Dameware scanner - HeapOverflow Computer Security Community & Forums : Heap Overflow.com

HeapOverflow Computer Security Community & Forums : Heap Overflow.com

		HeapOverflow Computer Security Community & Forums : Heap Overflow.com > Computer Security: Discussions > Exploits > Public
Dameware scanner

Mark Forums Read

Notices

Welcome to you visitor! This community is mainly dedicated to the computer and security, if you're looking for DFind scanner or others exploits codes you will find them into the Projects section, feel free to start Blogging and remember to always keep an eye and start talking about security Advisories & public Exploits.

Public Proof-of-concept codes made publics everydays, feel free to discuss about

Dameware scanner

This is a discussion on "Dameware scanner" within the Public part of the Exploits section; Code: /* * Dameware Scannner with OS Detection * * wuzzlerer@web.de * * gunknown@oleco.net * * * usage: dwscanner.exe <startip> <endip> <threads> * the maximum number of threads is 1000 * * * credits to Adik netmaniac@hotmail.KG * for his OS ...

Reply

#1 (permalink)

Old

16-09-05

touk

Guest

Posts: n/a

Default

Dameware scanner

Code:

/* 
*  Dameware Scannner with OS Detection 
* 
*   wuzzlerer@web.de 
* 
*     gunknown@oleco.net 
* 
* 
*  usage: dwscanner.exe <startip> <endip> <threads> 
*  the maximum number of threads is 1000 
* 
* 
*              credits to Adik netmaniac@hotmail.KG 
*   for his OS Detection Code 
* 
* 
*                                                    September '05 
*/ 

#include <string.h> 
#include <iostream.h> 
#include <sstream> 
#include <fstream.h> 
#include <ctime> 
#include <winsock2.h> 

using namespace std; 

#define WIN2K 0 
#define WINXP 1 
#define WIN2K3 2 
#define WINNT 3 
#define UNKNOWN 4 

unsigned char buff[40] = { // OS Detection 
"\x30\x11\x00\x00\x00\x00\x00\x00\xC3\xF5\x28\x5C\x  8F\xC2\x0D\x40" 
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x  00\x00\x00\x00" 
"\x00\x00\x00\x00\x01\x00\x00\x00" 
}; 

ofstream output("results.txt", ios::out | ios::app); 
string next; 
string endip; 
int ende = 0; 

int check(string host); 
DWORD WINAPI ThreadFunc( LPVOID lpParam ); 
string nextip(std::string); 


int main (int argc, char* argv[]) 
{ 

DWORD dwThreadId; 
DWORD dwThrdParam; 
HANDLE hThread[1000]; 

WSADATA wsa; 
WSAStartup(MAKEWORD(2,0), &wsa); 

// get local time 
struct tm *zeit; 
time_t sec; 
time(&sec); 
zeit = localtime(&sec); 

    // header 
    cout << endl << " # DameWare Scanner" << endl; 
    cout << " # Coded in cooperation of gunknown and wuzzler" << endl << " #" << endl; 
    cout << " # Contact us for any feedback [gunknown@oleco.net]  [wuzzlerer@web.de]" << endl << endl; 


    if(argc != 4){ 
       cout << " usage: dwscanner <startip> <endip> <threads>" << endl << endl; 
       return 0;} 

    if(atoi(argv[3]) > 1000){ 
    argv[3] = "1000"; 
    cout << " Only 1000 threads are allowed!" << endl << endl;} 

    next = argv[1]; 
    endip = argv[2]; 

    output << "Started at " << zeit->tm_mday << "." <<(zeit->tm_mon + 1) << "." << (1900+zeit->tm_year) << "  " << zeit->tm_hour << ":" 
         << zeit->tm_min << endl << "command: dwscanner " << argv[1] << " " << argv[2] << " " << argv[3] << endl << endl; 
    cout << " Scanning ..." << endl << endl; 

  // create threads 
  for (int i = 0; i < atoi(argv[3]); i++) 
    { 
        if(ende == 1){break;} 
        dwThrdParam=i; 
        hThread[i] = CreateThread(NULL, 0,ThreadFunc,&dwThrdParam, 0, &dwThreadId); 
       if (hThread == NULL) { 
          printf("CreateThread failed." ); 
          getchar();} 
       else { 
         Sleep(1000);} 
    } 

