cracker.pl The real credit goes to the programmer of QUESO and to ADM for exploiting rpc.mountd. Comments/suggestions may be emailed to ryan@phorce.net. Flames may be directed towards /dev/null. ### How to use ### If you want to just let it do its own thing, just simply type ./cracker.pl & for example: ./cracker.pl A & Will constantly scan random class A's for as long as the box stays up. If you want to scan a specified subnet, simply type ./cracker.pl -s It will prompt you for pscan syntax, the pscan syntax is ./pscan [class b] [class c] For example, if you wanted to scan all of 206.10.*.* you would type "206 111 10" at the prompt, always scan for port 111. If have problems running this, please run with -b (verbose) and email a log to ryan@phorce.net, thanks! #### What does this do? - Random generates class A,B,C (your choice), portscans for 111, does queso os check for linux, and attempts to exploit it.. the ADMmountd has been modded to add a user moof to the password file with no pw and uid/gid 0. What is the purpose of this? - To mass crack mass quanities of shells. Why do it in lame perl? - I am interested in improving my perl skills, and I'm not quite fluent enough in C (socket/unix wise) to make the port. -- Concepts/Ideas -- I hope to make other programs off the concept of this one, possibly using statd, imapd, irix no password logins, etc. I feel I could accomplish what mscan does, but actually exploiting it. I do know the potential of this program, I know that people could simply hack hundreds of shells in a period of a few days, and install the script on each box they hack, which would result in mass exploitation of every linux box on the internet. But then again, I'm sure clones of this program aleady exist out there. Once again, I would like to stress how the real credit goes out to the actual programmers of queso and to ADM who exploited rpc.mountd. This is merely a interface to the two programs. I kid you not, this entire program start to finish took me 1 hour. I guess theres nothing else to do, because meta is packeting me and I cant IRC. 09:17:03.315184 10.88.110.159.22521 > blah.the-bridge.net.27014: S 950224721:950224721(0) win 65535 09:17:03.316578 135.125.26.7.53809 > blah.the-bridge.net.27020: S 1500374435:1500374435(0) win 65535 Hi meta! synfloods are neet. shouts go out to DrUnix, Drago, jedi, tnt/p. Also shouts to Volatile, a person I dont know but I'm using his pscan in this package without his permission. (which I think is semi-private) -ryan