Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/perl
- #@kaiux
- use Digest::MD5 qw(md5);
- use LWP::UserAgent;
- use URI;
- $max_length = 6;
- @collection = ('x','y','z','1','2','3');
- # digest
- # https://en.wikipedia.org/wiki/Digest_access_authentication
- # http://www.sitepoint.com/understanding-http-digest-access-authentication/
- # http://perldoc.perl.org/Digest/MD5.html
- =comment damn you perl :P
- Authorization: Digest username="webadmin", realm="Pentester-Academy",
- nonce="X95LDujmBAA=9c8ec8a0aeee0ddf7f24a5a75c57d0f90245d0f5", uri="/",
- algorithm=MD5, response="0fd7c603fdf61e89bfc9c95fb73e343a", qop=auth,
- nc=00000001, cnonce="89b024ea3adb54ec"
- =cut
- ### got from the pcap file
- my $single_response = "0fd7c603fdf61e89bfc9c95fb73e343a";
- my $username = "webadmin";
- my $realm = "Pentester-Academy";
- my $nonce="X95LDujmBAA=9c8ec8a0aeee0ddf7f24a5a75c57d0f90245d0f5";
- my $nc="00000001";
- my $cnonce="89b024ea3adb54ec";
- my $qop="auth";
- sub get_a1_digest {
- my $password = $_[0];
- my $dig_handler = Digest::MD5->new;
- my $a1_data = "$username:$realm:$password";
- $dig_handler->add($a1_data);
- my $a1_digest = $dig_handler->hexdigest;
- return $a1_digest;
- }
- sub get_a2_digest {
- my $dig_handler = Digest::MD5->new;
- my $a2_data = "GET:/";
- $dig_handler->add($a2_data);
- my $a2_digest = $dig_handler->hexdigest;
- return $a2_digest;
- }
- sub get_md5_response {
- my $a1 = $_[0];
- my $a2 = $_[1];
- my $response_data = "$a1:$nonce:$nc:$cnonce:$qop:$a2";
- my $dig_handler = Digest::MD5->new;
- $dig_handler->add($response_data);
- my $response = $dig_handler->hexdigest;
- return $response;
- }
- sub run_http_request {
- my $password = $_[0];
- my $url=qw(http://pentesteracademylab.appspot.com/lab/webapp/digest3/1);
- my $u = URI->new($url);
- my $ua = LWP::UserAgent->new(keep_alive => 1);
- $u->query_form(
- 'username' => $username,
- 'password' => $password,
- );
- #runing request
- my $response = $ua->get($u);
- my $output = $response->decoded_content;
- if ($output =~ "cracked") {
- print "Hell Yeah!!! \n";
- print "user: $username, pass $password \n";
- return 1; #1 - TRUE :p
- }
- return 0;
- }
- #http://sness.blogspot.com.br/2008/04/permutations-with-repetition.html
- generate('');
- sub generate {
- my ($val) = $_[0];
- my ($add) = $_[1];
- $val .= $add;
- my $item;
- if (length($val) > $max_length - 1) {
- my $md5_response = get_md5_response(get_a1_digest($val), get_a2_digest());
- #print $md5_response . "\n";
- if ($md5_response eq $single_response) {
- print "Found it!!- $val - $md5_response - $single_response\n";
- print "Lets try to authenticate \n";
- if (run_http_request($val)) {
- exit(1);
- }
- }
- } else {
- foreach $item (@collection) {
- generate($val,$item);
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement