www.pudn.com > telnetdcheck.zip > telnetdcheck.pl
#!/usr/bin/perl
########################################################
# telnet daemon check [November 9, 1998]
#
# http://www.cotse.com for the latest exploits,
# tools and documents!
#
# *Most of this code ripped directly from ftpcheck.pl
# *by David Weekly
#
# Thanks to Shane Kerr for cleaning up the process code!
#
# This code is under the GPL. Use it freely. Enjoy.
# Debug. Enhance. Email me the patches!
########################################################
use Socket;
use Net::Telnet ();
# timeouts in seconds for creating a socket and connecting
my $MAX_SOCKET_TIME = 2;
my $MAX_CONNECT_TIME = 3;
my $HELP=qq{Usage: telnetdcheck [-h | --help] [-p processes] [-d | --debug] host\n};
my @hosts;
# how many simultaneous processes are we allowed to use?
my $MAX_PROCESSES=10;
my $DEBUG=0;
while($_=shift){
if(/^--(.*)/){
$_=$1;
if(/help/){
print $HELP;
exit(0);
}
if(/debug/){
$DEBUG=1;
}
}
elsif(/^-(.*)/){
$_=$1;
if(/^h/ or /^\?/){
print $HELP;
exit(0);
}
if(/^p/){
$MAX_PROCESSES=shift;
}
if(/^d/){
$DEBUG=1;
}
}else{
push @hosts,$_;
}
}
if(!$hosts[0]){
print $HELP;
exit(-1);
}
my $host;
$|=1;
print "\n\nTelnetd check by Ken Williams, Packet Storm Security.\n";
print " http:\/\/www.Genocide2600.com\/\~tattooman\/index.shtml\n\n";
# go through all of the hosts, replacing subnets with all contained IPs.
for $host (@hosts){
$_=shift(@hosts);
# scan a class C
if(/^([^.]+)\.([^.]+)\.([^.]+)$/){
my $i;
print "Expanding class C $_\n" if($DEBUG);
for($i=1;$i<255;$i++){
my $thost="$_.$i";
push @hosts,$thost;
}
}
else{
push @hosts,$_;
}
}
my @pids;
my $npids=0;
for $host (@hosts){
my $pid;
$pid=fork();
if($pid>0){
$npids++;
if($npids>=$MAX_PROCESSES){
for(1..($MAX_PROCESSES)){
$wait_ret=wait();
if($wait_ret>0){
$npids--;
}
}
}
next;
}elsif(undef $pid){
print "fork error\n" if ($DEBUG);
exit(0);
}else{
my($proto,$port,$sin,$ip);
print "Trying $host\n" if ($DEBUG);
$0="(checking $host)";
# kill thread on timeout
local $SIG{'ALRM'} = sub { exit(0); };
alarm $MAX_SOCKET_TIME;
$proto=getprotobyname('tcp');
$port=23;
$ip=inet_aton($host);
if(!$ip){
print "couldn't find host $host\n" if($DEBUG);
exit(0);
}
$sin=sockaddr_in($port,$ip);
socket(Sock, PF_INET, SOCK_STREAM, $proto);
alarm $MAX_CONNECT_TIME;
if(!connect(Sock,$sin)){
exit(0);
}
my $iaddr=(unpack_sockaddr_in(getpeername(Sock)))[1];
close(Sock);
# SOMETHING is listening on the telnet daemon?
print "listen $host!\n" if($DEBUG);
alarm 0;
$hostname=gethostbyaddr($iaddr,AF_INET);
# create new telnet connection w/10 second timeout
$telnet = new Net::Telnet (Timeout => 10, Prompt => '/bash\$ $/');
if(!$telnet){
print " <$host ($hostname) denied you>\n" if($DEBUG);
exit(0);
}
if(!$telnet->login("anonymous","just-checking")){
print " Telnet Daemon on $host [$hostname]\n";
exit(0);
}
print "Telnet Daemon on $host [$hostname]\n";
$telnet->quit;
exit(0);
}
}
print "done spawning, $npids children remain\n" if($DEBUG);
# wait for my children
for(1..$npids){
my $wt=wait();
if($wt==-1){
print "hey $!\n" if($DEBUG);
redo;
}
}
print "\nDone\n\n";