Neperos
SIGN IN
Copy Link
Add to Bookmark
Report

rvscan v4-rel

Remote vulnerability scanner for UNIX (v4). (In our honest opinion #1)

eZine's profile picture
eZine lover (@eZine)
Published in 
In our honest opinion
 · 8 months ago

README

 ---  -- 
  --- - 
 e ---  ploit vulnerability scanner [rvscan v4-rel] 
  - --- http://chickenz.net/og || elicit@comic.com 
 --  --- 
     rvscan version four release [rvscan-v4.tgz] 
         unix remote vulnerability scanner 
::::::::::::::::::::::::::::::::::::::::::::::::::::::

INFO:
hopefully this version will be a lot more reliable. several people tested this out for me, and i fixed all the bugs that they found so far. everything should run smoothly, but i don't recommend using the -v (verbose) flag, because its just not pretty. check the 'ChangeLog' file to see whats new in this version. enjoy.

WARNING:
i am in no way responsible for what you do with this tool. It should be considered very dangerous, and is merely for local security testing (NOT HACKING). if you *do* scan things outside of your network, then don't send me hate mail from your jail cell, because it will go straight to my trash can. of course, this is for educational purposes only; the definition of educational is up to you.

REQUIREMENTS:
a *nix system with telnet, rpcinfo, showmount, nmap, and host.

RESOURCES:
email: elicit@comic.com
web: http://chickenz.net/og
irc: elicit at #og on irc.ndrsnet.com


THANKS:
all of #og. shekk, robosok, orbflux, and ka0z for bug testing.

ChangeLog

v4-rel:

  • made a whole lot of improvements to make things more efficient.
  • added automatic nmap installation.
  • no longer requires 'strobe'.
  • added an attempt at telnet banner grabbing (works occasionally). =>
  • added new checks for vulnerable BIND versions.
  • added new checks for vulnerable IMAPD versions.
  • rewrote some things in perl for more stability.
  • added new checks for vulnerable HTTPD versions. (NCSA 1.3, IIS 4.0, IIS 5.0)
  • added new checks for vulnerable FTPD versions. (wu-2.6.0, *bsd glob(), NcFTPD 2.4.2, QVT/Net v4.3).
  • added quite a few new cgi checks (223 total now).
  • fixed pop3 multiple authentication checking.
  • added new checks for vulnerable QPOP and QVT/Net pop3 daemons.
  • added new checks for Back Orifice and Netbus.
  • added an smtp check for user probing.
  • added a basic linux distribution guessing script
  • added new checks for vulnerable LPD versions.
  • added new checks for vulnerable NTPD versions.
  • now attempts to gather finger information from host.

anonftp.pl

#!/usr/bin/perl 
# 
# anonftp.pl by ben-z (http://benz.slacknet.org) 
# written for use in the rvscan package only! 

$ARGC=@ARGV; 
use Socket; 
my($remote,$port,$iaddr,$paddr,$proto,$line); 
$remote=$ARGV[0]; 
$port = "21"; 
$iaddr = inet_aton($remote) or die "asdf"; 
$paddr = sockaddr_in($port, $iaddr) or die "asdf"; 
$proto = getprotobyname('tcp') or die "asdf"; 
socket(SOCK, PF_INET, SOCK_STREAM, $proto) or die "asdf"; 
connect(SOCK, $paddr) or die "asdf";; 
$msg = "USER Anonymous\n"; 
send(SOCK, $msg, 0) or die "asdf"; 
$msg = "PASS root\@cybercrime.gov\n"; 
send(SOCK, $msg, 0) or die "asdf"; 
$msg = "quit\n"; 
send(SOCK, $msg, 0) or die "asdf"; 
while (<SOCK>) { 
   print; 
} 
exit;

banner.pl

#!/usr/bin/perl 
# 
# simple banner logging deal 
#  elicit@execs.com 

use Socket; 
$remote=$ARGV[0]; 
$port=$ARGV[1]; 
$iaddr = inet_aton($remote) or die "0"; 
$paddr = sockaddr_in($port, $iaddr) or die "0"; 
$proto = getprotobyname('tcp') or die "0"; 
socket(sawk,PF_INET,SOCK_STREAM,$proto) or die "0"; 
connect(sawk,$paddr) or die "0"; 
sleep(7); 
recv(sawk,$msg,1024,0) or die "0"; 
shutdown(sawk,2); 
print "$msg\n"; 
exit;

banner.telnet

#!/bin/sh 
# 
# telnet banner grabbing script, elicit@comic.com 

if [ "$1" = "" ]; then 
 exit 0 
fi 

 
telnet $1 1>.telnet.tmp 2>.telnet.tmp

pop3chk.pl

#!/usr/bin/perl 
# 
# pop3chk.pl by ben-z (http://benz.slacknet.org) 
# written for use in the rvscan package only! 
# 
# updated 3/01, elicit@execs.com 

use Socket; 
$remote=$ARGV[0]; 
$port = "110"; 
$iaddr = inet_aton($remote) or die "0"; 
$paddr = sockaddr_in($port, $iaddr) or die "0"; 
$proto = getprotobyname('tcp') or die "0"; 
socket(SOCK, PF_INET, SOCK_STREAM, $proto) or die "0"; 
connect(SOCK, $paddr) or die "0"; 
sleep(2); 
$msg = "USER root\n"; 
send(SOCK, $msg, 0) or die "0"; 
sleep(1); 
$msg = "PASS JIGGA\n"; 
send(SOCK, $msg, 0) or die "0"; 
sleep (2); 
$msg = "USER root\n"; 
send(SOCK, $msg, 0) or die "0"; 
sleep(1); 
$msg = "PASS SLUTTIE\n"; 
send(SOCK, $msg, 0) or die "0"; 
sleep(2); 
$msg = "USER root\n"; 
send(SOCK, $msg, 0) or die "0"; 
sleep(1); 
$msg = "PASS WHORE\n"; 
send(SOCK, $msg, 0) or die "0"; 
sleep(2); 
$msg = "USER root\n"; 
send(SOCK, $msg, 0) or die "0"; 
sleep(1); 
$msg = "PASS h0h0h0\n"; 
send(SOCK,$msg,0) or die "0"; 
sleep(2); 
$quit = "quit\n"; 
send(SOCK, $quit, 0) or die "0"; 
print "it worked! 1";

smtpchk.pl

#!/usr/bin/perl 
# determines if an stmp server allows multiple user guessing 
#  elicit@execs.com - written for rvscan-v4a1 
#  #og @ irc.ndrsnet.com !@#$ 

use Socket; 
$ARGC=@ARGV; 
$target=$ARGV[0]; 
$rmail="root\@cybercrime.gov"; 
$port="25"; 
$iaddr=inet_aton($target) or die "0"; 
$paddr=sockaddr_in($port,$iaddr) or die "0"; 
$proto=getprotobyname('tcp') or die "0"; 
socket(sok,PF_INET,SOCK_STREAM,$proto) or die "0"; 
connect(sok,$paddr) or die "0"; 
sleep(5); 
$helo="HELO cybercrime.gov\n"; 
$muser="MAIL FROM: $rmail\n"; 
send(sok,$helo,0) or die "0"; 
sleep(2); 
send(sok,$muser,0) or die "0"; 
sleep(2); 
recv(sok,$msg,1024,0) or die "0"; 
$msg=''; 
$rpass="RCPT TO: nonexistantuser\n"; 
send(sok,$rpass,0) or die "0"; 
sleep(4); 
recv(sok,$msg,1024,0) or die "0"; 
if(index($msg,"ok") >= 0) { 
 exit; 
} 
print "it worked! 1";

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

AniphaeS's profile picture
@AniphaeS
14 Nov 2024
Thank you :) I can see you have rotated my pictures :)
Francesco's profile picture
Francesco Arca (@Francesco)
14 Nov 2024
Congratulations :)
guest's profile picture
@guest
12 Nov 2024
It is very remarkable that the period of Atlantis’s destruction, which occurred due to earthquakes and cataclysms, coincides with what is co ...
guest's profile picture
@guest
12 Nov 2024
Plato learned the legend through his older cousin named Critias, who, in turn, had acquired information about the mythical lost continent fr ...
guest's profile picture
@guest
10 Nov 2024
الاسم : جابر حسين الناصح - السن :٤٢سنه - الموقف من التجنيد : ادي الخدمه - خبره عشرين سنه منهم عشر سنوات في كبرى الشركات بالسعوديه وعشر سنوات ...
lostcivilizations's profile picture
Lost Civilizations (@lostcivilizations)
6 Nov 2024
Thank you! I've corrected the date in the article. However, some websites list January 1980 as the date of death.
guest's profile picture
@guest
5 Nov 2024
Crespi died i april 1982, not january 1980.
guest's profile picture
@guest
4 Nov 2024
In 1955, the explorer Thor Heyerdahl managed to erect a Moai in eighteen days, with the help of twelve natives and using only logs and stone ...
guest's profile picture
@guest
4 Nov 2024
For what unknown reason did our distant ancestors dot much of the surface of the then-known lands with those large stones? Why are such cons ...
guest's profile picture
@guest
4 Nov 2024
The real pyramid mania exploded in 1830. A certain John Taylor, who had never visited them but relied on some measurements made by Colonel H ...
a Francesco Arca production 2016 - 2024
Terms of Service - Privacy Policy
neperos on mastodon
Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT