#!/usr/local/bin/perl -w open(INFO,"/u/home/rlw6/work/tcp.log") || die("Error opening file: $!, "); $prev = ""; $prev2 = ""; $prev3 = ""; $state = 0; # 1 = ftp, 2 = telnet, 0 = none , 3 = ftp w/ user, 4 = telnet w/ term, 5 = telnet w/ user $src = ""; $dst = ""; $user = ""; $pass = ""; $term = ""; while () { if (/-----/) { $state = 0; $src = ""; $dst = ""; $user = ""; $pass = ""; $term = ""; } elsif (/anonymous/i) { $state = 0; } elsif (/([^ ]*) => ([^ ]*) \[21\]/) { $state = 1; $src = $1; $dst = $2; } elsif ( ($state == 1) && (/.?USER (\S*)/)) { $user = $1; $state = 3; } elsif ( ($state == 3) && (/PASS ([^\n]*)/)) { $pass = $1; $state = 0; # print "FTP:\n * Machine: $dst\n * User: $user\n * Pass: $pass\n"; # $ftp{"$dst $user"} = " * Machine: $dst\n * User: $user\n * Pass:$pass\n"; $ftp{"$dst $user"} = " * Machine: $dst\n * User: $user\n"; } elsif (/(\S*) => (\S*) \[23\]/) { $state = 2; $src = $1; $dst = $2; } elsif ( ($state == 2) && (/\%(.*)/) ) { $state = 4; $term = $1; } elsif ( ( $state == 2) && (/([^!]*)!(\S*)/) ) { $state = 5; $term = $1; $user = $2; } elsif ( ($state == 4) && (/(\S*)/)) { $state = 5; $user = $1; } elsif ( ($state == 5) && (/([^\n]*)/)) { $state = 0; $pass = $1; # print "Telnet:\n * Machine: $dst\n * User: $user\n * Pass: $pass\n"; # $telnet{"$dst $user"} = " * Machine: $dst\n * User: $user\n * Pass: $pass\n"; $telnet{"$dst $user"} = " * Machine: $dst\n * User: $user\n"; } $prev3 = $prev2; $prev2 = $prev; $prev = $_; } $count = 0; foreach $info (keys %ftp) { print "FTP:\n$ftp{$info}"; $count = $count+1; } foreach $info (keys %telnet ) { print "Telnet:\n$telnet{$info}"; $count = $count+1; } print "----- Total: $count passwords\n";