Codebase list cisco-torch / master include / Telnet-SSH-brute.pm
master

Tree @master (Download .tar.gz)

Telnet-SSH-brute.pm @masterraw · history · blame 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
#Telnet user leak check

sub telnet_leak_user
{
	my	$ret = 0;

	log_print( "Checking for telnet without a username \n", "h" );
	log_print( "----------------\n", "h" );
	my $sock = new IO::Socket::INET(
									 PeerAddr => $target,
									 PeerPort => 23,
									 Proto    => 'tcp',
									 Timeout  => '5'
	);
	if ( !$sock )
	{
		log_print( "No telnet\n\n", "i" );
	}
	while ($sock)
	{
		sleep(5);
		$cnt = sysread( $sock, $buff, 10000 );
		if ( !$cnt )
		{
			log_print( "I died\n\n", "i" );
			last;
		}
		if ( $buff =~ /Password:/ )
		{
			log_print( "Found password only telnet login ", "c" );
			$ret = 1;
		}
		close($sock);
		last;
	}

	return $ret;
}


sub pwdbforce
{
open(PASSFILE, "<$passfile") || die " Cannot open the password file $passfile: $!\n";
        chomp(@password = <PASSFILE>);
close(PASSFILE);

	foreach $pass (@password)
	{
                my $sock = new IO::Socket::INET(
                                                                                 PeerAddr => $target,
                                                                                 PeerPort => 23,
                                                                                 Proto    => 'tcp',
                                                                                 Timeout  => '5'
                  );
                if ( !$sock )
                {
                        log_print( "No telnet\n", "i" );
                        return;
                }
               
                while ($sock)
                {
                        sleep(3);
                        sysread( $sock, $buff, 1000 ) || last;
			if (! ( $buff =~ /Password:/ ) )
			{
				log_print( "Unexpected prompt\n", "c" );
				close ($sock);
				last;
			}
			syswrite( $sock, $pass."\n" ) || last;
			sysread( $sock, $buff, 1000 ) || last;
			close ($sock);
			if ( $buff =~ /[#>]/ )
			{
                                log_print("*** Found valid password : $pass\n", "c");
                                return;
			}
		}
	}
}


# SSH/Telnet default passwd check 

sub bruteforce
{
my $use_ssh = shift;
my $user, $pass, @users, @password;

open(PASSFILE, "<$passfile") || die " Cannot open the password file $passfile: $!\n";
        chomp(@password = <PASSFILE>);
close(PASSFILE);
open(USERSFILE, "<$usersfile") || die " Cannot open the password file $passfile: $!\n";
        chomp(@users = <USERSFILE>);
close(PASSFILE);

	foreach $user (@users) 
	{
		foreach $pass (@password)
		{
			print "Tryng $user:$pass\n";
			my $conn =  $use_ssh ? Net::SSH::Perl->new($host) 
					     : Net::Telnet->new("Host" => $host, "Timeout" => 5, "Prompt" => "/[#>]/" );
               		
			eval {
			 $conn->login($user, $pass);
        		 $conn->cmd("cmd");
        		};
			$conn->close() unless $use_ssh;
			if (!$@)
			{
                                log_print("*** Found valid login/password pair : $user / $pass\n", "c");
                                return;
			}
		}
	}



}


 1;