lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: es at hush.com (es@...h.com)
Subject: [ElectronicSouls] - wuftp 2.6.0(1) scanner

-----BEGIN PGP SIGNED MESSAGE-----

Dear List,

This scanner will help you on your internal network audits to find
vulnerable wuftp 2.6.0 servers that you can exploit with 7360wu to
prove the vulnerability is real.

Do not use in the wild!

# cat ES_WuScan.sh
#!/bin/sh
#
# ------------ ES_WuScan.sh ------------
#
# (C) BrainStorm [ElectronicSouls]
#
# This shell script will search for vulnerable version of wu-ftp-2.6.0(1)
# If u think this is lame, cuz its wu-ftp, piss off ..we don`t give a fuck..
# u need nc to get this to work ...
#
# - THIS IS THE BETA VERSION ! -
#
# Quick Shouts: 0x7f,RSH,IC

start=$1
end=$2

declare -i i
declare -i null=0
declare -i max=255
declare -i oct=256

declare -i tmp1
declare -i tmp2
declare -i tmp3
declare -i tmp4

if [ $# -ne 2 ];
then

echo
echo "[!] --- Usage: $0 StartIP EndIP ---"
echo

exit 1

fi

trap clean 1 SIGINT
trap clean 1 SIGKILL
trap clean 1 SIGQUIT
trap clean 1 SIGTERM

clean()
{
if [ -f ~/.ESwuScanOutput ]; then
        rm -rf ~/.ESwuScanOutput
fi

if [ -f ~/.pingout ]; then
        rm -rf ~/.pingout
fi
exit 0
}

declare -i startIP1=$(echo "$start"|awk -F. '{ print $4 }')
declare -i startIP2=$(echo "$start"|awk -F. '{ print $3 }')
declare -i startIP3=$(echo "$start"|awk -F. '{ print $2 }')
declare -i startIP4=$(echo "$start"|awk -F. '{ print $1 }')

if [ "$startIP1" -gt "$max" ] || [ "$startIP2" -gt "$max" ] || [ "$startIP3" -gt "$max" ] || [ "$startIP4" -gt "$max" ];

then
        echo "[-] ERROR! invalid StartIP address.."
        exit 1
fi

declare -i endIP1=$(echo "$end"|awk -F. '{ print $4 }')
declare -i endIP2=$(echo "$end"|awk -F. '{ print $3 }')
declare -i endIP3=$(echo "$end"|awk -F. '{ print $2 }')
declare -i endIP4=$(echo "$end"|awk -F. '{ print $1 }')

if [ "$endIP1" -gt "$max" ] || [ "$endIP2" -gt $max ] || [ "$endIP3" -gt "$max" ] || [ "$endIP4" -gt "$max" ];

then
        echo "[-] ERROR! invalid EndIP address.."
        exit 1
fi
clear
echo "________________________________________"
echo "  ES_WuScan.sh (C) BrainStorm [ElectronicSouls]   "
echo "________________________________________"

ip="${startIP4}.${startIP3}.${startIP2}.${startIP1}"
while [ 1 ]
do
        echo $ip
        echo quit|nc -w 6 "${startIP4}.${startIP3}.${startIP2}.${startIP1}" 21 > ~/.ESwuScanOutput
        sleep 6s
        if [ -f ~/.ESwuScanOutput ]; then
                cat ~/.ESwuScanOutput|grep wu-2.6.0'(1)'>/dev/null && echo -n "$soct4.$soct3.$soct2.$soct1 -!- wu-2.6.0'(1)' Server [*]"
                cat ~/.ESwuScanOutput|grep rh > /dev/null  && echo "...and RH host !"
                rm ~/.ESwuScanOutput
fi

soct1=$startIP1+1
          ip="${startIP4}.${startIP3}.${startIP2}.${startIP1}"
          if [ "$startIP1" -ge "$max" ]; then

        startIP1=0
        startIP2=$startIP2+1

          ip="${startIP4}.${startIP3}.${startIP2}.${startIP1}"
          if [ "$startIP2" -ge "$max" ]; then

        startIP2=0
        startIP3=$startIP3+1

          ip="${startIP4}.${startIP3}.${startIP2}.${startIP1}"
          if [ "$startIP3" -ge "$max" ]; then

               startIP3=0
               startIP4=$startIP4+1

          ip="${startIP4}.${startIP3}.${startIP2}.${startIP1}"
          if [ "$startIP4" -ge "$max" ]; then

echo "error: out of valid ip address range"
        exit 1
fi
        else
        startIP3=$startIP3+1
fi
        else
        startIP2=$startIP2+1
fi
fi
                if [ $end = $ip ]; then
echo "[*] done!"
exit 0
fi

done

#

The Electronic Souls Crew
[ElectronicSouls] (c) 2002

"Private code: Do not distribute!"

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify

wlMEARECABMFAj3nFrEMHGVzQGh1c2guY29tAAoJEN5nGqhGcjltqIAAoIIy5/XXak1m
H6oPKO7mkLerQ+vgAJ9wP3eXR2zawO1AhffnriKxQ+VfIA==
=wcAy
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2 

Big $$$ to be made with the HushMail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