hostent *, int);
int usage(char *);
void handle_alarm(int signum);


int main(int argc, char *argv[]) {
  int proxy_port = 8080;
  int start_port = 20;
  int end_port = 24;
  char *target = NULL;
  char *proxy = NULL;
  

  if (argc < 6) exit(usage(argv[0]));
  
  proxy      = argv[1];
  proxy_port = atoi(argv[2]);
  target     = argv[3];
  start_port = atoi(argv[4]);
  end_port   = atoi(argv[5]);


  exit(proxy_scan(target,proxy,proxy_port,start_port,end_port));
}

int usage(char *name) {
  fprintf(stderr,"pbs.c - Gus'98\n");
  fprintf(stderr,"Usage: %s <proxy host> <proxy port>",name);
  fprintf(stderr," <target> <start> <end>\n");
  return(1);
}

void handle_alarm(int signum) {
  alarm(0);
  signal(SIGALRM, SIG_DFL);
}

  
int openhost(struct hostent *he, int port) {
  int sock;
  struct sockaddr_in sa;
 
  memcpy(&sa.sin_addr, he->h_addr, he->h_length);
  
  sa.sin_port=htons(port);
  sa.sin_family=AF_INET;
  sock=socket(AF_INET,SOCK_STREAM,0);
  if (sock < 0) {
    perror ("cannot open socket");
    exit(-1);
  }
  bzero(&sa.sin_zero,sizeof (sa.sin_zero));
  
  if (connect(sock,(struct sockaddr *)&sa,sizeof sa)<0) {
    perror("Could not connect to host");
    exit(-1);
  }

  return(sock);
}
    
   


int proxy_scan(char *target,char *proxy,int p_port,int s_port,int e_port) {
  
  char reqbuff[1024];
  char respbuff[255];
  struct hostent *he;
  int curport = 0;
  int sock,nread;
  
      
  he = gethostbyname(proxy);
  if (he == NULL) {
    perror("Bad hostname");
    return (1);
  }
  printf ("Bouncing off of : %s\nPorts: %d to %d\n", proxy,s_port,e_port);


  for (curport = s_port; curport <= e_port ; curport++) {
    sock = openhost(he,p_port);
    printf ("Trying %d...",curport);
    bzero(reqbuff,sizeof(char));
    sprintf(reqbuff,"GET http://%s:%d HTTP/1.0\n\n", target,curport);
    write(sock,reqbuff,strlen(reqbuff));
    siginterrupt(SIGALRM, 1);
    signal(SIGALRM, handle_alarm);
    alarm(5);
    nread = read(sock,respbuff,255);
    if (nread <= 0) {
        if (errno == EINTR) errno = ETIMEDOUT;
        printf("timeout, probably open\n");
    } else {
        if (strstr(respbuff," 500 ")) printf("closed.\n");
        if (strstr(respbuff," 200 ")) printf("open.\n");
    }
    alarm(0);

    (void)shutdown(sock,2);
  }
  printf ("\nAll done.\n");
  return 0;
}


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH