Copy Link
Add to Bookmark
Report
mrps-v01.c
Scans a class a/b/c, list, or single ip for running rpc programs. (In our honest opinion #1)
/*
* [ Mass RPC Program Scanner v.01 ]
* <( IOHO - 2001 )>
*
* quick, simple rpc scanner. scans a class a/b/c, list, single ip for
* running rpc programs. upcoming versions will utilize multiple sockets
* for speed, specific rpc id searching, and small os fingerprinting.
* look for further versions.
*
* thanks: robosok for debugging help
*
* IOHO Zine (http://chickenz.net/og)
* #og at irc.ndrsnet.com
*
* orbflux (orbflux@inorbit.com) 2001
*
*/
#include <stdio.h>
#include <stdlib.h>
#include <signal.h>
#include <string.h>
#include <unistd.h> // optarg
#include <sys/errno.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <rpc/rpc.h>
#include <rpc/pmap_prot.h>
#include <rpc/pmap_clnt.h>
FILE *in;
char infile[7000];
struct {
struct {
char *classa;
char *classb;
char *classc;
int forks;
} modes;
struct {
int class_a;
int class_b;
int class_c;
int listscan;
} data;
} globals;
void set_defaults(); // set the default values
void class_a_scan(); // scan a class A network
void class_b_scan(); // a class b
void class_c_scan(); // and a class c
void list_scan(); // scan a list
void getrpc(char *host); // actually grabs the rpc info and logs it
void usage(char *argzero); // the usage
int numforks = 0; // don't change this. change num of forks in
// set_defaults()
int main(int argc, char *argv[]) {
char opt;
if(argc < 3 || argc > 20 /* LoL */) {
usage(argv[0]);
} else { set_defaults(); }
while ((opt = getopt (argc, argv, "i:a:b:c:l:f:")) != EOF) {
switch(opt) {
case 'i': getrpc(optarg);
break;
case 'a': globals.modes.classa = optarg;
globals.data.class_a = 1;
class_a_scan();
break;
case 'b': globals.modes.classb = optarg;
globals.data.class_b = 1;
class_b_scan();
break;
case 'c': globals.modes.classc = optarg;
globals.data.class_c = 1;
class_c_scan();
break;
case 'l': sprintf(infile, "%s", optarg);
globals.data.listscan = 1;
list_scan();
break;
case 'f':
(char *)globals.modes.forks = optarg;
}
}
}
void set_defaults() {
globals.data.class_a = 0;
globals.data.class_b = 0;
globals.data.class_c = 0;
globals.data.listscan = 0;
globals.modes.forks = 45;
}
void class_a_scan() {
char ip[700];
int p1;
int p2;
int p3;
for(p1 = 0; p1 < 256; p1++) {
for(p2 = 0; p2 < 256; p2++) {
for(p3 = 0; p3 < 255; p3++) {
sprintf(ip, "%s.%d.%d.%d",
globals.modes.classa, p1, p2, p3);
if(!(fork())) {
getrpc(ip);
_exit(0);
}
else {
numforks++;
if(numforks > globals.modes.forks) {
for(numforks; numforks > globals.modes.forks; numforks--) {
wait(NULL);
}
}
}
}
}
}
}
void class_b_scan() {
char ip[700];
int p1;
int p2;
for(p1 = 0; p1 < 256; p1++) {
for(p2 = 0; p2 < 256; p2++) {
sprintf(ip, "%s.%d.%d", globals.modes.classb, p1,
p2);
if(!(fork())) {
getrpc(ip);
_exit(0);
}
else {
numforks++;
if(numforks > globals.modes.forks) {
for(numforks; numforks > globals.modes.forks; numforks--) {
wait(NULL);
}
}
}
}
}
}
void class_c_scan() {
char ip[700];
int p1;
for(p1 = 0; p1 < 256; p1++) {
sprintf(ip, "%s.%d", globals.modes.classc, p1);
if(!(fork())) {
getrpc(ip);
_exit(0);
}
else {
numforks++;
if(numforks > globals.modes.forks) {
for(numforks; numforks > globals.modes.forks; numforks--) {
wait(NULL);
}
}
}
}
}
void list_scan() {
char indata[7000];
if((in = fopen(infile, "r")) == NULL) {
fprintf(stderr, "Error in file read test.\n");
exit(-1);
}
while(!feof(in)) {
fscanf(in, "%s\n", indata);
if(!(fork())) {
getrpc(indata);
_exit(0);
}
else {
numforks++;
if(numforks > globals.modes.forks) {
for(numforks; numforks > globals.modes.forks; numforks--) {
wait(NULL);
}
}
}
}
}
void getrpc(char *host) {
char temp[7000];
char temp2[7000];
struct sockaddr_in sock;
struct pmaplist *list;
struct pmaplist *member;
struct rpcent *entry;
long rpc = 0;
sock.sin_family = AF_INET;
sock.sin_port = htons(PMAPPORT);
sock.sin_addr.s_addr = inet_addr(host);
bzero(&(sock.sin_zero), 8);
alarm(4); // LoL
if((list = pmap_getmaps(&sock)) == NULL) { exit(0); }
fprintf(stdout, "%s -", host);
fflush(stdout);
for(member = list; member; member = member->pml_next) {
if(rpc != member->pml_map.pm_prog) {
if((entry = getrpcbynumber(member->pml_map.pm_prog)) !=NULL) {
fprintf(stdout, " %s : ", entry->r_name);
fflush(stdout);
}
}
rpc = member->pml_map.pm_prog;
}
fprintf(stdout, "\n");
fflush(stdout);
}
void usage(char *argzero) {
printf ("mrps-v01.c by orbflux (orbflux@inorbit.com)\n"
"#og at irc.ndrsnet.com : IOHO (chickenz.net/og)\n\n"
"usage: %s [options]\n"
"__options:\n"
"\t-i <ip>\t\t-single ip\n"
"\t-a <class>\t-scan a class a network (216)\n"
"\t-b <class>\t-scan a class b network (216.0)\n"
"\t-c <class>\t-scan a class c network (216.0.0)\n"
"\t-l <listfile>\t-scan a list of IPS\n"
"\t-f <forks>\t-specify the number of forks to use\n"
"\n", argzero);
exit(0);
}
