Enter your search terms Submit search form
What's in the background?

CServiceAttack Documentation

using namespace CServiceAttack;
typedef unsigned int uint;

Public Enumeration Types

service_type

typedef enum {
    SERVICE_NONE = 0,
    SERVICE_POP3,
    SERVICE_FTP,
    SERVICE_GG,
    SERVICE_VNC,
    SERVICE_MYSQL,
    SERVICE_HTTP,
    SERVICE_HTTP_PROXY,
    SERVICE_IMAP,
    SERVICE_TELNET,
    SERVICE_SSH,
    SERVICE_NNTP,
    SERVICE_LDAP
  } service_type;

These are the enum values that must be set in order to select which protocol we are attacking. The names say it all.

PasswdOptions

typedef enum {
    PASSWD_OPTIONS_NONE = 0,
    PASSWD_OPTIONS_NULL = 1,
    PASSWD_OPTIONS_LOGIN = 2,
    PASSWD_OPTIONS_LOGIN_REV = 4
} PasswdOptions;

These are the values that need to be set to tell CServiceAttack to check for NULL passwords (PASSWD_OPTIONS_NULL), passwords same as the user name (PASSWD_OPTIONS_LOGIN) and passwords same as the reversed user name (PASSWD_OPTIONS_LOGIN_REV). They can all be set at once, just use the | operator.

example:

    target_host.passwd_options = CServiceAttack::PasswdOptions(
        CServiceAttack::PASSWD_OPTIONS_NULL |
        CServiceAttack::PASSWD_OPTIONS_LOGIN);

MessageLevel

typedef enum {
    MSG_NONE = 0,
    MSG_BASIC,
    MSG_WARNING,
    MSG_ERROR,
    MSG_VERBOSE,
    MSG_DEBUG,
    MSG_ALL
  } MessageLevel;

These enum values are passed to a function called void set_output_level(MessageLevel level); (there is more detail about it later in this document) to set CServiceAttack's level of verbosity. MSG_NONE means no messages at all, MSG_ALL means... well you guessed it. The default is MSG_BASIC.

Public Const Values

static const int msg_min = MSG_NONE;
static const int msg_max = MSG_ALL;

These are just values that can be used determin the minimum and maximum level of verbosity. It is safest to refer to these values then to MessageLevel, because MessageLevel values and names are subjects to change at any time without notice.

Public Namespace Classes

target_input_data

class target_input_data {
public:
  target_input_data();
  // basic constructor - nothing fancy

  ~target_input_data();
  // the deconstructor will free any memory
  // that the class has allocated

  service_type type;
  // what type of service are we attacking
  // must be set to one of the enum values
  // described above
  // default SERVICE_NONE

  const char *user;
  // the user name of the account to attack
  // the deconstructor will call
  // delete [] on this pointer if it's value
  // doesn't equal NULL
  // so you can either allocate new memory and
  // place the user name in the newly created
  // buffer or set this member to NULL once you
  // have called add_target();
  // you can find more information about
  // add_target() later in this document

  PasswdOptions passwd_options;
  // This is the member which holds the password
  // options described above
  // default PASSWD_OPTIONS_NONE

  sockaddr_in6 addr;
  // should be filled with the IPv4 address and
  // port of the target server (you must use casting)
  // (IPv6 is just being implemented)

  bool ipv6;
  // set to true if you are using IPv6 (default: false)

  bool ssl;
  // whether to use ssl - default false

  const char *charset;
  // if set brute forcing will be used for the
  // attack and this is the charset that will
  // be used CServiceAttack do generate the
  // passwords it will check
  // the deconstructor will call
  // delete [] on this pointer if it's value
  // doesn't equal NULL
  // so you can either allocate new memory and
  // place the user name in the newly created
  // buffer or set this member to NULL once you
  // have called add_target();
  // you can find more information about
  // add_target() later in this document

  uint min_chars;
  // if charset is set this should be set to the
  // minimum password length to check

  uint max_chars;
  // if charset is set this should be set to the
  // maximum password length to check

  u32 misc_size;
  // length of the data in misc
  // (required only for some protocols)

  char *misc;
  // this is by default 0, but must be set with data
  // in order for http cracking to work
  // optional for http-proxy

  /*
    for service http
     *misc = "[4 bytes : length of request]
    [x byte request (format: (http | https)://servername/remote_path/'\0')]
    [4 bytes : length of remote server name]
    [y byte remote server (format: remote_server'\0')]

    The memory should look like this:
    [4 bytes][x bytes][4 bytes][y bytes]

    misc_size = 4 + x + 4 + y;
  */

  ***notice the slash at the end of the request - this is very important!***

  /*
    for service http-proxy
     *misc = "[4 bytes : length of request]
    [x byte proxy request (format: (http | https)://servername/remote_path/'\0')]
    [4 bytes : length of remote server name]
    [y byte remote server (format: remote_server'\0')]

