#!/usr/local/bin/perl
use strict;

use Net::Telnet;
my @one = qw/a A s S/;
my @two = qw/b B c/;
my @three = qw/D e E f F/;
my @four = qw/g h H v/;
my @five = qw/i I 8 * ( 9/;
my @six = qw/j/;
my @seven = qw/k K j/;
my @eight = qw/l L o O 0 9 (/;
my @passarray;
my $host = shift or die "Usage: guess-pass.pl <host|IP address>";
my $logdir = "/tmp/guesspass.$$";
print "Log directory is $logdir\n";

foreach my $pass (@one) {
	foreach my $second (@two) {
		(my $passtwo = $pass) =~ s/$/$second/;
		foreach my $third (@three) {
			(my $passthree = $passtwo) =~ s/$/$third/;
			foreach my $fourth (@four) {
				(my $passfour = $passthree) =~ s/$/$fourth/;
				foreach my $fifth (@five) {
					(my $passfive = $passfour) =~ s/$/$fifth/;
					foreach my $sixth (@six) {
						(my $passsix = $passfive) =~ s/$/$sixth/;
						foreach my $seventh (@seven) {
							(my $passseven = $passsix) =~ s/$/$seventh/;
							foreach my $eighth (@eight) {
								(my $passeight = $passseven) =~ s/$/$eighth/;
								push @passarray, $passeight;
							}
						}
					}
				}
			}
		}
	}
}

my $counter = 0;
mkdir $logdir unless (-d $logdir);
foreach my $possiblepass (@passarray) {
	$counter++;
	print "Trying $possiblepass\n";
	my $t = new Net::Telnet (Timeout => 1,
				 Prompt => '/.*>/',
				 -input_log => "$logdir/attempted.$counter");
	$t->errmode("return");
	$t->open($host);
	$t->waitfor('/assword:/');
	$t->print("$possiblepass");
	my @lines = $t->cmd("echo $possiblepass");
	print @lines;
}