#!/bin/sh

# http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK2669
#
# An analysis done in July 2003 has shown that a total of 276 combinations are attempted
# (of course new ones can have been added in the meanwhile):
#
# Usernames:
# webmaster, admin, root, test, master, web, www, administrator, backup, server, data, abc
#
# each with the following passwords:
# username, username12, username123,
# 1, 111, 123, 1234, 12345, 123456, 1234567, 12345678, 654321, 54321, 00000000, 88888888,
# admin, root, pass, passwd, password, super, !@#$%^&*
# as well as with a blank password.

USERNAMES="administrator webmaster admin test master web www backup server data abc root"

case $# in
2)	IP=$1; NONTLM=1;;
1)	IP=$1; NONTLM=0;;
*)	echo 'authcheck: usage: authcheck IP[:port]' 1>&2
	exit 1;;
esac

echo Checking $IP

if [ -x /usr/bin/getcookie ]; then
	DSBL_COOKIE=`/usr/bin/getcookie`
	export DSBL_COOKIE
	echo "Using batch-mode cookie: $DSBL_COOKIE"
fi

do_relaytest () {
	auth-relaytest -v "$@"
	case $? in
	0)	logger -t auth-relaytest -p local5.info "$4 AUTH $1 USER=$2 PASS=$3"
		echo ""
		echo "-------------------------------------------------------"
		echo "Server accepted message"
		echo "AUTH=$1 USER=$2 PASS=$3 IP=$4"
		echo "-------------------------------------------------------"
		exit 0
		;;
	4)	# Auth accepted but message still rejected
		echo ""
		echo "========================================================"
		echo "Server accepted AUTH but rejected mail"
		echo "AUTH=$1 USER=$2 PASS=$3 IP=$4"
		echo "You may wish to retry this test at a later date"
		echo "if this looks like a temporary condition."
		echo "========================================================"
		exit 4
		;;
	3)	# Timeout
		echo
		echo "========================================================"
		echo 'Test timed out. Try again later perhaps?'
		echo "IP=$IP"
		echo "========================================================"
		exit 3
		;;
	esac
}

TEMPFILE=/tmp/authcheck.$$
trap 'rm -f $TEMPFILE; exit 1' 1 2 15

echo Checking $IP for AUTH NTLM vulnerability
auth-relaytest -v ntlm $IP > $TEMPFILE
case $? in
0)	cat $TEMPFILE
	rm -f $TEMPFILE
	logger -t auth-relaytest -p local5.info "$IP AUTH NTLM (null)"
	echo ""
	echo "-------------------------------------------------------"
	echo "Server accepted message"
	echo "AUTH=ntlm IP=$IP"
	echo "-------------------------------------------------------"
	exit 0
	;;
4)	if [ "$NONTLM" = "0" ]; then
		cat $TEMPFILE
		rm -f $TEMPFILE
		# Auth accepted but message still rejected
		echo ""
		echo "========================================================"
		echo "Server accepted AUTH but rejected mail"
		echo "AUTH=ntlm IP=$IP"
		echo "You may wish to retry this test at a later date"
		echo "if this looks like a temporary condition."
		echo "========================================================"
		exit 4
	fi
	;;
3)	if [ "$NONTLM" = "0" ]; then
		cat $TEMPFILE
		rm -f $TEMPFILE
		echo
		echo "========================================================"
		echo 'Test timed out. Try again later perhaps?'
		echo "Or try authcheck $IP no-ntlm"
		echo "========================================================"
		exit 3
	fi
	;;
esac
cat $TEMPFILE

PREFERRED_AUTH_STYLE=none
if fgrep --silent LOGIN $TEMPFILE; then
	AUTH_LOGIN=1
	PREFERRED_AUTH_STYLE=login
else
	AUTH_LOGIN=0
fi
if fgrep --silent CRAM-MD5 $TEMPFILE; then
	AUTH_CRAM_MD5=1
	PREFERRED_AUTH_STYLE=cram-md5
else
	AUTH_CRAM_MD5=0
fi
rm -f $TEMPFILE

if [ "$PREFERRED_AUTH_STYLE" != "none" ]; then
	echo "Checking $IP for simple vulnerabilities"
	do_relaytest $PREFERRED_AUTH_STYLE /webmaster "" $IP
	do_relaytest $PREFERRED_AUTH_STYLE guest      "" $IP
	echo "Checking $IP for user=password and no password"
	for username in $USERNAMES
	do
		do_relaytest $PREFERRED_AUTH_STYLE $username $username $IP
		sleep 5
		do_relaytest $PREFERRED_AUTH_STYLE $username ""        $IP
		sleep 5
	done
	echo "Checking $IP for other possibilities"
	for username in $USERNAMES
	do
		do_relaytest $PREFERRED_AUTH_STYLE $username ${username}12 $IP
		sleep 5
		do_relaytest $PREFERRED_AUTH_STYLE $username ${username}123 $IP
		sleep 5
		do_relaytest $PREFERRED_AUTH_STYLE $username 1 $IP
		sleep 5
		do_relaytest $PREFERRED_AUTH_STYLE $username 111 $IP
		sleep 5
		do_relaytest $PREFERRED_AUTH_STYLE $username 123 $IP
		sleep 5
		do_relaytest $PREFERRED_AUTH_STYLE $username 1234 $IP
		sleep 5
		do_relaytest $PREFERRED_AUTH_STYLE $username 12345 $IP
		sleep 5
		do_relaytest $PREFERRED_AUTH_STYLE $username 123456 $IP
		sleep 5
		do_relaytest $PREFERRED_AUTH_STYLE $username 1234567 $IP
		sleep 5
		do_relaytest $PREFERRED_AUTH_STYLE $username 12345678 $IP
		sleep 5
		do_relaytest $PREFERRED_AUTH_STYLE $username 654321 $IP
		sleep 5
		do_relaytest $PREFERRED_AUTH_STYLE $username 54321 $IP
		sleep 5
		do_relaytest $PREFERRED_AUTH_STYLE $username 00000000 $IP
		sleep 5
		do_relaytest $PREFERRED_AUTH_STYLE $username 88888888 $IP
		sleep 5
		do_relaytest $PREFERRED_AUTH_STYLE $username admin $IP
		sleep 5
		do_relaytest $PREFERRED_AUTH_STYLE $username root $IP
		sleep 5
		do_relaytest $PREFERRED_AUTH_STYLE $username pass $IP
		sleep 5
		do_relaytest $PREFERRED_AUTH_STYLE $username passwd $IP
		sleep 5
		do_relaytest $PREFERRED_AUTH_STYLE $username password $IP
		sleep 5
		do_relaytest $PREFERRED_AUTH_STYLE $username super $IP
		sleep 5
		do_relaytest $PREFERRED_AUTH_STYLE $username '!@#$%^&*' $IP
		sleep 5
	done
fi