// wait until threads ends 
while(ende != 1){Sleep(10);} 

output << endl << "Done." << endl << endl << endl; 
cout << endl << " Done." << endl << endl; 

WSACleanup(); 
return 0; 
} 



DWORD WINAPI ThreadFunc( LPVOID lpParam ) 
{ 

while(inet_addr(next.c_str()) != inet_addr(endip.c_str())) 
{ 
  string ip = next; 
  next = nextip(next); 

switch ( check(ip) ) 
{ 
case WIN2K: 
 cout << " Found DameWare Server (Windows 2000) " << ip << endl; 
                      output << "Found DameWare Server (Windows 2000) " << ip << endl; 
 break; 
case WINXP: 
 cout << " Found DameWare Server (Windows XP) " << ip << endl; 
                      output << "Found DameWare Server (Windows XP) " << ip << endl; 
 break; 
case WIN2K3: 
 cout << " Found DameWare Server (Windows 2003) " << ip << endl; 
                      output << "Found DameWare Server (Windows 2003) " << ip << endl; 
 break; 
case WINNT: 
 cout << " Found DameWare Server (Windows NT) " << ip << endl; 
                      output << "Found DameWare Server (Windows NT) " << ip << endl; 
 break; 
case UNKNOWN: 
 break; 
} 

} 
ende = 1; 
return 0; 
} 


string nextip(string ip) 
{ 

 // fourth block 
 string buf = ip; 
 string fourthblock = buf; 
 int p = fourthblock.rfind("."); 
 fourthblock.erase(0, (p+1)); 
 int fourth = atoi(fourthblock.c_str()); 

 // third block 
 buf.erase(p); 
 string thirdblock = buf; 
 p = thirdblock.rfind("."); 
 thirdblock.erase(0, (p+1)); 
 int third = atoi(thirdblock.c_str()); 

 // second block 
 buf.erase(p); 
 string secondblock = buf; 
 p = secondblock.rfind("."); 
 secondblock.erase(0, (p+1)); 
 int second = atoi(secondblock.c_str()); 

 // first block 
 string firstblock = buf.erase(p); 
 int first = atoi(firstblock.c_str()); 

 // checks for valid ip 
 if(fourth > 256 || third > 256 || second > 256 || first > 256){ 
 cout << "invalid ip adress" << endl; 
 return 0;} 

 //create next ip 
 if(fourth <= 256) 
  { 
    ++fourth; 
       if(third <= 256 && fourth == 256) 
         { 
           fourth = 0; 
           ++third; 
             if(second <= 256 && third == 256) 
               { 
                 third = 0; 
                 ++second; 
                   if(first <= 256 && second == 256) 
                     { 
                       second = 0; 
                       ++third; 
                     } 
               } 
         } 
  } 

 stringstream build; 
 string newip; 
 build << first << "." << second << "." << third << "." << fourth; 
 build >> newip; 

 return newip; 
} 


int check(string host) 
{ 

int dw_sock; 
struct sockaddr_in dw_addr; 
      char buff1[5000]=""; 

//Set Connection Options 
dw_addr.sin_family = AF_INET; 
dw_addr.sin_addr.s_addr = inet_addr(host.c_str()); 
dw_addr.sin_port = htons (6129); 

//Initialize Socket 
dw_sock = socket(AF_INET, SOCK_STREAM, 0); 

//Connect to Server 
connect(dw_sock,(struct sockaddr *)&dw_addr, sizeof(dw_addr)); 

//Receivce Welcome Msg 
recv(dw_sock, buff1, sizeof(buff1),0); 

//Send OS Detection code by Adik 
send(dw_sock, buff, sizeof(buff),0); 

//Receive OS Code 
recv(dw_sock, buff1, sizeof(buff1),0); 

//Close Socket 
closesocket(dw_sock); 

      //Re-initialize dw_addr 
              ZeroMemory(&dw_addr, sizeof(sockaddr_in)); 

//Filter and Return OS Version 
if(buff1[8]==5) 
 return buff1[12]; 
else if(buff1[8]==4) 
 return WINNT; 
else 
 return UNKNOWN; 
}

Reply With Quote

Sponsor

Advertiser

#2 (permalink)

Old

29-09-05

Fernando093 Fernando093 is offline

Fernando093 is offline

Junior Member

Join Date: Jun 2005

Posts: 5

Thanks: 0

Thanked 0 Times in 0 Posts

Rep Power: 6

Fernando093 is on a distinguished road

Default

it works like a charm m8.

