Code
#!/usr/bin/perl
use IO::Socket;
##################################################
# Radmin with empty password scanner
#
# usage: ./scan.pl 213.59.*.*
# thanx to Forb
# Coded by Satyr (satyr@cyberlords.net) from Cyber Lords Community [www.cyberlords.net]
#####################################################################################
$|++;
use IO::Socket; ## Юзаем сокеты
$pids=10; ## Count of threads
$port = 4899; ## Default port
$tout = 5; ## Default timeout
$log = 'scan.log'; ## Default logfile
$once=0;
$fatal=0;
if (@ARGV[0]=~/((.*)\.(.*)\.(.*)\.(.*))/) {
$netmask = $1;
$n1 = $2;
$n2 = $3;
$n3 = $4;
$n4 = $5;
}
quit("Incorrect port") if ($port=~/\D/);
quit("No hostmask given") unless $netmask;
check();
while(1) {
@ips=@ipz[$once..$once+$pids];
for ($i=0;$i<=$pids;$i++) {
unless($ips[$i]) {
killpidz();
exit print "Scan is complete\n";
}
if ($pid=fork()) {
push(@forked,$pid);
} else {
$res=check_radmin($ips[$i],$port);
logg($ips[$i],$res) if ($res ne 0);
exit;
}
}
$once+=$pids;
killpidz();
}
sub check {
for ($i=0;$i<=254;$i++) {
$ipi = $i;
if ($n2 ne '*') { $i = 254,$ipi = $n2 }
for ($j=0;$j<=254;$j++) {
$ipj = $j;
if ($n3 ne '*') { $j = 254,$ipj = $n3 }
for ($k=1;$k<=254;$k++) {
$ipk = $k;
if ($n4 ne '*') { $k = 254,$ipi = $n2 }
my($ipaddr) = "$n1\.$ipi\.$ipj\.$ipk";
chomp($ipaddr);
push(@ipz,$ipaddr);
}
}
}
}
sub quit {
my($reason)=@_;
print "$reason\n" if $reason;
exit;
}
sub logg {
my($ip,$ans)=@_;
open(LOGG,">>$log");
$str="NULL PASS!!!" if $ans eq 1;
$str="need pass." if $ans eq 2;
print LOGG "$ip:$port : $str\n";
close(LOGG);
}
sub killpidz {
foreach (@forked) {
chomp;
waitpid($_,0);
kill("TERM" => $_)
}
undef @forked;
}
sub check_radmin{
($host,$port)=@_;
$sock=IO::Socket::INET->new(PeerAddr => $host, PeerPort => $port, Photo => "tcp");
if($sock)
{
$sock->send("\x01\x00\x00\x00\x01\x00\x00\x00\x08\x08");
$sock->recv($data,1024);
close($sock);
@marks=split(//,$data);
foreach(@marks){
$string.=unpack('H8', $_);
}
if($string=~/a080/g){
return 1;
}
else{
return 2;
}
}else { return 0;}
}
