Simple TCP banner grabber in C

Hello folks, Its been a great week. I got the book called Expert C Programming – Deep C Secrets, by Peter van der Linden. I read about 100 pages in a couple of days, and I had never gained so much confidence reading any other book. Many concepts got sharper, doubts cleared and confidence boasted. A must read book if you know some C and want to understand the nuts and bolts of it.

In the same wave, I decided to write a small utility with sockets later today. It went great. Lots of coding, googling (I just can’t code without Google, maybe a sign of newbie) and debuging. Finally I ended up having a program that was partially correct. It works, but it doesn’t. It actually does more than what is told, and I couldn’t find out why. Still, I am posting it here, for those interested. Please correct it, as I didn’t really get what is wrong with it. Looks like some of the array locations are interpreted as ports, in the ‘ports’ array.

usage example: ./scanner 192.168.1.2 22,80,443

 root@kali:~/Desktop/C/socket# ./client 192.168.1.10 22,80

[+]Testing port: 22
[*]SSH-2.0-OpenSSH_6.0p1 Debian-4

[+]Testing port: 80
[*]<!DOCTYPE HTML PUBLIC “-//IETF//DTD H

TML 2.0//EN”>
<html><head>
<title>501 Method Not Implemented</title>
</head><body>
<h1>Method Not Implemented</h1>
<p>garbage to /index.html not supported.<br />
</p>
<hr>
<address>Apache/2.2.22 (Debian) Server at 127.0.1.1 Port 80</address>
</body></html>

[+]Testing port: 4195840
[-]Error Connecting to port

[+]Testing port: 0
[-]Error Connecting to port

[+]Testing port: 1476291006
[-]Error Connecting to port

[+]Testing port: 32767
[-]Error Connecting to port

I am not sure what that is, the part after the actual banner I mean. I will update this article as soon I get things sorted. Here is the code, if anyone wants to have a look.

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>

void scanner(int port, char host[]);

int main(int argc, char **argv) {
char host[100];
char *p;
int ports[10];
int i = 0;
int var;
char tok[] = " ,";

if (argc < 2) {
fprintf(stderr,"[+]usage: %s <hostname> <port,port,port...>n", argv[0]);
exit(0);
}

p = strtok(argv[2], tok);
strcpy(host, argv[1]);
while(p != NULL) {
sscanf(p, "%d", &var);
ports[i++] = var;
p = strtok(NULL, tok);
}

for(i=0; i<(sizeof(ports)/sizeof(ports[0])); i++) {
fprintf(stdout, "n[+]Testing port: %dn", ports[i]);
scanner(ports[i], host);
}
return 0;
}

void scanner(int port, char host[]) {

int sock, n;
struct hostent *server;
struct sockaddr_in serv_addr;

char buffer[4096];

server = gethostbyname(host);

sock = socket(AF_INET, SOCK_STREAM, 0);
/* Edit the params of socket to scan UDP ports,
* should be pretty straight forward I suppose.
*/

if(sock < 0) {
fprintf(stderr, "[-]Error creating socket");
return;
}

bzero((char *) &serv_addr, sizeof(serv_addr));
serv_addr.sin_family = AF_INET;
// AF_UNIX for Unix style socket

bcopy((char *)server->h_addr, (char *)&serv_addr.sin_addr.s_addr, server->h_length);
serv_addr.sin_port = htons(port);

n = connect(sock, (struct sockaddr *)&serv_addr, sizeof(serv_addr));
sleep(2);
if(n < 0) {
fprintf(stderr, "[-]Error Connecting to portn");
return;
}

memset(buffer, 0, sizeof(buffer));
strcpy(buffer, "garbagern");

n = write(sock, buffer, strlen(buffer));
if(n < 0) {
fprintf(stderr, "[-]Error writing (Port closed maybe?!)n");
return;
}

bzero(buffer, 4096);
n = read(sock, buffer, 4096);
if(n < 0) {
fprintf(stderr, "[-]Error reading (Port closed maybe?!)n");
return;
}

fprintf(stdout,"[*]%sn", buffer);
close(sock);

}