I have tested the scanner with some IPS where I know there is DAMEWAREs running .

--------------------------------------------------------------------------------

Started at 29.9.2005 17:2
command: dwscanner xxx.xxx.197.46 xxx.xxx.197.60 100

Found DameWare Server (Windows 2003) xxx.xxx.197.46
Found DameWare Server (Windows 2000) xxx.xxx.197.59

Done.

--------------------------------------------------------------------------------

GretZ.....

Reply With Quote

#3 (permalink)

Old

06-11-05

silent is offline

Junior Member

Join Date: Nov 2005

Posts: 3

Thanks: 0

Thanked 0 Times in 0 Posts

Rep Power: 5

silent is on a distinguished road

Default

this is very good thx for this

Reply With Quote

#4 (permalink)

Old

08-11-05

mak is offline

Junior Member

Join Date: Oct 2005

Posts: 10

Thanks: 0

Thanked 0 Times in 0 Posts

Rep Power: 7

mak is on a distinguished road

Default

howyou compile it? i'm getting errors wth microsft visual c++, just wonder if is something gone on my system after the blackout

Reply With Quote

#5 (permalink)

Old

23-11-05

Neptune is offline

Junior Member

Join Date: Aug 2005

Posts: 2

Thanks: 0

Thanked 0 Times in 0 Posts

Rep Power: 5

Neptune is on a distinguished road

Default

good work man
however, your scanner works but not always, once it will find the dameware server on a IP and another time it will not find it

Reply With Quote

#6 (permalink)

Old

23-11-05

class101 is offline

Administrator

Join Date: May 2005

Location: France

Age: 27

Posts: 592

Blog Entries: 3

Thanks: 18

Thanked 7 Times in 7 Posts

Rep Power: 10

class101 has disabled reputation

Send a message via MSN to class101

Default

because it's not DFind scanner, hehe joking ;D

__________________
Security community webmaster
100% Free Directory
100% Cool milw0rm javascript

Reply With Quote

#7 (permalink)

Old

08-03-06

Ifcody is offline

Junior Member

Join Date: Mar 2006

Location: France

Posts: 1

Thanks: 0

Thanked 0 Times in 0 Posts

Rep Power: 4

Ifcody is on a distinguished road

Default

Can i compil it on a windows box?(i use devc++)

Sorry for my language of little kid: i'm frenche

ops:

Reply With Quote

#8 (permalink)

Old

14-03-06

Yog-Sotho is offline

Member

Join Date: Jul 2005

Location: Italy

Posts: 62

Thanks: 0

Thanked 0 Times in 0 Posts

Rep Power: 17

Yog-Sotho is on a distinguished road

Default

oui

Oui, bien sur tu peux le "compilè" en Windows.

C'est un programme pour Windows, c'est pas pour Linux.

Regard ici dans le code:

Quote:

#include <string.h>
#include <iostream.h>
#include <sstream>
#include <fstream.h>
#include <ctime>
#include <winsock2.h>

winsock2.h signifie' que c'est seulment pour Windows.

TRANSLATION:

Yes, of course you can compile it under Windows! It's a program designed for Windows, not for Linux flavor.

Have a look:

QUOTE

winsock2.h means that it works under Windows only.

Ciao
Yog-multi-language

Reply With Quote

Sponsor

Advertiser

Reply

Tags
dameware, scanner

« Ubuntu Breezy 5.10 Installer Password Disclosure | IIS 5.0 WebDAV ntdll.dll Overflow Exploit »

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts BB code is On Smilies are On [IMG] code is On HTML code is Off Trackbacks are On Pingbacks are On Refbacks are On

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
CVE-2008-1073 (Internet Scanner)	Heap	Advisories	0	29-02-08 21:40
CVE-2007-6189 (Online Anti-Virus Scanner)	Heap	Advisories	0	01-12-07 14:25
New DameWare Mini Remote Control Client Overflow	mxmxje	Public	12	20-09-05 17:23
scanner perso	fredo	Hacking	9	11-07-05 12:18

heapoverflow.com - SEOmeter SEO tools

Locations of visitors to this page

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72