In the same wave, I decided to write a small utility with sockets later today. It went great. Lots of coding, googling (I just can’t code without Google, maybe a sign of newbie) and debuging. Finally I ended up having a program that was partially correct. It works, but it doesn’t. It actually does more than what is told, and I couldn’t find out why. Still, I am posting it here, for those interested. Please correct it, as I didn’t really get what is wrong with it. Looks like some of the array locations are interpreted as ports, in the ‘ports’ array.
usage example: ./scanner 192.168.1.2 22,80,443
root@kali:~/Desktop/C/socket# ./client 192.168.1.10 22,80
[+]Testing port: 22
[*]SSH-2.0-OpenSSH_6.0p1 Debian-4[+]Testing port: 80
[*]<!DOCTYPE HTML PUBLIC “-//IETF//DTD H
TML 2.0//EN”>
<html><head>
<title>501 Method Not Implemented</title>
</head><body>
<h1>Method Not Implemented</h1>
<p>garbage to /index.html not supported.<br />
</p>
<hr>
<address>Apache/2.2.22 (Debian) Server at 127.0.1.1 Port 80</address>
</body></html>[+]Testing port: 4195840
[-]Error Connecting to port[+]Testing port: 0
[-]Error Connecting to port[+]Testing port: 1476291006
[-]Error Connecting to port[+]Testing port: 32767
[-]Error Connecting to port
I am not sure what that is, the part after the actual banner I mean. I will update this article as soon I get things sorted. Here is the code, if anyone wants to have a look.
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
void scanner(int port, char host[]);
int main(int argc, char **argv) {
char host[100];
char *p;
int ports[10];
int i = 0;
int var;
char tok[] = " ,";
if (argc < 2) {
fprintf(stderr,"[+]usage: %s <hostname> <port,port,port...>n", argv[0]);
exit(0);
}
p = strtok(argv[2], tok);
strcpy(host, argv[1]);
while(p != NULL) {
sscanf(p, "%d", &var);
ports[i++] = var;
p = strtok(NULL, tok);
}
for(i=0; i<(sizeof(ports)/sizeof(ports[0])); i++) {
fprintf(stdout, "n[+]Testing port: %dn", ports[i]);
scanner(ports[i], host);
}
return 0;
}
void scanner(int port, char host[]) {
int sock, n;
struct hostent *server;
struct sockaddr_in serv_addr;
char buffer[4096];
server = gethostbyname(host);
sock = socket(AF_INET, SOCK_STREAM, 0);
/* Edit the params of socket to scan UDP ports,
* should be pretty straight forward I suppose.
*/
if(sock < 0) {
fprintf(stderr, "[-]Error creating socket");
return;
}
bzero((char *) &serv_addr, sizeof(serv_addr));
serv_addr.sin_family = AF_INET;
// AF_UNIX for Unix style socket
bcopy((char *)server->h_addr, (char *)&serv_addr.sin_addr.s_addr, server->h_length);
serv_addr.sin_port = htons(port);
n = connect(sock, (struct sockaddr *)&serv_addr, sizeof(serv_addr));
sleep(2);
if(n < 0) {
fprintf(stderr, "[-]Error Connecting to portn");
return;
}
memset(buffer, 0, sizeof(buffer));
strcpy(buffer, "garbagern");
n = write(sock, buffer, strlen(buffer));
if(n < 0) {
fprintf(stderr, "[-]Error writing (Port closed maybe?!)n");
return;
}
bzero(buffer, 4096);
n = read(sock, buffer, 4096);
if(n < 0) {
fprintf(stderr, "[-]Error reading (Port closed maybe?!)n");
return;
}
fprintf(stdout,"[*]%sn", buffer);
close(sock);
}