    The memory should look like this:
    [4 bytes][x bytes][4 bytes][y bytes]

    misc_size = 4 + x + 4 + y;
  */

  ***notice the slash at the end of the proxy request - this is very important!***
};

This the structure that gets passed on to a CServiceAttack object to add a cracking target.

target_output_data

class target_output_data {
public:
  ~target_output_data();
  // only the deconstructor is public
  // you cannot create an object of this class on your
  // own. It will be passed by CServiceAttack to an
  // external function that you set by
  // void set_notice(void (*p)(target_output_data*));
  // when an account is successfully cracked
  // you will find more information about it
  // later in this document

  service_type type;
  // this is the type of service that was cracked

  const char* user;
  // this is the user name that was used

  const char* passwd;
  // this is the password that was matched to the
  //  user's name

  sockaddr_in6 addr;
  // this member holds the address and port of the remote
  // host that we where attacking
  // (you must use casting in order to retrieve an IPv4 addr)
  // (IPv6 is just being implemented)

  bool ipv6;
  // true if the address is IPv6

  bool ssl;
  // whether ssl was used in the attack

  u32 misc_size;
  // length of the data in misc
  // (required only for some protocols)

  char *misc;
  // this is by default 0, but must be set with data
  // in order for http cracking to work
  // optional for http-proxy
  // target_input_data
};

An object of this class will be passed to an external function you set using the void set_notice(void (*p)(target_output_data*)); method. It is your responsibility to delete the object once you are done using it.

Public Functions

CServiceAttack();

Nothing special - just a construtor!

~CServiceAttack();

Same as above - just a deconstructor. It will make a call to void flush();

void add_target(target_input_data &start_options, bool = false);

This method is used to pass target_input_data object to CServiceAttack. The second argument is optional. If true void run_atack(); will be called and futher execution of the current thread will be blocked until the cracking process is finished. Defaults to false.

void run_atack();

After you have set all your targets and passed them to the CServiceAttack object using void add_target(target_input_data &start_options, bool = false); it's time to run the attack. If the object is allready running and attack this function will return immediatelly. Otherwise futher execution of the current thread will be blocked until the cracking process is finished.

void set_output_level(MessageLevel level);

This method is used to set the verbosity level of the CServiceAttack object. Refer to the quick tutorial for details and examples.

MessageLevel get_output_level();

You can use this method to retrieve the current verbosity level. Refer to the quick tutorial for details and examples.

void set_threads(uint n);

Sets the number of threads to use when cracking.

uint get_threads();

Retrieves the number of threads used when cracking.

void set_conn_timeout(long);

Sets the time (in seconds) after which connections shall time out.

long get_conn_timeout();

Retrieves the time (in seconds) after which connections shall time out.

void set_thread_creation_speed(uint);

Sets the time (in microseconds) between creating new threads.

uint get_thread_creation_speed();

Retrieves the time (in microseconds) between creating new threads.

void set_thread_reduction(bool);

If set to true CServiceAttack will not reduce the number of used threads if the connection gets reset by the remoter server or a connection error occours.

void set_conn_errors_max(uint);

Sets the maximum number of connection errors that can occur when attacking a single target. When this max is reached, CServiceAttack will give up the attack. Default: 5.

uint get_conn_errors_max();

Retrieves the maximum number of connection errors that can occur when attacking a single target.

bool get_thread_reduction();

Retrieves whether CServiceAttack will not reduce the number of used threads if the connection gets reset by the remoter server or a connection error occours.

void set_output(void (*p)(const char*));

Sets an external output function to use. If set to NULL no output is generated. Refer to the quick tutorial for details and examples.

void set_passwd_func(const char* (*p)(bool));

Sets an external function that provides CServiceAttack with passwords to check use when cracking. Refer to the quick tutorial for details and examples.

void set_notice(void (*p)(target_output_data*));

Sets an external function that is called when CServiceAttack cracks an account. Refer to the quick tutorial for details and examples.

bool is_working();

Returns true is CServiceAttack is running an attack.

void flush();

Can be used to clear memory and stop the cracking process at any time. Refer to the quick tutorial for details and examples.

void stop_cracking();

Similar to flush(); - this function will stop all attack threads, but will not clear the object's internal memory. This means that cracking can be resumed when needed.

Namespace Functions

static const char *get_next_line(FILE * hFile);

A helper function that will get a next line from any open file descriptor. It will return a pointer to a static buffer inside it, so you should memcpy() the data to your own buffer. Refer to the quick tutorial for details and examples.

static const char* rev_string(const char *p);

This function will reverse the order of letters in a given string.

static sockaddr_in6 *get_host_data(const char *host, uint);

The first argument should be a string containing a host name and the second should be a port number in host byte order. The function returns a pointer to a static sockaddr_in structure filled with the correct values.

Non-Namespace Functions

char *alloc_copy(const char *str);

Given a const char* this function will allocate memory the size of strlen(str) strncpy() *str to the new location, NULL terminate it, and return a pointer to the newly created buffer with the new copy of *str.